Ph.D: Department of Computer Science and Engineering, IIT Kharagpur, India
Google Scholar: https://scholar.google.com/citations?user=DTnEdZAAAAAJ
Ph.D.: Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, India
M.E.: Department of Computer Science and Engineering, Jadavpur University, Kolkata, India
Jan 2021 – Present: Assistant Professor, JIS Institute of Advanced Studies and Research, Kolkata, India
Sep 2020 – Jan 2021: Pandit Deendayal Petroleum University, Gandhinagar, India
Access Control Models, Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), Policy Engineering in ABAC, Computer Security, System Security, Blockchain Technology
The goal of access control is to minimize the security risk of unauthorized access to physical and logical systems. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. Most organizations have infrastructure and procedures that limit access to networks, computer systems, applications, files and sensitive data, such as personally identifiable information (PII) and intellectual property.
Attribute-Based Access Control:
Attribute-Based Access Control (ABAC) has recently been proposed to enforce secure access to resources in a dynamic environment. In ABAC, access decisions are based on the values of a set of attributes, each of which is a specific feature of a subject, object or environment, and a set of rules, collectively referred to as the organizational ABAC policy. ABAC considers contextual information while making an access decision. Since the access decisions are not based on the identity of the users, ABAC is suitable in scenarios where all the users are not known beforehand. This encourages, and often necessitates organizations to migrate to ABAC from their traditional access control systems. An organization intending to migrate needs an ABAC policy. The process of constructing an ABAC policy, known as policy engineering, has been identified as one of the most challenging and costliest components in implementing ABAC.
My research involves algorithmic designing of ABAC policies that fulfill certain objectives. Based on the objectives there are multiple directions of research. Few of the directions are enlisted below:
- The constructed policy should satisfy the “Principle of least privileges”, i.e., it should not allow any unauthorized access to the organizational resources.
- The time required to construct an ABAC policy should be reasonable. It has been shown in the literature that the problem of constructing an ABAC policy is NP-Complete. Therefore, our objective is to design effective approximation algorithms that enable us to construct an ABAC policy in polynomial time.
- Another direction of research is to construct the ABAC policies in such a form that it ensures faster access decisions. This involves organizing the policies into suitable data structures.
- Utilization of various machine learning tools in policy engineering for ABAC.
Awards & Achievements:
- MHRD Doctoral Scholarship (July 2015 – July 2020), MHRD, Govt. of India.
- MHRD Post-graduate Scholarship (July 2013 – June 2015), MHRD, Govt. of India.
- All India Rank 976 (percentile 99.56) in GATE (Computer Science) – 2013, India.
- Das, B. Mitra, V. Atluri, J. Vaidya, and S. Sural, “Policy Engineering in RBAC and ABAC”, in From Database to Cyber Security, vol. 11170, Springer, 2018, pp. 24–54
- Das, S. Sural, J. Vaidya, and V. Atluri, “HyPE: A Hybrid Approach toward Policy Engineering in Attribute-Based Access Control”, in IEEE Letters of the Computer Society (LOCS), vol. 1, IEEE, 2018, pp. 25–29
- Das, S. Sural, J. Vaidya, and V. Atluri, “Policy Adaptation in Hierarchical Attribute-based Access Control Systems”, ACM Transactions on Internet Technology (TOIT), vol. 19, no. 3, pp. 40–1, 2019
- Das, S. Sural, J. Vaidya, and V. Atluri, “Central Attribute Authority (CAA): A Vision for Seamless Sharing of Organizational Resources”, in IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), IEEE, 2019, pp. 209–217
- Das, S. Sural, J. Vaidya, V. Atluri, and G. Rigoll, “VisMAP: Visual Mining of Attribute-Based Access Control Policies”, in International Conference on Information Systems Security (ICISS), Springer, 2019, pp. 79–98
- Meshram, S. Das, S. Sural, J. Vaidya, and V. Atluri, “ABACaaS: Attribute-Based Access Control as a Service”, in ACM Conference on Data and Application Security and Privacy (CODASPY), ACM, 2019, pp. 153–155
- Nath, S. Das, S. Sural, J. Vaidya, and V. Atluri, “PolTree: A Data Structure for Making Efficient Access Decisions in ABAC”, in ACM Symposium on Access Control Models and Technologies (SACMAT), ACM, 2019, pp. 25–35
- Das, S. Sural, J. Vaidya, and V. Atluri, “Using Gini Impurity to Mine Attribute-based Access Control Policies with Environment Attributes”, in ACM Symposium on Access Control Models and Technologies (SACMAT), ACM, 2018, pp. 213–215
- Das, S. Sural, J. Vaidya, and V. Atluri, “Policy Adaptation in Attribute-Based Access Control for Inter-Organizational Collaboration”, in IEEE International Conference on Collaboration and Internet Computing (CIC), IEEE, 2017, pp. 136–145