Abstract
A common concept to ensure the security of IT systems, in which multiple users share access to common resources, is Role Based Access Control (RBAC). Permissions, which correspond to the authorization to perform an operation on a data or business object are grouped into roles. These roles are then assigned to users. The corresponding optimization problem, the so-called Role Mining Problem (RMP), aims at finding a role concept comprising a minimal set of such roles and was shown to be NP-complete. However, in real-world role mining scenarios, it is typically the case that, besides the number of roles, further key figures must be consulted in order to adequately evaluate role concepts. Therefore, in this paper, the RMP is extended to a multi-objective (MO) optimization problem. Potential optimization objectives are discussed in the context of Enterprise Resource Planning (ERP) systems. Furthermore, it is shown, how evolutionary algorithms for the RMP can be adapted to meet the requirements of MO role mining. Based on this, the integration of different optimization objectives is examined and evaluated in a series of experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
PwC, PwC’s Global Economic Crime and Fraud Survey 2022. PricewaterhouseCoopers (2022)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem. In: Proceedings of the 12th ACM SACMAT, Sophia Antipolis, France, 20–22 June 2007, pp. 175–184 (2007)
Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of the ACM SAC, Sierre, Switzerland, 22–26 March 2010, pp. 1958–1962 (2010)
Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17714-9_13
Molloy, I.M., et al.: Evaluating role mining algorithms. In: Proceedings ACM SACMAT 2009, Stresa, Italia, 3–5 June 2009, pp. 95–104 (2009)
Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings ACM SACMAT 2005, pp. 168–176. ACM Press, New York (2005)
Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2010)
Huang, H., Shang, F., Liu, J., Du, H.: Handling least privilege problem and role mining in RBAC. J. Comb. Optim. 30(1), 63–86 (2015)
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies - SACMAT 2008, pp. 1–10. ACM Press, New York (2008)
Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of the ACM Symposium on Access Control Models and Technologies - SACMAT 2007, pp. 139–144. ACM Press, New York (2007)
Zhang, D., Ramamohanarao, K., Versteeg, S., Zhang, R.: Graph based strategies to role engineering. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW 2010, pp. 1–4. ACM Press, New York (2010)
Mitra, B., Sural, S., Vaidya, J., Atluri, V.: A survey of role mining. ACM Comput. Surv. 48(4), 1–37 (2016)
Saenko, I., Kotenko, I.: Genetic algorithms for role mining problem. In: Proceedings of the 19th PDP 2011, Ayia Napa, Cyprus, 9–11 February 2011, pp. 646–650 (2011)
Du, X., Chang, X.: Performance of AI algorithms for mining meaningful roles. In: Proceedings of the IEEE Congress on Evolutionary Computation, CEC 2014, Beijing, China, 6–11 July 2014, pp. 2070–2076 (2014)
Anderer, S., Kreppein, D., Scheuermann, B., Mostaghim, S.: The addRole-EA: a new evolutionary algorithm for the role mining problem. In: Proceedings of the 12th IJCCI 2020, Budapest, Hungary, 2–4 November 2020, pp. 155–166 (2020)
Anderer, S., Scheuermann, B., Mostaghim, S., Bauerle, P., Beil, M.: RMPlib: a library of benchmarks for the role mining problem. In: SACMAT 2021: Proceedings of the 26th ACM SACMAT, Virtual Event, Spain, 16–18 June 2021, pp. 3–13 (2021)
Anderer, S., Alpay, S., Scheuermann, B., Mostaghim, S.: On using authorization traces to support role mining with evolutionary algorithms. In: Proceedings of the 14th IJCCI 2022, Valletta, Malta, 24–26 October 2022, pp. 121–132 (2022)
Islam, A.K., et al.: Fraud detection in ERP systems using scenario matching. In: Security and Privacy - Silver Linings in the Cloud - Proceedings of the 25th IFIP TC-11 International Information Security Conference, SEC 2010, Held as Part of WCC 2010, Brisbane, Australia, 20–23 September 2010, vol. 330, pp. 112–123 (2010)
Saenko, I., Kotenko, I.: Using genetic algorithms for design and reconfiguration of RBAC schemes. In: Proceedings of the 1st International Workshop on AI for Privacy and Security, PrAISe@ECAI 2016, The Hague, Netherlands, 29–30 August 2016, pp. 1–9 (2016)
Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC), Fortaleza, Ceara, Brazil, 16–20 March 2008, pp. 2129–2136 (2008)
Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th ACM SACMAT, Newark, NJ, USA, 20–22 June 2012, pp. 57–66 (2012)
Molloy, I.M., et al.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM SACMAT, Estes Park, CO, USA, 11–13 June 2008, pp. 21–30 (2008)
Molloy, I.M., et al.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 1–35 (2010)
Stoller, S.D., Bui, T.: Mining hierarchical temporal roles with multiple metrics. J. Comput. Secur. 121–142 (2018)
Deb, K., Pratap, A., Agarwal, S.: A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6(2), 182–197 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Anderer, S., Scheuermann, B., Mostaghim, S. (2024). Studies on Multi-objective Role Mining in ERP Systems. In: Stützle, T., Wagner, M. (eds) Evolutionary Computation in Combinatorial Optimization. EvoCOP 2024. Lecture Notes in Computer Science, vol 14632. Springer, Cham. https://doi.org/10.1007/978-3-031-57712-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-57712-3_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57711-6
Online ISBN: 978-3-031-57712-3
eBook Packages: Computer ScienceComputer Science (R0)