AI-Enabled Access Control Models:  (Jointly with Dr. Chirantana Mallick)

AI-enabled attribute-based access control (ABAC) is a next-generation security approach that takes access control to a new level. It leverages the power of artificial intelligence (AI) to dynamically grant or deny access to resources based on a rich set of attributes associated with users, resources, and the environment.

Here’s how it works:

Attribute-based decision-making: Instead of relying on predefined roles or groups, ABAC considers a variety of attributes like user location, device type, time of day, data sensitivity, and even user behavior patterns.

  • AI-powered analysis: AI algorithms analyze these attributes in real-time, learning from past access requests and security incidents to identify potential threats and suspicious activity.
  • Dynamic policy enforcement: Based on the AI analysis, ABAC policies are dynamically adjusted to grant or deny access with greater precision and granularity.

Benefits of AI-enabled ABAC:

  • Enhanced security: By considering a wider range of factors, AI-enabled ABAC can detect and prevent unauthorized access attempts more effectively than traditional methods.
  • Reduced false positives: The AI’s ability to learn and adapt minimizes the risk of accidentally blocking legitimate users.
  • Improved user experience: Granular access control allows for more flexible and convenient access for authorized users.
  • Simplified administration: AI can automate tasks like policy creation and analysis, reducing the burden on security teams.

Here are some real-world applications of AI-enabled ABAC:

  • Securing access to sensitive data: A healthcare organization might use ABAC to grant access to patient records only to authorized medical professionals based on their role, location, and device security posture.
  • Protecting cloud environments: A cloud provider might use ABAC to control access to virtual machines based on user attributes and the specific resources being accessed.
  • Securing IoT devices: In an industrial setting, ABAC could be used to grant access to control systems only to authorized devices based on their type, security patch level, and location.

Challenges and considerations:

  • Data privacy: AI-enabled ABAC relies on collecting and analyzing a significant amount of user data, which raises concerns about privacy and potential misuse.
  • Explainability and transparency: It’s important to ensure that the AI’s decision-making process is transparent and understandable to users and administrators.
  • False negatives: While AI can improve accuracy, there’s still a risk of false negatives, where genuine users are denied access due to errors in the AI model.