1. Relationship Based Access Control (ReBAC).
1.1. Thang Bui et al. 2019. Efficient and extensible policy mining for relationship-based access control. In ACM SACMAT.
1.2. Thang Bui and Scott D Stoller. 2020. A decision tree learning approach for mining relationship-based access control policies. In ACM SACMAT.
1.3. Thang Bui, Scott D Stoller, and Jiajie Li. 2019. Greedy and evolutionary algorithms for mining relationship-based access control policies. Computers & Security (2019).
2. Role Based Access Control (RBAC)
2.1. Role Mining Role/Permission Assignments
2.1.1. Mario Frank et al. 2008. A class of probabilistic models for role engineering. In ACM CCS.
2.1.2. Qun Ni et al. 2009. Automating role-based provisioning by learning from examples. In ACM SACMAT.
2.1.3. Lu Zhou, Chunhua Su, Zhen Li, Zhe Liu, and Gerhard P Hancke. 2019. Automatic fine-grained access control in SCADA by machine learning. Future Generation Computer Systems (2019).
3. Access Decision
3.1. Luca Cappelletti, Stefano Valtolina, Giorgio Valentini, Marco Mesiti, and Elisa Bertino. 2019. On the quality of classification models for inferring ABAC policies from access logs. In IEEE International Conference on Big Data. IEEE.
3.2. Chin-Chen Chang, Iuon-Chang Lin, and Chia-Te Liao. 2006. An Access Control System with Time-constraint Using Support Vector Machines. Int. J. Netw. Secur. (2006).
3.3. Leila Karimi et al. 2021. Adaptive ABAC Policy Learning: A Reinforcement Learning Approach. arXiv (2021).
3.4. Aodi Liu, Xuehui Du, and Na Wang. 2021. Efficient Access Control Permission Decision Engine Based on Machine Learning. Security and Communication Networks (2021).
3.5. Mohammad Nur Nobi et al. 2022. Toward Deep Learning Based Access Control. In ACM CODASPY.
3.6. Kriti Srivastava et al. 2020. Machine Learning Based Risk-Adaptive Access Control System to Identify Genuineness of the Requester. In Modern Approaches in Machine Learning and Cognitive Science: A Walkthrough. Springer.
4. Literature Review
4.1. Machine Learning in Access Control: A Taxonomy and Survey
4.2. Identity Management Capability Powered by Artificial Intelligence to Transform the Way User Access Privileges Are Managed, Monitored and Controlled
4.3. Artificial Intelligence: The Key to Self-Driving Identity Governance
4.4. The Interaction Between Artificial Intelligence and Identity & Access Management: An Empirical study
4.5. Neural Networks are Decision Trees
5. Datasets
5.1. Kaggle. 2013. Amazon Employee Access Challenge.
5.2. UCI. 2011. Amazon Access Data Set.
6. Open Chanllenges And Future Researches Directons
6.1. Understanding Access Control Decesions
6.2. Policies Administration
6.3. Adversarial Attacks
6.4. Bias and Fairness
6.5. Insufficient tools for verification
7. Policy Mining
7.1. Policy Extraction from Natural Language
7.1.1. Manar Alohaly et al. 2018. A deep learning approach for extracting attributes of ABAC policies. In ACM SACMAT.
7.1.2. Thang Bui et al. 2019. Efficient and extensible policy mining for relationship-based access control. In ACM SACMAT.
7.1.3. Thang Bui and Scott D Stoller. 2020. A decision tree learning approach for mining relationship-based access control policies. In ACM SACMAT.
7.2. Policy Extraction from Access logs
7.2.1. Decebal Mocanu, Fatih Turkmen, Antonio Liotta, et al. 2015. Towards ABAC policy mining from logs with deep learning. In Proceedings of the 18th International Multiconference, ser. Intelligent Systems.
7.2.2. Carlos Cotrini et al. 2018. Mining ABAC rules from sparse logs. In IEEE EuroS&P.
7.2.3. Amani Abu Jabal, Elisa Bertino, Jorge Lobo, Mark Law, Alessandra Russo, Seraphin Calo, and Dinesh Verma. 2020. Polisma-a framework for learning attribute-based access control policies. In ESORICS. Springer.
7.2.4. Leila Karimi et al. 2021. An automatic attribute based access control policy extraction from access logs. IEEE TDSC.
7.3. Policy Optimization
7.3.1. Yahya Benkaouz, Mohammed Erradi, and Bernd Freisleben. 2016. Work in progress: K-nearest neighbors techniques for abac policies clustering. In ACM International Workshop on Attribute Based Access Control.
7.3.2. Maryem Ait El Hadj et al. 2017. ABAC rule reduction via similarity computation. In ICNS. Springer.
7.3.3. Using Constraint Programming and Graph Representation Learning for Generating Interpretable Cloud Security Policies
7.3.4. Optimization of Access Control Policies
8. Policy Verification and Testing
8.1. John Heaps, Xiaoyin Wang, Travis Breaux, and Jianwei Niu. 2019. Toward Detection of Access Control Models from Source Code via Word Embedding. In ACM SACMAT.
8.2. Vincent Hu. 2021. Machine Learning for Access Control Policy Verification. Technical Report. NIST.
9. Policy Administration and Monitoring
9.1. Policy Administration
9.1.1. Eduardo J Spinosa et al. 2009. Novelty detection with application to data streams. Intelligent Data Analysis (2009).
9.1.2. Ashraf Alkhresheh et al. 2020. Adaptive access control policies for IoT deployments. In IEEE IWCMC.
9.1.3. Varun Gumma et al. 2021. PAMMELA: Policy Administration Methodology using Machine Learning. arXiv.
9.2. Policy Monitoring.
9.2.1. Evan Martin and Tao Xie. 2006. Inferring access-control policy properties via machine learning. In IEEE POLICY.
9.2.2. Chengcheng Xiang et al. 2019. Towards Continuous Access Control Validation and Forensics. In ACM CCS.