Mining Reliable ABAC Policies: A Specificity and Confidence-Aware Extension of Rhapsody
摘要
This paper presents an implementation and evaluation of the Rhapsody algorithm, which mines Attribute-Based Access Control (ABAC) policies from sparse access logs. Rhapsody introduces a novel reliability metric to mitigate over-permissiveness in rule generation. Our work extends the original algorithm by evaluating it on other datasets. We also modify the original confidence evaluation to stabilise rule count and improve alignment with Access Control List (ACL) policies. Furthermore, we introduce specificity as a novel diagnostic metric that evaluates the model’s capacity to reject unauthorised access, a critical aspect often neglected in prior approaches. The experiments are conducted on synthetic and real-world datasets to assess the algorithm’s performance and its resistance to varying levels of noise and data sparsity. The results demonstrate that fine-tuning hyperparameters, namely the support and reliability thresholds, significantly impacts rule quality and robustness against over-permissiveness. These findings further highlight the trade-off between rule simplicity, coverage, and interpretability in policy mining using Rhapsody.