Cao Thang Bui
Biography
Dr. Cao Thang Bui is an Assistant Professor in the School of Computing and Design at California State University, Monterey Bay. He received his Ph.D. in Computer Science from Stony Brook University in 2021, specializing in access control and cybersecurity under the guidance of Professor Scott D. Stoller. His research focuses on attribute-based and relationship-based access control, policy mining, and cybersecurity education, with publications in top venues such as SACMAT and Computers & Security.
Dr. Bui has secured multiple grants, including NSF and institutional funding, to support student success and cybersecurity initiatives. Before joining CSUMB, he served as an Assistant Professor and Interim Program Director at West Virginia University Institute of Technology. He is also active in mentoring undergraduate research, advising student clubs, and organizing outreach activities to promote diversity in STEM.
Research Interest
Cybersecurity, Access Control Models (Attribute-Based and Relationship-Based), Policy Mining, Artificial Intelligence and Machine Learning for Security, Network and Systems Security, Cybersecurity Education, and Data Privacy.
Abstract
AI for Access Control Policy Mining: Challenges and Opportunities
Access control plays a central role in securing modern information systems, but designing
effective policies remains a difficult and time-consuming task. Traditional policy mining
approaches face challenges such as limited datasets, incomplete information, and the
difficulty of balancing accuracy with interpretability. These obstacles make it difficult to
develop policies that are both precise and understandable, particularly in large or dynamic
systems.
Recent advances in AI provide new opportunities to address these challenges. AI methods
can assist in discovering patterns in permissions, generating candidate policies, and
refining rules to achieve greater accuracy and clarity. Moreover, AI can help automate parts
of the policy mining workflow, reducing manual effort and enabling researchers and
practitioners to handle more complex systems. At the same time, introducing AI into this
process brings new challenges: ensuring correctness, avoiding overfitting to noisy data,
and maintaining transparency and trustworthiness in AI-assisted policy generation.
This talk will explore the promise and pitfalls of applying AI to the policy mining problem.
We will discuss how AI techniques can support the discovery of high-level access control
rules, highlight the risks of relying on opaque models in security-critical contexts, and
outline future directions for integrating AI into access control research and practice.
