Skip to main content
SpringerLink
Log in

Studies on Multi-objective Role Mining in ERP Systems

  • Conference paper
Evolutionary Computation in Combinatorial Optimization (EvoCOP 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14632))

  • 44 Accesses

Abstract

A common concept to ensure the security of IT systems, in which multiple users share access to common resources, is Role Based Access Control (RBAC). Permissions, which correspond to the authorization to perform an operation on a data or business object are grouped into roles. These roles are then assigned to users. The corresponding optimization problem, the so-called Role Mining Problem (RMP), aims at finding a role concept comprising a minimal set of such roles and was shown to be NP-complete. However, in real-world role mining scenarios, it is typically the case that, besides the number of roles, further key figures must be consulted in order to adequately evaluate role concepts. Therefore, in this paper, the RMP is extended to a multi-objective (MO) optimization problem. Potential optimization objectives are discussed in the context of Enterprise Resource Planning (ERP) systems. Furthermore, it is shown, how evolutionary algorithms for the RMP can be adapted to meet the requirements of MO role mining. Based on this, the integration of different optimization objectives is examined and evaluated in a series of experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. PwC, PwC’s Global Economic Crime and Fraud Survey 2022. PricewaterhouseCoopers (2022)

    Google Scholar 

  2. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  3. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem. In: Proceedings of the 12th ACM SACMAT, Sophia Antipolis, France, 20–22 June 2007, pp. 175–184 (2007)

    Google Scholar 

  4. Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of the ACM SAC, Sierre, Switzerland, 22–26 March 2010, pp. 1958–1962 (2010)

    Google Scholar 

  5. Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17714-9_13

    Chapter  Google Scholar 

  6. Molloy, I.M., et al.: Evaluating role mining algorithms. In: Proceedings ACM SACMAT 2009, Stresa, Italia, 3–5 June 2009, pp. 95–104 (2009)

    Google Scholar 

  7. Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings ACM SACMAT 2005, pp. 168–176. ACM Press, New York (2005)

    Google Scholar 

  8. Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2010)

    Article  Google Scholar 

  9. Huang, H., Shang, F., Liu, J., Du, H.: Handling least privilege problem and role mining in RBAC. J. Comb. Optim. 30(1), 63–86 (2015)

    Article  MathSciNet  Google Scholar 

  10. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies - SACMAT 2008, pp. 1–10. ACM Press, New York (2008)

    Google Scholar 

  11. Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of the ACM Symposium on Access Control Models and Technologies - SACMAT 2007, pp. 139–144. ACM Press, New York (2007)

    Google Scholar 

  12. Zhang, D., Ramamohanarao, K., Versteeg, S., Zhang, R.: Graph based strategies to role engineering. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW 2010, pp. 1–4. ACM Press, New York (2010)

    Google Scholar 

  13. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: A survey of role mining. ACM Comput. Surv. 48(4), 1–37 (2016)

    Article  Google Scholar 

  14. Saenko, I., Kotenko, I.: Genetic algorithms for role mining problem. In: Proceedings of the 19th PDP 2011, Ayia Napa, Cyprus, 9–11 February 2011, pp. 646–650 (2011)

    Google Scholar 

  15. Du, X., Chang, X.: Performance of AI algorithms for mining meaningful roles. In: Proceedings of the IEEE Congress on Evolutionary Computation, CEC 2014, Beijing, China, 6–11 July 2014, pp. 2070–2076 (2014)

    Google Scholar 

  16. Anderer, S., Kreppein, D., Scheuermann, B., Mostaghim, S.: The addRole-EA: a new evolutionary algorithm for the role mining problem. In: Proceedings of the 12th IJCCI 2020, Budapest, Hungary, 2–4 November 2020, pp. 155–166 (2020)

    Google Scholar 

  17. Anderer, S., Scheuermann, B., Mostaghim, S., Bauerle, P., Beil, M.: RMPlib: a library of benchmarks for the role mining problem. In: SACMAT 2021: Proceedings of the 26th ACM SACMAT, Virtual Event, Spain, 16–18 June 2021, pp. 3–13 (2021)

    Google Scholar 

  18. Anderer, S., Alpay, S., Scheuermann, B., Mostaghim, S.: On using authorization traces to support role mining with evolutionary algorithms. In: Proceedings of the 14th IJCCI 2022, Valletta, Malta, 24–26 October 2022, pp. 121–132 (2022)

    Google Scholar 

  19. Islam, A.K., et al.: Fraud detection in ERP systems using scenario matching. In: Security and Privacy - Silver Linings in the Cloud - Proceedings of the 25th IFIP TC-11 International Information Security Conference, SEC 2010, Held as Part of WCC 2010, Brisbane, Australia, 20–23 September 2010, vol. 330, pp. 112–123 (2010)

    Google Scholar 

  20. Saenko, I., Kotenko, I.: Using genetic algorithms for design and reconfiguration of RBAC schemes. In: Proceedings of the 1st International Workshop on AI for Privacy and Security, PrAISe@ECAI 2016, The Hague, Netherlands, 29–30 August 2016, pp. 1–9 (2016)

    Google Scholar 

  21. Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC), Fortaleza, Ceara, Brazil, 16–20 March 2008, pp. 2129–2136 (2008)

    Google Scholar 

  22. Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th ACM SACMAT, Newark, NJ, USA, 20–22 June 2012, pp. 57–66 (2012)

    Google Scholar 

  23. Molloy, I.M., et al.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM SACMAT, Estes Park, CO, USA, 11–13 June 2008, pp. 21–30 (2008)

    Google Scholar 

  24. Molloy, I.M., et al.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 1–35 (2010)

    Google Scholar 

  25. Stoller, S.D., Bui, T.: Mining hierarchical temporal roles with multiple metrics. J. Comput. Secur. 121–142 (2018)

    Google Scholar 

  26. Deb, K., Pratap, A., Agarwal, S.: A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6(2), 182–197 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SIVIS GmbH, Grünhutstraße 6, 76187, Karlsruhe, Germany

    Simon Anderer

  2. Karlsruhe University of Applied Sciences, 76133, Karlsruhe, Germany

    Bernd Scheuermann

  3. Otto-von-Guericke-Universität Magdeburg, Magdeburg, Germany

    Sanaz Mostaghim

Authors
  1. Simon Anderer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bernd Scheuermann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sanaz Mostaghim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simon Anderer .

Editor information

Editors and Affiliations

  1. IRIDIA, Université libre de Bruxelles, Brussels, Belgium

    Thomas Stützle

  2. Monash University, Clayton, VIC, Australia

    Markus Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Cite this paper

Anderer, S., Scheuermann, B., Mostaghim, S. (2024). Studies on Multi-objective Role Mining in ERP Systems. In: Stützle, T., Wagner, M. (eds) Evolutionary Computation in Combinatorial Optimization. EvoCOP 2024. Lecture Notes in Computer Science, vol 14632. Springer, Cham. https://doi.org/10.1007/978-3-031-57712-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-57712-3_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-57711-6

  • Online ISBN: 978-3-031-57712-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation