{"id":"https://openalex.org/W4280649132","doi":"https://doi.org/10.1145/3517121","title":"Learning Relationship-Based Access Control Policies from Black-Box Systems","display_name":"Learning Relationship-Based Access Control Policies from Black-Box Systems","publication_year":2022,"publication_date":"2022-05-19","ids":{"openalex":"https://openalex.org/W4280649132","doi":"https://doi.org/10.1145/3517121"},"language":"en","primary_location":{"id":"doi:10.1145/3517121","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3517121","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070601304","display_name":"Padmavathi Iyer","orcid":"https://orcid.org/0000-0001-9611-451X"},"institutions":[{"id":"https://openalex.org/I392282","display_name":"University at Albany, State University of New York","ror":"https://ror.org/012zs8222","country_code":"US","type":"education","lineage":["https://openalex.org/I392282"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Padmavathi Iyer","raw_affiliation_strings":["University at Albany \u2013 SUNY, Albany, New York"],"affiliations":[{"raw_affiliation_string":"University at Albany \u2013 SUNY, Albany, New York","institution_ids":["https://openalex.org/I392282"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110578902","display_name":"Amirreza Masoumzadeh","orcid":null},"institutions":[{"id":"https://openalex.org/I392282","display_name":"University at Albany, State University of New York","ror":"https://ror.org/012zs8222","country_code":"US","type":"education","lineage":["https://openalex.org/I392282"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amirreza Masoumzadeh","raw_affiliation_strings":["University at Albany \u2013 SUNY, Albany, New York"],"affiliations":[{"raw_affiliation_string":"University at Albany \u2013 SUNY, Albany, New York","institution_ids":["https://openalex.org/I392282"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5070601304"],"corresponding_institution_ids":["https://openalex.org/I392282"],"apc_list":null,"apc_paid":null,"fwci":2.3665,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.89936462,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"25","issue":"3","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8051673173904419},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.7380326986312866},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.7368000745773315},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6464804410934448},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6232438683509827},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5597415566444397},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5332241654396057},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.444791316986084},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.444139301776886},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4298855662345886},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.41014519333839417},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3743983805179596},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3645153045654297},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.32906150817871094},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3205491602420807},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.15064874291419983},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.12976855039596558},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11364707350730896}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8051673173904419},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.7380326986312866},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.7368000745773315},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6464804410934448},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6232438683509827},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5597415566444397},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5332241654396057},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.444791316986084},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.444139301776886},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4298855662345886},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.41014519333839417},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3743983805179596},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3645153045654297},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.32906150817871094},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3205491602420807},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.15064874291419983},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.12976855039596558},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11364707350730896},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3517121","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3517121","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W1037096493","https://openalex.org/W1972505764","https://openalex.org/W1989445634","https://openalex.org/W2000107752","https://openalex.org/W2003752715","https://openalex.org/W2024445190","https://openalex.org/W2036467405","https://openalex.org/W2078074581","https://openalex.org/W2080001594","https://openalex.org/W2099415873","https://openalex.org/W2102071894","https://openalex.org/W2111111494","https://openalex.org/W2131782448","https://openalex.org/W2132037983","https://openalex.org/W2137577559","https://openalex.org/W2277593056","https://openalex.org/W2482837440","https://openalex.org/W2500302530","https://openalex.org/W2512416592","https://openalex.org/W2533393700","https://openalex.org/W2561427878","https://openalex.org/W2583228413","https://openalex.org/W2618541213","https://openalex.org/W2619305693","https://openalex.org/W2688811510","https://openalex.org/W2755088640","https://openalex.org/W2805336398","https://openalex.org/W2806152525","https://openalex.org/W2817857516","https://openalex.org/W2888685578","https://openalex.org/W2913369986","https://openalex.org/W2921287709","https://openalex.org/W2947413737","https://openalex.org/W2962744771","https://openalex.org/W2988851004","https://openalex.org/W3028881048","https://openalex.org/W3029768991","https://openalex.org/W3045199514","https://openalex.org/W3104845644","https://openalex.org/W3114308913","https://openalex.org/W3154990653","https://openalex.org/W3155736099","https://openalex.org/W4299351893"],"related_works":["https://openalex.org/W2123296434","https://openalex.org/W2104547074","https://openalex.org/W2555738791","https://openalex.org/W4298042445","https://openalex.org/W2132693790","https://openalex.org/W2095975812","https://openalex.org/W2367441718","https://openalex.org/W1510136311","https://openalex.org/W2120115519","https://openalex.org/W1990260561"],"abstract_inverted_index":{"Access":[0],"control":[1,90,129],"policies":[2,15],"are":[3,16],"crucial":[4],"in":[5,8,184],"securing":[6],"data":[7],"information":[9],"systems.":[10],"Unfortunately,":[11],"often":[12],"times,":[13],"such":[14,146],"poorly":[17],"documented,":[18],"and":[19,24,30,68,108,132,162,182],"gaps":[20],"between":[21],"their":[22],"specification":[23],"implementation":[25],"prevent":[26],"the":[27,36,49,58,79,83,102,116],"system":[28,64,81],"users,":[29],"even":[31],"its":[32,52,87,95,159,177],"developers,":[33],"from":[34,61],"understanding":[35],"overall":[37,88],"enforced":[38,59,148],"policy":[39,91,106,109],"of":[40,51,78,85,115,180],"a":[41,62,72,138],"system.":[42],"To":[43],"tackle":[44],"this":[45],"problem,":[46],"we":[47,111,135,165],"propose":[48],"first":[50],"kind":[53],"systematic":[54],"approach":[55,156],"for":[56],"learning":[57,86,126,155],"authorizations":[60],"target":[63,80],"by":[65,119,157],"interacting":[66],"with":[67,94],"observing":[69],"it":[70],"as":[71],"black":[73],"box.":[74],"The":[75],"black-box":[76],"view":[77],"provides":[82],"advantage":[84],"access":[89,128],"without":[92],"dealing":[93],"internal":[96],"design":[97],"complexities.":[98],"Furthermore,":[99,164],"compared":[100],"to":[101,143,175],"previous":[103],"literature":[104],"on":[105,125,171],"mining":[107],"inference,":[110],"avoid":[112],"exhaustive":[113],"exploration":[114],"authorization":[117],"space":[118],"minimizing":[120],"our":[121,153],"observations.":[122],"We":[123,150],"focus":[124],"relationship-based":[127],"(ReBAC)":[130],"policy,":[131],"show":[133],"how":[134],"can":[136],"construct":[137],"deterministic":[139],"finite":[140],"automaton":[141],"(DFA)":[142],"formally":[144],"characterize":[145],"an":[147],"policy.":[149],"theoretically":[151],"analyze":[152],"proposed":[154],"studying":[158],"termination,":[160],"correctness,":[161],"complexity.":[163],"conduct":[166],"extensive":[167],"experimental":[168],"analysis":[169],"based":[170],"realistic":[172],"application":[173],"scenarios":[174],"establish":[176],"cost,":[178],"quality":[179],"learning,":[181],"scalability":[183],"practice.":[185]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}