Evolutionary Inference of Attribute-based Access Control Policies Eric Medvet1 , Alberto Bartoli1 , Barbara Carminati2 , and Elena Ferrari2 2

A

1 Dip. di Ingegneria e Architettura, Universit` a degli Studi di Trieste, Italy Dip. di Scienze Teoriche e Applicate, Universit` a degli Studi dell’Insubria, Italy

Appendix: Genetic operators

The mutation operators are the following, given a parent rule ρ = heU , eR , O, ci— for the operators described using the placeholder ∗, the operator is actually applied with ∗ = U or ∗ = R with equal probability. Attribute expression addition An a∗ ∈ A∗ is randomly chosen such that e∗ (a∗ ) = >, then e∗ (a∗ ) := {v} with v randomly chosen in V∗ (a∗ ), if a∗ ∈ A∗,1 , or e∗ (a∗ ) := {s} with s randomly chosen in Set(V∗ (a∗ )), if a∗ ∈ A∗,∞ . Attribute expression removal An a∗ ∈ A∗ is randomly chosen such that e∗ (a∗ ) 6= >, then e∗ (a∗ ) := >. Single-valued addition An a∗,1 ∈ A∗,1 is randomly chosen such that e∗ (a∗,1 ) 6= >, then e∗ (a∗,1 ) := e∗ (a∗,1 )∪v with v randomly chosen in V∗ (a∗,1 )\e∗ (a∗,1 ). Single-valued removal An a∗,1 ∈ A∗,1 is randomly chosen such that e∗ (a∗,1 ) 6= >, then e∗ (a∗,1 ) := e∗ (a∗,1 )\v with v randomly chosen in e∗ (a∗,1 ); if e∗ (a∗,1 ) becomes empty, then e∗ (a∗,1 ) := >. Multi-valued addition An a∗,∞ ∈ A∗,∞ is randomly chosen such that e∗ (a∗,∞ ) 6= > and a set s ∈ e∗ (a∗,∞ ) is randomly chosen, then s := s∪v with v randomly chosen in V∗ (a∗,∞ ) \ s. Multi-valued removal An a∗,∞ ∈ A∗,∞ is randomly chosen such that e∗ (a∗,∞ ) 6= > and a set s ∈ e∗ (a∗,∞ ) is randomly chosen, then s := s\v with v randomly chosen in s; if s becomes empty, then it is removed from e∗ (a∗,∞ ), if e∗ (a∗,∞ ) becomes empty, then e∗ (a∗,∞ ) := >. Constraint addition A pair aU , aR ∈ AU × AR is randomly chosen such that c(aU , aR ) = > and VU (aU ) ∩ VR (aR ) 6= ∅ (i.e., aU and aR have some values in common), then c(aU , aR ) := ¬>. Constraint removal A pair aU , aR ∈ AU × AR is randomly chosen such that c(aU , aR ) = ¬>, then c(aU , aR ) := >. Operation addition An operation o ∈ O is randomly chosen such that o ∈ / O, then O := O ∪ {o}. Operation removal An operation o ∈ O is randomly chosen such that o ∈ O, then O := O \ {o}. The crossover operators are the following, given two parent rules ρ1 = heU,1 , eR,1 , O1 , c1 i and ρ2 = heU,2 , eR,2 , O2 , c2 i. The child rule is ρ1 after the actual application of the operator.

2

Eric Medvet, Alberto Bartoli, Barbara Carminati, and Elena Ferrari

Attribute expression donation An a∗ ∈ A∗ is randomly chosen such that e∗,1 (a∗ ) = > ∧ e∗,2 (a∗ ) 6= >, then e∗,1 (a∗ ) := e∗,2 (a∗ ). Single-valued donation An a∗,1 ∈ A∗,1 is randomly chosen such that e∗,1 (a∗,1 ) 6= > ∧ e∗,2 (a∗,1 ) 6= >, then e∗,1 (a∗,1 ) := e∗,1 (a∗,1 ) ∪ v with v randomly chosen in e∗,2 (a∗,1 ). Multi-valued donation An a∗,∞ ∈ A∗,∞ is randomly chosen such that e∗,1 (a∗,∞ ) 6= > ∧ e∗,2 (a∗,∞ ) 6= > and two sets s1 ∈ e∗,1 (a∗,∞ ), s2 ∈ e∗,2 (a∗,∞ ) are randomly chosen, then s1 ∪ v with v randomly chosen in s2 . Constraint donation A pair aU , aR ∈ AU × AR is randomly chosen such that c1 (aU , aR ) = > ∧ c2 (aU , aR ) = ¬>, then c1 (aU , aR ) := c2 (aU , aR ). Operation donation An operation o ∈ O2 is randomly chosen such that o ∈ / O1 , then O1 := O1 ∪ {o}. When a genetic operator cannot be applied (e.g., when O1 = O for the operation donation crossover operator), the generated rule is set equal to the (first) parent.