skip to main content
10.1145/1809842.1809851acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

On the definition of role mining

Published: 11 June 2010 Publication History

Abstract

There have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for role mining, the existing definitions of role mining, and the methods used to assess role mining results. Given basic assumptions on how access-control configurations are generated, we propose a novel definition of the role mining problem that fulfills the requirements that real-world enterprises typically have. In this way, we recast role mining as a prediction problem.

References

[1]
A. Colantonio, R. Di Pietro, and A. Ocello. A cost-driven approach to role engineering. In SAC '08, volume 3, pages 2129--2136, Fortaleza, Brazil, 2008.
[2]
A. Colantonio, R. Di Pietro, and A. Ocello. Leveraging lattices to improve role mining. In SEC '08, volume 278, pages 333--347, 2008.
[3]
A. Colantonio, R. Di Pietro, A. Ocello, and N. V. Verde. A formal framework to elicit roles with business meaning in RBAC systems. In SACMAT '09, 2009.
[4]
A. Colantonio, R. Di Pietro, A. Ocello, and N. V. Verde. Mining stable roles in RBAC. In SEC '09, volume 297, pages 259--269, 2009.
[5]
E. J. Coyne. Role engineering. In RBAC '95, page 4, New York, NY, USA, 1996. ACM.
[6]
A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. Fast exact and heuristic methods for role minimization problems. In SACMAT '08, pages 1--10, New York, NY, USA, 2008.
[7]
P. Epstein and R. Sandhu. Engineering of role/permission assignments. In ACSAC '01, page 127, Washington, DC, USA, 2001. IEEE Computer Society.
[8]
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224--274, 2001.
[9]
M. Frank, D. Basin, and J. M. Buhmann. A class of probabilistic models for role engineering. In CCS '08, pages 299--310, New York, NY, USA, 2008. ACM.
[10]
M. Frank, A. P. Streich, D. Basin, and J. M. Buhmann. A probabilistic approach to hybrid role mining. In CCS '09, pages 101--111, New York, NY, USA, 2009. ACM.
[11]
L. Fuchs and G. Pernul. Hydro -- hybrid development of roles. In ICISS '08, pages 287--302, Berlin, Heidelberg, 2008. Springer-Verlag.
[12]
J. Grabmeier and A. Rudolph. Techniques of cluster algorithms in data mining. Data Mining and Knowledge Discovery, 6(4):303--360, 2002.
[13]
Q. Guo, J. Vaidya, and V. Atluri. The role hierarchy mining problem: Discovery of optimal role hierarchies. In ACSAC '08, pages 237--246, Washington, DC, USA, 2008. IEEE Computer Society.
[14]
T. Hastie, R. Tibshirani, and J. Friedman. The Elements of Statistical Learning. Springer Series in Statistics. Springer, 2001.
[15]
M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining -- revealing business roles for security administration using data mining technology. In SACMAT '03, pages 179--186, New York, NY, USA, 2003. ACM.
[16]
N. Li, T. Li, I. Molloy, Q. Wang, E. Bertino, S. Calo, and J. Lobo. Role mining for engineering and optimizing role based access control systems. Technical report, November 2007.
[17]
H. Lu, J. Vaidya, and V. Atluri. Optimal Boolean matrix decomposition: Application to role engineering. In ICDE '08, pages 297--306, Washington, DC, USA, 2008. IEEE Computer Society.
[18]
G. Markowsky. Ordering d-classes and computing Schein rank is hard. Semi-group Forum, 44, pages 373--375, 1992.
[19]
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with semantic meanings. In SACMAT '08, pages 21--30, New York, NY, USA, 2008. ACM.
[20]
I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo. Evaluating role mining algorithms. In SACMAT '09, pages 95--104, New York, NY, USA, 2009. ACM.
[21]
J. Schlegelmilch and U. Steffens. Role mining with ORCA. In SACMAT '05, pages 168--176, New York, NY, USA, 2005. ACM.
[22]
A. P. Streich, M. Frank, D. Basin, and J. M. Buhmann. Multi-assignment clustering for Boolean data. In ICML '09, pages 969--976, New York, NY, USA, 2009. ACM.
[23]
H. Takabi and J. Joshi. StateMiner: An efficient similarity-based approach for optimal mining of role hierarchy. In CCS '09, Poster Session, 2009.
[24]
R. Thion. Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d'accès. INFORSID'07, pages 139--154, May 2007.
[25]
J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: finding a minimal descriptive set of roles. In SACMAT '07, pages 175--184, New York, NY, USA, 2007. ACM.
[26]
J. Vaidya, V. Atluri, Q. Guo, and N. Adam. Migrating to optimal RBAC with minimal perturbation. In SACMAT '08, pages 11--20, New York, NY, USA, 2008. ACM.
[27]
J. Vaidya, V. Atluri, and J. Warner. Roleminer: mining roles using subset enumeration. In CCS '06, pages 144--153, New York, NY, USA, 2006. ACM.
[28]
J. Vaidya, V. Atluri, J. Warner, and Q. Guo. Role engineering via prioritized subset enumeration. IEEE Transactions on Dependable and Secure Computing, 99, 2008.
[29]
D. Zhang, K. Ramamohanarao, and T. Ebringer. Role engineering using graph optimisation. In SACMAT '07, pages 139--144, New York, NY, USA, 2007. ACM.
[30]
D. Zhang, K. Ramamohanarao, T. Ebringer, and T. Yann. Permission set mining: Discovering practical and useful roles. In ACSAC '08, pages 247--256, Washington, DC, USA, 2008. IEEE Computer Society.
[31]
D. Zhang, K. Ramamohanarao, S. Versteeg, and R. Zhang. Rolevat: Visual assessment of practical need for role based access control. In ACSAC '09, pages 13--22, Los Alamitos, CA, USA, 2009. IEEE Computer Society.

Cited By

View all
  • (2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
  • (2019)The Next 700 Policy MinersProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3354196(95-112)Online publication date: 6-Nov-2019
  • (2018)Genetic algorithms for role mining in critical infrastructure data spacesProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3205651.3208283(1688-1695)Online publication date: 6-Jul-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
June 2010
212 pages
ISBN:9781450300490
DOI:10.1145/1809842
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. RBAC
  2. role engineering
  3. role mining

Qualifiers

  • Research-article

Conference

SACMAT'10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)23
  • Downloads (Last 6 weeks)6
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
  • (2019)The Next 700 Policy MinersProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3354196(95-112)Online publication date: 6-Nov-2019
  • (2018)Genetic algorithms for role mining in critical infrastructure data spacesProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3205651.3208283(1688-1695)Online publication date: 6-Jul-2018
  • (2018)Minimizing Privilege Assignment Errors in Cloud ServicesProceedings of the Eighth ACM Conference on Data and Application Security and Privacy10.1145/3176258.3176307(2-12)Online publication date: 13-Mar-2018
  • (2018)Genetic Algorithms for Solving Problems of Access Control Design and Reconfiguration in Computer NetworksACM Transactions on Internet Technology10.1145/309389818:3(1-21)Online publication date: 6-Mar-2018
  • (2017)A Survey on Access Control Mechanisms in E-commerce EnvironmentsProceedings of the 8th Balkan Conference in Informatics10.1145/3136273.3136288(1-6)Online publication date: 20-Sep-2017
  • (2017)Administrating role-based access control by genetic algorithmsProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3082509(1463-1470)Online publication date: 15-Jul-2017
  • (2017)Efficient Role Mining for Context-Aware Service Recommendation Using a High-Performance ClusterIEEE Transactions on Services Computing10.1109/TSC.2015.248598810:6(914-926)Online publication date: 1-Nov-2017
  • (2016)Using Genetic Algorithms for Design and Reconfiguration of RBAC SchemesProceedings of the 1st International Workshop on AI for Privacy and Security10.1145/2970030.2970033(1-9)Online publication date: 29-Aug-2016
  • (2016)Reconfiguration of RBAC schemes by genetic algorithmsIntelligent Distributed Computing X10.1007/978-3-319-48829-5_9(89-98)Online publication date: 8-Oct-2016
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media