English

EXTree: Towards Supporting Explainability in Attribute-based Access Control

Cryptography and Security 2026-04-15 v1

Abstract

With increasing emphasis on transparency in digital governance, users expect more than silence when their access requests are denied by a system. However, authorization methods are notorious for their inability to provide any form of meaningful feedback under such situations. This paper shows a direction towards how the problem of explainability can be mitigated in the context of Attribute-based Access Control (ABAC), arguably the most researched topic in access control in recent years. We introduce EXTree, which represents ABAC policies optimized for both fast evaluation (Efficiency) and human-centric feedback (Explainability) in the form of a tree. Two strategic dimensions are investigated, namely, Feedback Evaluation Strategies - how to craft actionable explanations when access is denied, and Tree Construction Strategies - how the policy trees should be structured for efficient yet interpretable decisions. Through extensive experiments, we compare entropy-based, changeability-based, and randomly generated trees across multiple configurations. Our results demonstrate that EXTree, built for efficiency and interpretability, can bridge the gap between complex authorization logic and human understanding.

Keywords

Cite

@article{arxiv.2604.12850,
  title  = {EXTree: Towards Supporting Explainability in Attribute-based Access Control},
  author = {Shanampudi Pranaya Chowdary and Shamik Sural},
  journal= {arXiv preprint arXiv:2604.12850},
  year   = {2026}
}
R2 v1 2026-07-01T12:09:03.423Z