Abstract
A number of privacy breaches have occurred in recent years, which has made people pay increased attention to the security of information systems. On the basis of this issue, role-based access control (RBAC) has been proposed and proven through practice to be able to effectively guarantee the security of user system data. But, in RBAC, role engineering is a complex process. To simplify the process, an auxiliary interactive question-and-answer (Q and A) algorithm was proposed based on attribute exploration (machines and humans learn knowledge interactively). the auxiliary interactive Q and A algorithm based on attribute exploration has some defects. It is not only unable to work with many people, but also has difficulty finding qualified Q and A experts in actual work. To address these problems, this paper proposes an attribute exploration-based Role discovery model. This model not only avoids the time-consuming process in role engineering, but also solves the problem of the auxiliary interactive Q and A based on attribute exploration being unable to support multi-person collaborative question–answering. Therefore, the model algorithm can be used for machine learning knowledge to assist people to solve the problem of cross-departmental role formulation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Alessandro C, Alberto O (2012) Role mining in business: taming role-based access control administration. World Sci. https://doi.org/10.1142/9789814366151_0003
Baader F, Sertkaya B (2004) Applying formal concept analysis to description logics Concept Lattices, Second International Conference on Formal Concept Analysis, ICFCA 2004. 2961:261–286
Bertino E (2003) Security RBAC models—concepts and trends. Comput Secur 22:511–514. https://doi.org/10.1016/S0167-4048(03)00609-6
Chen H-C (2019) Collaboration IoT-based RBAC with trust evaluation algorithm model for massive IoT integrated application. Mobile Netw Appl 24:839–852. https://doi.org/10.1007/s11036-018-1085-0
Cherukuri AK, Jonnalagadda A (2013) Exploring attributes with domain knowledge in formal concept analysis. J Comput Inform Technol 21:109. https://doi.org/10.2498/cit.1002114
Chuan-long Y, Yue-fei Z, Jin-long F, Xin-zheng H (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access J 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418
Deng H, Peng L, Zhang H, Yang B, Chen Z (2019) Ranking-based biased learning swarm optimizer for large-scale optimization. Inf Sci 493:120–137. https://doi.org/10.1016/j.ins.2019.04.037
Downs DD, Rub JR, Kung KC, Jordan CS (1985) Issues in discretionary access control. In: IEEE Symposium on Security and Privacy, 1985. IEEE, pp 208–208. https://doi.org/10.1109/SP.1985.10014
Ferraiolo D, Cugini J, Kuhn DR (1995) Role-based access control (RBAC): features and motivations. In: Proceedings of 11th annual computer security application conference. pp. 241–248
Ganter B, Wille R (2012) Formal concept analysis: mathematical foundations. Springer Science & Business Media, Berlin
Ganter B, Obiedkov S, Rudolph S, Stumme G (2016) Conceptual exploration. Springer. https://doi.org/10.1007/978-3-662-49291-8
Guang-Hui W (1996) Role-based access control models. IEEE Mag J 29:38–47. https://doi.org/10.1109/2.485845
Guigues J-L, Duquenne V (1986) Familles minimales d'implications informatives résultant d'un tableau de données binaires 95:5–18
Ho T (1995) An approach to concept formation based on formal concept analysis. IEICE Trans Inform Syst
Jiang Y, Lin C, Yin H, Tan Z (2004) Security analysis of mandatory access control model. In: IEEE International Conference on Systems. https://doi.org/10.1109/ICSMC.2004.1400987
Lakhal L, Stumme G (2005) Efficient mining of association rules based on formal concept analysis. Lect Notes Comput Sci 3626:180–195
Li J, Mei C, Cherukuri AK, Zhang X (2013) On rule acquisition in decision formal contexts. Intern J Mach Learn Cybernet 4:721. https://doi.org/10.1007/s13042-013-0150-z
Li J, Huang C, Mei C, Yin Y (2016) An intensive study on rule acquisition in formal decision contexts based on minimal closed label concept lattices. Intell Autom Soft Comput 23:1–15. https://doi.org/10.1080/10798587.2016.1212509
Ma J-M, Zhang W-X, Qian Y (2020) Dependence space models to construct concept lattices. Intern J Approx Reason 123:1. https://doi.org/10.1016/j.ijar.2020.04.004
Mi Y, Liu W, Shi Y, Li J (2020) Semi-supervised concept learning by concept-cognitive learning and concept space. IEEE Trans Knowl Data Eng 1–1. https://doi.org/10.1109/TKDE.2020.3010918
Michel MCK, King MC (2019) Cyber influence of human behavior: personal and national security, privacy, and fraud awareness to prevent harm. In: IEEE International Symposium on Technology and Society (ISTAS). https://doi.org/10.1109/ISTAS48451.2019.8938009
Molloy I et al (2010) Mining roles with multiple objectives. ACM Trans Inf Syst Secur 13:36. https://doi.org/10.1145/1880022.1880030
Obiedkov S, Kourie DG, Eloff JH (2009) Security building access control models with attribute exploration. Comput Secur 28:2–7. https://doi.org/10.1016/j.cose.2008.07.011
Pang Y, Peng L, Chen Z, Yang B, Zhang H (2019) Imbalanced learning based on adaptive weighting and Gaussian function synthesizing with an application on Android malware detection. Inf Sci 484:95–112. https://doi.org/10.1016/j.ins.2019.01.065
Qiu J, Tian Z, Du C, Zuo Q, Su S, Fang BJ (2020) A survey on access control in the age of internet of things. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.2969326
Sandhu RS, Samarati P (1994) Access control: principle and practice. Commun Mag IEEE. https://doi.org/10.1109/35312842
Sandhu R, Ferraiolo D, Kuhn R (2000) The NIST model for role-based access control: towards a unified standard. In: ACM workshop on Role-based access control, vol 344287.344301. https://doi.org/10.1145/344287.344301
Šrndić N, Laskov P (2016) Hidost: a static machine-learning-based detector of malicious files. EURASIP J Info Secur 2016:22. https://doi.org/10.1186/s13635-016-0045-0
Stumme G (1996) Attribute exploration with context implications and exceptions. In: Data analysis and information systems. Springer, Berlin. pp. 457–469. https://doi.org/10.1007/978-3-642-80098-6_39
Stumme G, Taouil R, Bastide Y, Pasquier N, Lakhal L (2001) Intelligent structuring and reducing of association rules with formal concept analysis. In: Annual Conference on Artificial Intelligence. Springer, pp. 335–350. https://doi.org/10.1007/3-540-45422-5_24
Vaidya J, Atluri V, Guo Q (2007) The role mining problem: finding a minimal descriptive set of roles. In: Proceedings of the 12th ACM symposium on Access control models and technologies. pp. 175–184. https://doi.org/10.1145/1266840.1266870
Wei L, Liu L, Qi J, Qian T (2019) Rules acquisition of formal decision contexts based on three-way concept lattices. Inform Sci 516:529–544. https://doi.org/10.1016/j.ins.2019.12.024
Zhang L, Xu C, Gao Y, Han Y, Du X, Tian Z (2020) Improved Dota2 lineup recommendation model based on a bidirectional LSTM. Tsinghua Sci Technol 25:712–720. https://doi.org/10.26599/TST.2019.9010065
Acknowledgements
This research was supported by National Natural Science Foundation of China (61701170); Scientific and technological project of Henan Province (Grant No. 202102310340); Foundation of University Young Key Teacher of Henan Province (Grant No. 2019GGJS040, 2020GGJS027); Key scientific research projects of colleges and universities in Henan Province (Grant No. 21A110005).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Shen, X., Yang, J., Zhang, L. et al. An interactive role learning and discovery model for multi-department RBAC building based on attribute exploration. J Ambient Intell Human Comput 13, 1373–1382 (2022). https://doi.org/10.1007/s12652-020-02634-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02634-3