Researchers have shown significant interest in applying machine learning (ML) to various aspects of access control, such as policy mining, verification, monitoring, and administration. Although still in its infancy, ML applications in access control are evolving with the goal of replacing language-based security policies with trained ML agents. Figure 1 provides an overview of access control systems and their pipelines. Traditional systems involve roles, attributes, policy engineering, verification, and administration, while ML-based systems replace security policies with trained ML agents, which involve training, verification, and administration of the agent [79]. Optional components are indicated by dashed boxes in Figure 1.
ML has proven highly successful in solving complex problems across various domains, outperforming manual human-driven processes. In access control, manual solutions often fail to achieve optimal performance and may grant unauthorized access. Consequently, there are significant opportunities for improvement in access control. Researchers have leveraged ML to develop more efficient solutions, such as providing decisions for unseen access scenarios [98], automating laborious tasks like attribute extraction from natural language [3-5, 46, 75], mapping roles and permissions [78,101], extracting security rules from access logs [30,60,73], and deriving access control policies from user stories [46]. ML has also been used for access policy verification [47,49] and monitoring suspicious activities [96]. Additionally, researchers have proposed using ML for access control decision-making, where trained models determine whether access requests should be granted or denied [22,25,59,67,79].
Evidently, the rapid emergence and utilization of ML has shown a significant potential in improving and reshaping the field of access control. However, several challenges need to be addressed. A major obstacle is that researchers tend to apply ML methods on a case-bycase basis [4,15,30,39,61,96], and thereby, there is no common strategy for using ML in the access control domain. This leads to a lack of in-depth insights and the absence of a holistic view of the application of ML in access control. In addition, there is a lack of research efforts that address the best strategy to determine the most effective ML technique given a particular access control problem. Another limitation pertains to the availability of data. There is a noticeable lack of quality datasets from the real-world organization [37,47]. Even though some public datasets are available, they are typically anonymized datasets which, in most cases, exclude relevant information necessary for expressing a complete access control state of the system [74]. Considering all the aforementioned limitations, it is essential to have a holistic view of the utilization of machine learning for access control, which, in turn, will help to shed light on the underdeveloped areas and determine the future directions in the domain.
In this paper, we perform a detailed review and summarize existing literature that uses ML to solve different access control problems. To the best of our knowledge, this is the first comprehensive work that offers an encyclopedic view towards outlining the application of machine learning for access control. Our systematization makes the following contributions.
• We comprehensively review existing access control literature that uses machine learning and discuss various research works done in different sub-domains of access control. • We propose a novel taxonomy of machine learning in access control, and highlight research at each stage as the domain has evolved chronologically. • We summarize the publicly available real-world datasets used for machine learning based access control research.
• We highlight open challenges and limitations faced by the research community, as well as provide future research directions to thrive in this critical security domain.
This paper dives into the exciting world of machine learning in the access control pipeline. We've crafted an abstract taxonomy to showcase the intricate relationships among various components and building blocks of access control research, helping to organize our work, as illustrated in Figure 2. We've categorized the available work into two major areas: ML Assisted Access Control' and ML Based Access Control'. The first category includes innovative literature that enhances traditional policy or role-based access control processes, such as attribute engineering, policy mining/extraction, role/permission assignments, and policy verification. Overall, those methods mostly deal with processes in ABAC, RBAC, ReBAC. The second category is even more groundbreaking, featuring articles that replace traditional access control policies with an ML model. In this scenario, the model itself acts as the policy, making access decisions autonomously.
Throughout the paper, we explain each of the branches of this figure, intending to solve some of the key questions as follows. These questions are answered in Section 3 and 4 for each work discussed, as well as summarized per-subdomain in Tables 12345.
(1) What are the target access control models? In particular, is the proposed ML approach applicable for the access control domain as a whole or only suitable for any particular model? (2) What are the ML methods that the respective approach uses? (3) Why does the respective approach use ML, and to what extent ML method contribute? (4) What are the input and output of the ML model? Can the trained machine learning model make access control decisions, or does the corresponding method only use ML to improve or automate access control sub-processes? (5) What kind of data was used for training the ML algorithm?
We also explore any possible enhancements related to ML in access control, such as adversarial attack, explainability, bias, etc.
This systematization is based on published research from 2006 to the end of 2024. Before 2006, no ML-based access control solutions were found. We reviewed papers from various sources, including Google Scholar, ACM Digital Library, IEEEXplore, Springer, and preprints from arXiv.
We chose to read individual papers rather than rely on keyword searches in databases, as this approach ensured no relevant articles were overlooked. The terminology used to describe ML practices in access control is highly varied due to the field's nascent nature. Consequently, keyword searches might have excluded significant literature. By manually reading and selecting papers, we compiled a comprehensive and contextually relevant collection for our study.
We also summarized datasets used in these studies to provide an overview of available datasets, their applications, and limitations. All publicly available datasets are summarized in Table 1.
We present the timeline of seminal works using ML for access control in Figure 3. We sort the timeline according to the published year and illustrate how the application of ML evolved in the access control domain. As summarized in Figure 3, ML in access control is fairly new introducing its concept first in 2006. However, the application of ML in access control domain is emerging fast, and researchers published most of the work in recent years.
This section provides an overview of literature that leverages machine learning to address issues related to traditional access control models. In these studies, machine learning isn't used to directly predict access decisions. Instead, it optimizes various processes such as policy mining, role mining, and rule mining.
High-level access control models like ABAC and ReBAC are favored for their flexible policies and reduced management burdens, supporting dynamic and complex security policies. However, transitioning from lower-level policies like ACLs is challenging. Policy mining techniques use user and resource attributes, their values, and the system's current access control state as input. For ABAC and ReBAC, algorithms generate rules that grant the same permissions [18,20]. In contrast, RBAC mining algorithms produce permission-to-role (PA) and user-to-role (UA) assignments [78,101]. Table 2 reports access control policy mining approaches using ML.
Attributes and Policy Extraction from Natural Language. Natural language policies, being the preferred expression of policy [3], need to be transformed into a machine-readable form. Several researchers attempted to process such policies to extract access control-related information, including identifying policy sentences, triples of subject-object-action, etc. While manual extraction of such information is inefficient as the task becomes repetitive, requires more time, and is error-prone, several other approaches have been proposed to automate the process [75,76,87,88,97].
Attribute and Policy Engineering ABAC Attributes and Policy Extraction from Natural Language [3-5, 46, 75] Policy Extraction from Logs [30,56,60,61,73] Policy Optimization [10,37] RBAC Role Mining [39,46] Role/Permission Assignments [78,101]
ReBAC Policy Mining [15][16][17] Policy Verification and Testing [47,49] Policy Administration [2,7,8,44] Policy Monitoring [69,96] ML Based Access Control
Access Decision [22,25,28,59,63,67,79,82,90] Security and Administration [80,81] Figure 2: A Taxonomy of Machine Learning in Access Control Domain.
Narouei et al. [75] (2017) present a framework for ABAC that extracts security policies from natural language documents using deep recurrent neural networks (RNN). The model identifies access control policy content from high-level requirement documents, achieving a 5.58% improvement over other methods. However, human involvement is needed to accurately identify ACP sentences. Alohaly et al. [3] propose a deep learning framework using NLP, RE, and CNN to automate ABAC attribute extraction from NL policies. The framework identifies policy elements, extracts attribute values, and determines their categories, achieving an F1 score of 0.96 for subject attributes and 0.91 for object attributes. The evaluation uses datasets like iTrust [71], IBM Course Management App [1], CyberChair [95], and Collected ACP [97]. However, it lacks support for hierarchical ABAC systems. Alohaly et al. [5] enhance their previous framework [3] to automatically extract attributes from NL hierarchical ABAC policies using NLP and ML techniques. The multi-phase framework achieves an average F1 score of 0.96 for subject attributes and 0.91 for object attributes, evaluated on datasets like iTrust [71], IBM Course Management App [1], CyberChair [95], and Collected ACP [97].
Alohaly et al. [4] propose an automated process for extracting constraints in ABAC policies using NLP tools. The method uses BiLSTM models to identify and label conflicting factors in policy sentences, achieving an F1 score of 0.91 and detecting at least 75% of each constraint expression. The evaluation dataset includes 801 constraints in 747 NLACP sentences from various departments [4,12,13,51]. Heaps et al. [46] developed a transformers-based deep learning model to extract access control information from user stories, including access control classification, named entity recognition, and access type classification [36]. Evaluated on the Dalpiaz dataset [32,33], the model outperformed CNN and SVM, though CNN performed comparably in named entity recognition. The authors recommend a larger dataset for further improvement.
Policy Extraction from Logs. Mining ABAC policies from legacy systems is inefficient and laborious, making alternative sources beneficial. Additionally, maintaining these rules is challenging.
A straightforward approach is to mine ABAC rules from access logs [98], as they reflect the existing access control policy.
Mocanu et al. [73] propose a deep learning approach using Restricted Boltzmann Machines (RBMs) to infer policies from logs, supporting negative authorization. The two-phase method generates candidate rules from logs and transforms them for comparison with Xu-Stoller [98]. Evaluated on a healthcare dataset, the approach shows promise but requires further implementation and evaluation for diverse real-world policies. Cotrini et al. [30] propose Rhapsody, an approach for mining ABAC rules from sparse access logs, addressing issues like rule size and over-permissiveness. Rhapsody modifies APRIORI-SD [62] to generate concise rules, evaluated on Amazon access logs [58,93] and ETH Zurich lab logs. Using universal cross-validation, Rhapsody achieves higher F1 scores and better generalization compared to Classification Tree [14], CN2 [29], and other ABAC mining algorithms [62,98].
Jabal et al. [56] introduce Polisma, a framework for learning ABAC policies using data mining, statistical, and ML techniques. Polisma generates, generalizes, and augments rules with restriction rules, then applies Random Forest (RF) and KNN classifiers to handle uncovered requests. Evaluated on real-world [93] and synthetic datasets, Polisma effectively develops accurate ABAC policies. Karimi et al. [60] propose an ABAC policy extraction method using access logs, building on their previous unsupervised learning approach [61]. The method uses K-modes clustering [21] to generate rules with positive and negative filters, followed by rule pruning and refinement. Evaluated on real-world and synthetic datasets, the approach effectively handles incomplete logs and noise but requires careful tuning of parameters for optimal performance. Policy Optimization. Benkaouz et al. [10] propose using KNN algorithms for clustering and classifying ABAC policies, enhancing flexibility and reducing dimensionality in high-scale systems. The granularity of ABAC policies is adjusted by the parameter k, with smaller values for fine-grained models and larger values for coarsegrained models. This approach is still under development, with open Time-constraint access control model (TCAC) [25] TCAC SVM Identifying discrepancies between policy specification and its functionalities [69] Common Prisom Approximating the user-permission assignments [39] questions about the default value of k, the best KNN algorithms for clustering, and its applicability to various applications.
El Hadj et al. [37] propose ABAC-PC, a method for clustering ABAC policy rules based on decision effects and similarity scores, producing minimal representative rules. Extending Benkaouz et al. [10], the approach can reduce policy rules by up to 10% for policies with over 9000 rules and can be integrated with other tools to detect and resolve anomalies in XACML policies.
Role Mining. Frank et al. [39] focus on bottom-up RBAC role mining to approximate user-permission assignments by finding minimal sets of roles, user-role, and role-permission assignments. They propose a probabilistic framework to address errors and nonmeaningful roles in combinatorial algorithms, generalizing observations from existing user-permission assignments.
In another work, the authors use Gibbs sampler [77] for their Disjoint Decomposition Model, evaluated on synthetic and real-world datasets. The synthetic dataset includes 200 users, 200 permissions, ten business roles, and five technical roles, while the real-world dataset has 5000 users and 1323 permissions. The approach creates meaningful roles and identifies erroneous user-permission assignments, though it uniformly introduces errors in the synthetic dataset, unlike the unknown error count in real-world scenarios.
Role/Permission Assignments. Role-based provisioning is a standard in Identity Management products, but struggles in dynamic enterprises where frequent application reconfiguration and new service deployment are common. Adjusting role mappings to new privileges is challenging and costly, highlighting the need to reduce role maintenance efforts.
Ni et al. [78] propose a machine learning-based automated role maintenance system to provision existing roles with entitlements from new applications and new users with existing roles. The technique involves four phases: collecting role-entitlement mappings, filtering essential attributes, pre-processing data, and training classifiers. Evaluated on real-world and synthetic data, SVM was chosen as the final classifier, achieving FP rates between 0-5% and FN rates between 0-30%, with 70% of assignments automated and 30% needing assistance. Lu Zhou et al. [101] propose two ML-based approaches for automating role assignment in SCADA systems. They first apply SVM using static and dynamic attributes of users and devices for role assignments, but do not provide detailed evaluation results. They then experiment with the Adaboost algorithm using the same inputs, comparing real and discrete-valued Adaboost algorithms on a SCADA intrusion detection dataset [92].
Like ABAC policy mining approaches, ReBAC policy mining algorithms can also potentially reduce the effort to obtain a high-level policy from lower-level access control data.
Bui et al. [15] propose an efficient ReBAC policy mining algorithm, enhancing their previous evolutionary algorithm [20] with a neural network-based feature selection phase. This reduces search space and improves authorization mapping. Evaluated on realworld [34,35] and synthetic policies, the enhanced algorithm is faster and more effective. Bui et al. [16] propose DTRM and DTRM -, decision tree-based algorithms for mining ReBAC policies. DTRM mines ORAL policies, while DTRM -supports negative conditions and constraints. Evaluated on real-world [34,35] and synthetic datasets [20], they produce smaller, faster policies than state-of-theart methods [15,55].
In most real-world data, information about permissions can be incomplete, or some attribute values can be missing (or unknown). Authors in [19,30,54,65] solved different variants of the ABAC and ReBAC policy mining problem considering incomplete permissions information. However, all these works assume the attribute (and relationship in the case of ReBAC) information is complete (or known). The authors in [17] introduced DTRMU -and DTRMU algorithms for mining ABAC and ReBAC policies from ACLs, addressing incomplete information using Kleene's three-valued logic. This approach assigns a third truth value, 'U,' to unknown conditions, alongside true (T) and false (F) values. They developed a multi-way decision tree algorithm to classify authorization requests and generate ReBAC rules from labeled feature vectors [15,16]. Experiments were conducted with sample policies from Bui et al. [20] and case studies from Decat et al. [34,35], comparing the performance of mined rules to simplified original rules.
Traditional policy verification methods are error-prone and timeconsuming, lacking specificity in roles or permissions. They struggle with code-policy relations and new mappings. XACML-based policies also require rigorous verification to ensure accuracy and compliance.
Martin et al. [69] showed that ML algorithms can summarize policy properties and identify bug-exposing requests, revealing discrepancies between policy specifications and functionalities. Access requests are generated and applied to the system, with observations structured as request-response pairs. These pairs are used by an ML algorithm to infer policy properties and identify potential bugs. The authors integrated Sun's XACML implementation [83] and Weka [52] into their tool, which handles request generation, evaluation, and policy property inference. Using the Prism classification algorithm [23], the tool was tested on a university's grades repository policy [38]. Results showed that inferred properties effectively summarize the policy and identify bug-exposing requests.
Heaps et al. [47] propose leveraging deep learning to develop a more robust and efficient system. They suggest training a deep learning model based on links between code and policy elements. Since code elements lack numerical meaning, they use the Skipgram Word2Vec algorithm [72] to embed code elements into a highdimensional space. Experiments with JDK8 and Apache Shiro showed that this technique produces high-quality word embeddings and delivers state-of-the-art performance.
Access control policies are verified using model proof, data structure, system simulation, and test oracles. Comprehensive test case generation is challenging, so the NIST report [49] proposed a machine learning technique for efficient verification. This method trains a model based on policy rule attributes to generate a classification model, predicting access permissions and detecting inconsistencies. The authors used random forest (RF) as the ML method, encoding policy rules in a data table where each column represents an attribute, action, or permission, and each row represents a policy Event Logs Event log from an incident management process [22] rule. Rules with multiple actions or object attributes are split into sub-rules. The RF model is evaluated to detect permission conflicts and ensure it recognizes policy rule semantics, including condition, separation of duty, and exclusion properties. The accuracy function analysis indicates the semantic correctness of the policy. Less than 100% correctness suggests conflict rules may exist. Overall, the algorithm efficiently verifies policies and detects inconsistencies. Table 3 summarizes access control policy verification tools and methods using machine learning.
Adapting access control policies to tackle cyber attacks is challenging due to their static nature. Regular maintenance is required to keep policies up-to-date, which, if not automated, is laborious and error-prone [7]. Erroneous policies can make the system vulnerable to adversaries or misuse by internal users. Therefore, reinforcing the access control system to identify misconfigurations and adjust policies accordingly is crucial.
Manual access control policy updates are laborious and errorprone [7], making systems vulnerable to cyber attacks. Authors in [7] present ML-AC, an ML-based approach that updates policies automatically at run-time to prevent such threats. ML-AC monitors user access behavioral features (e.g., frequency, data amount, location) and adjusts access control rules based on contextual knowledge. This method includes a Contextual Behaviour Learning component in the Policy Administration Point (PAP) to build user profiles and adjust policies. ML-AC uses RF to classify access control behavior as normal or anomalous and refines policies by encoding ML-rules with learned contextual knowledge. It also monitors user behavior evolution using Olindda [89] to detect new clusters. Experiments with a synthetic dataset demonstrated ML-AC's effectiveness. Comparisons with BBNAC [40] and ML-AC 𝑛𝑜𝑘 (without contextual knowledge) showed ML-AC's superior performance.
Alkhresheh et al. [2] proposed an adaptive access control policy framework for IoT, refining policies based on device behaviors. They suggest a policy management module for adaptation, including behavior classification and policy refinement, alongside the traditional ABAC server. Both servers include a context monitor. Using RF and LSTM [48] on three years of access data from a university's door locking system, they found LSTM outperformed RF with larger datasets due to its ability to learn from longer sequences. The study concluded that LSTM scales better in IoT environments.
Gumma et al. [44] proposed PAMMELA, an ML-based ABAC policy administration method that creates new rules and extends existing policies. It operates in two phases: training an ML classifier on ABAC policy rules and generating rules based on access requests. The authors experimented with three datasets containing various [42], Gradient Boosting (GB) [41], and Extreme Gradient Boosting (XGB) [26]. The study provided insights into managing ABAC policies using PAMMELA.
Recently, Ayedh et al. [8] introduced an enhanced and distributed access control decision-making model that utilizes a random forest 4 outlines related methods proposed for the access control administration using machine learning.
Regular access control policy updates are challenging and errorprone [96], risking severe security incidents. Xiang et al. [96] developed P-DIFF to help system admins monitor policy changes and investigate malicious access by backtracking related changes. They proposed a Time-Changing Decision Tree (TCDT) to handle timeseries information, modeling access control behavior over time. P-DIFF uses access logs to generate a TCDT, aiding policy change validation and forensics analysis. Experiments with datasets from five real-world systems, including Wikipedia [94], showed P-DIFF detects 86 to 100% of policy changes with 89% precision and 85 to 98% efficacy in forensic analysis. Table 4 further outlines this work.
Recent research highlights the benefits of using ML models for accurate access control decision-making [22,25,59,67,79,90]. These systems use trained ML models instead of language-based policies to decide access (grant or deny) based on user and resource metadata and attributes. Metadata and attributes are features that the ML model learns for subsequent access decisions. Besides, it is required to administer those trained ML models such that any changes in access policy can be accommodated [80], while securing them from external attack [81]. We briefly discuss these approaches below and summarize them in Table 5.
Access control policies sometimes need to be restricted by access hours. For example, a user may be denied access outside office hours. Chang et al. [25] proposed a time-constraint access control system using SVM, divided into three phases: input pattern transforming, training SVMs, and authority decision. They implemented SVMs using LIBSVM [24], training on users' login times and passwords to classify users and grant access based on these factors. The system uses trained SVMs for access decisions instead of traditional policies.
Performance evaluation with training data showed the system can authenticate users' access rights, demonstrating its practicality.
Centralized access control architectures with static policies are limited in IoT due to devices' computational constraints. Outsourcing access control management introduces security and privacy concerns. IoT needs a framework suitable for its distributed nature, allowing user privacy control and centralized handling. Outchakoucht et al. [82] proposed a blockchain and ML-based access control approach for IoT. The approach uses blockchain for distributed policy management and ML, specifically Reinforcement Learning, to dynamically adjust access control policies as resources are accessed and security policies executed.
Cappelletti et al. [22] explored symbolic (DT, RF) and non-symbolic (SVC, MLP) ML techniques for inferring ABAC policies from access logs. They used two Amazon datasets [58,93] and the Incident dataset [6], noting the sparsity and imbalance of Amazon datasets versus the balanced Incident dataset. PCA and t-SNE [99] revealed well-separated clusters in the Incident log but not in the Amazon dataset. Amazon datasets showed around 50% accuracy due to sparsity, while Incident logs had high accuracy. MLP excelled with sparse data, capturing complex relationships. Symbolic techniques offered better decision understanding, highlighting concerns about black-box ML techniques' explainability and verifiability. Khilar et al. [63] proposed a trust-based cloud resource access approach using user access history and behavior, considering bogus, unauthorized, and forbidden requests. They tested ML techniques like KNN, decision tree, logistic regression, naive Bayes, neural networks, and ensemble algorithms. The ensemble model of random forest (RF) and K-nearest neighbor performed best, with neural networks achieving the highest performance.
Srivastava et al. [90] proposed RAdAC, a framework assessing requester genuineness, calculating risk, and acting accordingly, using attributes like access time, location, request frequency, and resource sensitivity. They developed a Hospital Management System prototype and tested a neural network and RF algorithm. RF performed best with both input data and engineered parameters, highlighting the need for domain expertise to determine optimal values. Liu et al. [67] proposed EPDE-ML, an Efficient Permission Decision Engine scheme based on ML to improve the ABAC model's policy decision point (PDP). EPDE-ML uses an RF algorithm trained on user attributes and prior access control information to permit or [68] Not specified To enhance the trustworthiness of MLBAC systems MLBAC Machine Unlearning RW (1.8) deny access requests. The process is split into two phases: Phase 1 uses the trained model for decisions, and Phase 2 updates the model with current policy information. Experiments on Amazon's access control policy set [58] showed EPDE-ML's superior performance, with an AUC of 0.975 and 92.6% accuracy. Decision time remained consistent at around 0.115 seconds, regardless of policy size.
Karimi et al. [59] proposed an adaptive access control approach using RL to address challenges like limited labeled data and sparse logs. The goal is to develop an adaptive ABAC policy learning model for smart home IoT environments, with methods to speed up learning based on attribute value hierarchy. Experiments on synthesized and real datasets, including Amazon [58], showed the effectiveness of the approach. The real dataset included employee access requests, indicating whether access was permitted, along with attribute values and resource identifiers.
Traditional access control systems struggle in dynamic, largescale environments, making it difficult for human administrators to maintain accurate access control states. Nobi et al. [79] propose Deep Learning Based Access Control (DLBAC), which uses user and resource metadata directly, eliminating the need for attribute and policy engineering. The DLBAC model, based on ResNet [45], outputs a trained neural network for access control decisions. The authors developed a DLBAC prototype, tested it with eight synthetic datasets and two Amazon datasets [58,93], and found that DLBAC makes more accurate and generalized access control decisions than traditional systems. DLBAC better balances over-provision (unauthorized access) and under-provision (denied access) inefficiencies compared to policy-based systems. However, DLBAC may inherit biases from training data, potentially leading to adverse decisions.
For example, in the Amazon dataset, where most authorization tuples involve grant decisions, DLBAC might favor similar decisions. Ensuring fair decisions requires auditing the training data and evaluating decisions for fairness.
Chhetri et al. [28] introduce an environment-aware access control model that leverages deep learning to integrate contextual environmental data in security decision-making. By analyzing realtime conditions and adapting policies accordingly, the model enhances precision in identifying legitimate access requests while strengthening overall system resilience in dynamic settings.
Nobi et al. [80] investigate the administration challenges of MLbased access control systems, particularly in capturing changes in access control states. They compare the performance of symbolic (RF) and non-symbolic (ResNet) ML methods in a simulated environment. The study highlights the advantages and disadvantages of both approaches, such as insufficient learning of new changes and forgetting existing access information. Experimental results indicate that non-symbolic methods outperform symbolic ones in adapting to incremental changes in access control states. Recently, Llamas et al. [68] introduced a certified unlearning framework for ML-based access control, ensuring compliance with evolving policies by removing specific data without full retraining. This enhances adaptability, security, and privacy in access control systems.
While deploying an ML model for access decision, it is crucial to secure the model from unwanted intervene. Nobi et al. [81] examine the security vulnerabilities of ML-based access control systems, particularly their susceptibility to adversarial attacks. It highlights how minor input modifications can lead to incorrect access decisions by ML models. The study focuses on manipulating user and resource information to gain unauthorized access, using ResNet models in simulated environments. Results show that adversarial attacks can be designed for these models, but access control-specific constraints can mitigate such attacks to some extent.
In complex situations where access control systems overlap, nonsymbolic ML models often make better decisions than traditional policies or symbolic ML models [22]. Neural networks and other non-symbolic methods can learn subtle differences among users, resources, and their relationships. However, achieving superior performance with these models often comes at the cost of explainability-understanding the reasons behind specific access decisions.
While ML models for access control are still in their early stages, a lack of explainability could hinder their growth. Written policies and symbolic ML models offer straightforward explanations through human-understandable logical rules. For example, symbolic ML methods allow easy extraction of logical rules from decision trees. In contrast, non-symbolic ML models, such as DLBAC [79] or Karimi et al. [59], use 'black box' functions that are not easily interpretable, which is crucial for security-sensitive domains.
As shown in Figure 4, moving from written policies to nonsymbolic approaches increases performance but decreases explainability. This limitation affects other domains, including computer vision, malware analysis, and financial systems. The issue of explainability is a very active research area in ML [53]. Solutions are often domain-specific; for example, a method for explaining computer vision models may not work for access control.
Nobi et al. [79] addressed this issue in access control by proposing two methods for explaining neural network-based decisions in human terms. However, these methods do not guarantee 100% accuracy in understanding decisions. Therefore, there is significant potential for further research to improve explanations and enhance intuition in this area.
Maintaining access control systems, whether traditional or MLbased, is crucial for long-term security. This involves modifying policy configurations or attributes to accommodate authorization changes. RBAC tasks include managing permissions, roles, and hierarchies [11,84,86]. ABAC involves adjusting attributes and rules [57,85], while ReBAC requires managing relationships and policies [27,91]. These issues are well-studied in traditional models.
ML-based access control introduces new challenges, such as updating ML models and access information. Nobi et al. [80] defined administration requirements for ML-based systems and proposed updating methods. Further investigation is needed to address remaining challenges.
Adversarial attacks are a common concern for ML-based systems. An adversary can obtain unwarranted decisions [9] by fooling the network with adversarial samples indistinguishable from natural ones [100]. In ML-based access control, adversarial attacks can force systems to grant unauthorized access. Attackers can trick the system by providing manipulated user and resource information. Additionally, attribute-hiding attacks may occur, where attackers hide or remove portions of their information to secure access. Nobi et al. [81] explored this issue, demonstrating that access to ML models creates potential for adversarial attacks. They showed that such attacks can be mitigated using access control-specific constraints, but their work is limited to scenarios where attackers cannot access the deployed ML model. No other methods addressing adversarial issues in access control were found.
Therefore, it is crucial to investigate adversarial attacks more thoroughly from an access control perspective and develop solutions to protect systems against these vulnerabilities.
Ground truth information is crucial for evaluating access control applications like role mining and policy mining, especially for MLbased methods [74]. However, few high-quality datasets are available, and existing ones are often imbalanced [30,79] and lack sufficient information [46]. This makes designing effective systems challenging. Researchers address this by using data preprocessing [67], data augmentation [3,4,101], and synthetic datasets [98]. A hybrid approach combining real-world and synthetic datasets is also common [17,56,60,79].
Despite the rise in ML applications for access control, the lack of quality datasets from real-world organizations remains a significant obstacle. Many datasets are anonymous or incomplete and lack the necessary semantics and granularity [74]. High-quality datasets are essential for advancing ML-based access control.
In access control, an ML model is over-provisioned if it is biased toward granting unauthorized access. Conversely, it is under-provisioned if it denies desired access. Both can be measured quantitatively as high FPR and low TPR, respectively [79]. These biases often arise from imbalanced training data or improper ML model design.
For example, the Amazon dataset [58] contains two years of historical access data, where employees were manually allowed or denied access to resources. The data is highly imbalanced, with over 90% of requests granted access [30,79]. This disproportionate training data biases the model towards granting access [79]. Bias can also result from poor ML model/algorithm design. Therefore, understanding the characteristics of training data and ML algorithms is crucial for developing a fair and reliable system [70]. Additionally, besides evaluating access control decisions, it is important to assess fairness performance and establish a feedback loop [31,79].
A reliable system design is ensured through rigorous testing and verification. Testing evaluates a system under various conditions to observe behavior and detect errors, while verification ensures the system does not misbehave under general circumstances [43]. In access control, policies are verified and tested similarly to software functionality [50]. Ensuring correct access control decisions is complex and requires significant effort. Failure to verify the system's correctness can lead to serious consequences, such as overprovision, under-provision, and adversarial attacks. This area is well-studied for traditional access control systems, with established verification methods [49,64].
When ML is applied, performance is measured using unseen data to test model correctness. However, this method cannot identify all possible misclassifications, and the impact of misclassification varies across domains. For example, granting unauthorized access can be more costly than denying legitimate access in access control. Therefore, comprehensive verification is crucial before deploying ML-assisted access control systems. While there are methods to verify ML models automatically [66], each has its pros and cons. Further research is needed to design a systematic verification and testing framework for ML and access control.
This work comprehensively explores the exciting intersection of access control and machine learning. We propose a taxonomy of machine learning for access control and discuss each approach within this framework. Our findings reveal that machine learning is making significant strides in various areas of access control, including attribute engineering, policy mining, and access control policy verification. We also examine efforts to use trained machine learning models to make access control decisions, replacing traditional written policies. These models offer robust and generalized decisionmaking, though they often lack transparency in how decisions are made. Additionally, we outline publicly available real-world datasets used in machine learning-based access control research.
Finally, we share our observations and vision regarding open challenges in the domain, providing potential guidelines to overcome them. This work aims to shed light on the promising future of machine learning in access control and inspire further research and innovation.
Conference'17, July 2017, Washington, DC, USA Anon.