{"id":"https://openalex.org/W2991141347","doi":"https://doi.org/10.1145/3359789.3359805","title":"Mining least privilege attribute based access control policies","display_name":"Mining least privilege attribute based access control policies","publication_year":2019,"publication_date":"2019-11-22","ids":{"openalex":"https://openalex.org/W2991141347","doi":"https://doi.org/10.1145/3359789.3359805","mag":"2991141347"},"language":"en","primary_location":{"id":"doi:10.1145/3359789.3359805","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359805","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055523017","display_name":"Matthew W. Sanders","orcid":null},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Matthew W Sanders","raw_affiliation_strings":["Colorado School of Mines"],"affiliations":[{"raw_affiliation_string":"Colorado School of Mines","institution_ids":["https://openalex.org/I167576493"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101641878","display_name":"Chuan Yue","orcid":"https://orcid.org/0000-0002-6095-4768"},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chuan Yue","raw_affiliation_strings":["Colorado School of Mines"],"affiliations":[{"raw_affiliation_string":"Colorado School of Mines","institution_ids":["https://openalex.org/I167576493"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5055523017"],"corresponding_institution_ids":["https://openalex.org/I167576493"],"apc_list":null,"apc_paid":null,"fwci":9.5399,"has_fulltext":false,"cited_by_count":52,"citation_normalized_percentile":{"value":0.97679711,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"404","last_page":"416"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9800999760627747,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.7774482369422913},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6455575227737427},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6036747097969055},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5446951985359192}],"concepts":[{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.7774482369422913},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6455575227737427},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6036747097969055},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5446951985359192}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3359789.3359805","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359805","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5600000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2731861321","display_name":null,"funder_award_id":"1936968","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W96823185","https://openalex.org/W1484413656","https://openalex.org/W1574026808","https://openalex.org/W1975960070","https://openalex.org/W2065076704","https://openalex.org/W2085952809","https://openalex.org/W2095881341","https://openalex.org/W2111111494","https://openalex.org/W2115482638","https://openalex.org/W2163328802","https://openalex.org/W2166602595","https://openalex.org/W2378208052","https://openalex.org/W2749040653","https://openalex.org/W2765848208","https://openalex.org/W2793416899","https://openalex.org/W2817857516","https://openalex.org/W2962744771","https://openalex.org/W6628750762"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2374400535","https://openalex.org/W1603110617","https://openalex.org/W2108239983","https://openalex.org/W2892079901","https://openalex.org/W2390279801","https://openalex.org/W2134261832","https://openalex.org/W2358668433","https://openalex.org/W4385764548","https://openalex.org/W2376932109"],"abstract_inverted_index":{"Creating":[0],"effective":[1,92],"access":[2],"control":[3],"policies":[4,71,94,134,150,160,210],"is":[5,86],"a":[6,121,143,153,181,217,232],"significant":[7],"challenge":[8],"to":[9,69,90,125,249],"many":[10],"organizations.":[11],"Over-privilege":[12],"increases":[13],"security":[14],"risk":[15],"from":[16,27,161],"compromised":[17],"credentials,":[18],"insider":[19],"threats,":[20],"and":[21,64,79,100,105,139,166,207,214,234,241,253],"accidental":[22],"misuse.":[23],"Under-privilege":[24],"prevents":[25],"users":[26],"performing":[28],"their":[29,109],"duties.":[30],"Policies":[31],"must":[32],"balance":[33],"between":[34],"these":[35],"competing":[36],"goals":[37],"of":[38,58,75,97,175,184,237,247],"minimizing":[39,98],"under-privilege":[40,99,138,215],"vs.":[41],"over-privilege.":[42,140],"The":[43],"Attribute":[44],"Based":[45,219],"Access":[46,220],"Control":[47,221],"(ABAC)":[48],"model":[49],"has":[50],"been":[51],"gaining":[52],"popularity":[53],"in":[54,61,83,95],"recent":[55],"years":[56],"because":[57,108],"its":[59],"advantages":[60,246],"granularity,":[62],"flexibility,":[63],"usability.":[65],"ABAC":[66,93,110,133,149,159,177,205,239,248],"allows":[67],"administrators":[68],"create":[70,91],"based":[72],"on":[73],"attributes":[74],"users,":[76],"operations,":[77],"resources,":[78],"the":[80,162,173,238,245],"environment.":[81],"However,":[82],"practice,":[84],"it":[85],"often":[87],"very":[88],"difficult":[89],"terms":[96],"over-privilege":[101,213],"especially":[102],"for":[103,130,147,157,170],"large":[104,176,182,252],"complex":[106,254],"systems":[107],"privilege":[111,164,178,204],"spaces":[112],"are":[113],"typically":[114],"gigantic.":[115],"In":[116],"this":[117],"paper,":[118],"we":[119,194,225],"take":[120],"rule":[122,144],"mining":[123,145],"approach":[124,199],"mine":[126],"systems'":[127],"audit":[128,191],"logs":[129],"automatically":[131],"generating":[132],"which":[135],"minimize":[136],"both":[137],"We":[141],"propose":[142],"algorithm":[146,156],"creating":[148],"with":[151,172,211],"rules,":[152],"policy":[154],"scoring":[155],"evaluating":[158],"least":[163,203],"perspective,":[165],"performance":[167],"optimization":[168],"methods":[169],"dealing":[171],"challenges":[174],"spaces.":[179],"Using":[180],"dataset":[183],"4.7":[185],"million":[186],"Amazon":[187],"Web":[188],"Service":[189],"(AWS)":[190],"log":[192],"events,":[193],"demonstrate":[195],"that":[196],"our":[197,227],"automated":[198],"can":[200,208,229,242],"effectively":[201],"generate":[202,209],"policies,":[206],"less":[212],"than":[216],"Role":[218],"(RBAC)":[222],"approach.":[223],"Overall,":[224],"hope":[226],"work":[228],"help":[230,243],"promote":[231],"wider":[233],"faster":[235],"deployment":[236],"model,":[240],"unleash":[244],"better":[250],"protect":[251],"computing":[255],"systems.":[256]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}