Access to resources by users may need to be granted only upon certain conditions and contexts, perhaps particularly in cyber-physical settings. Unfortunately, creating and modifying context-sensitive access control solutions in dynamic environments creates ongoing challenges to manage the authorization contexts. This paper proposes RASA, a context-sensitive access authorization approach and mechanism leveraging unsupervised machine learning to automatically infer risk-based authorization decision boundaries. We explore RASA in a healthcare usage environment, wherein cyber and physical conditions create context-specific risks for protecting private health information. The risk levels are associated with access control decisions recommended by a security policy. A coupling method is introduced to track coexistence of the objects within context using frequency and duration of coexistence, and these are clustered to reveal sets of actions with common risk levels; these are used to create authorization decision boundaries. In addition, we propose a method for assessing the risk level and labelling the clusters with respect to their corresponding risk levels. We evaluate the promise of RASA-generated policies against a heuristic rule-based policy. By employing three different coupling features (frequency-based, duration-based, and combined features), the decisions of the unsupervised method and that of the policy are more than 99% consistent.
翻译:不幸的是,在动态环境中创建和修改对背景敏感的出入控制解决方案,给管理授权环境带来了持续的挑战。本文件提出RASA,一种对背景敏感的出入授权办法和机制,利用不受监督的机器学习自动推断基于风险的授权界限。我们在保健使用环境中探索RASA,其中网络和物理条件为保护私人健康信息造成特定背景风险。风险水平与安全政策建议的出入控制决定有关。采用混合方法,利用共存频率和持续时间跟踪环境内对象共存情况,并集中显示一系列具有共同风险水平的行动;它们用于创建授权决定界限。此外,我们提出一种评估风险水平和将集群贴上相应风险等级标签的方法。我们评估RASA制定的政策与基于超常规则的政策的许诺。我们采用三种不同的组合特征(基于频率、基于期限和组合特征)、未监督方法的决定以及政策的一致性超过99 %。