Search papers, labs, and topics across Lattice.
This paper introduces EXTree, a tree-based representation of Attribute-Based Access Control (ABAC) policies optimized for both evaluation efficiency and explainability. They explore different feedback evaluation strategies for crafting actionable explanations for access denials and tree construction strategies to balance efficiency and interpretability. Experiments comparing entropy-based, changeability-based, and random tree construction demonstrate EXTree's ability to bridge the gap between complex authorization logic and human understanding.
Frustrated by opaque access control decisions? EXTree offers a path to human-understandable explanations for why your access was denied, without sacrificing performance.
With increasing emphasis on transparency in digital governance, users expect more than silence when their access requests are denied by a system. However, authorization methods are notorious for their inability to provide any form of meaningful feedback under such situations. This paper shows a direction towards how the problem of explainability can be mitigated in the context of Attribute-based Access Control (ABAC), arguably the most researched topic in access control in recent years. We introduce EXTree, which represents ABAC policies optimized for both fast evaluation (Efficiency) and human-centric feedback (Explainability) in the form of a tree. Two strategic dimensions are investigated, namely, Feedback Evaluation Strategies - how to craft actionable explanations when access is denied, and Tree Construction Strategies - how the policy trees should be structured for efficient yet interpretable decisions. Through extensive experiments, we compare entropy-based, changeability-based, and randomly generated trees across multiple configurations. Our results demonstrate that EXTree, built for efficiency and interpretability, can bridge the gap between complex authorization logic and human understanding.