ABAC policy mining method for heterogeneous access control system ABAC policy mining method

• Published in: The Journal of supercomputing Vol. 81; no. 9
• Main Authors: Siyuan, Shang, Aodi, Liu, Xuehui, Du, Xiaohan, Wang, Ming, Tan
• Format: Journal Article
• Language: English
• Published: New York Springer US 21.06.2025
• Subjects: Compilers; Computer Science; Interpreters; Processor Architectures; Programming Languages; Access control; Policy mining; ABAC model; Ant colony algorithm
• ISSN: 1573-0484
• DOI: 10.1007/s11227-025-07539-6

The attribute-based access control (ABAC) model has emerged as a more flexible model when addressing complex authorization requirements. However, different information systems may adopt heterogeneous access control systems, and it becomes more and more necessary to migrate them to ABAC access control system. Based on this, we focus on heterogeneous policy migration and propose a universal ABAC policy mining method based on ant colony algorithm. First, we utilize subject-permission tuples from different access control systems as security intent; second, we combine different attributes to make initial policies and transform attribute relationships into attribute constraints with ant colony algorithm optimization to build ABAC policy set; third, we make policy optimization to enhance the policy quality. Experimental results show our superior performance. We improve the policy evaluation metric weighted structure complexity by an average of 34.6% and improve time overhead by 58.3% in complex policy mining situation. Overall, we solve the bottleneck in complex ABAC policy mining situations with improved time overhead and high-quality policy set, providing strong support for heterogeneous policy migration and the promotion of ABAC model in real-world applications.