ABSTRACT
Recently, there is a growing trend of organizations migrating to RBAC because of the economic benefits that RBAC provides, and the ease of administration. In order to deploy an RBAC system, one requires to first identify a complete set of roles. This process, known as role engineering, has been identified as one of the costliest tasks in migrating to RBAC. Several approaches have been proposed that mostly use data mining techniques to discover roles. However, most of them do not consider the existing roles and try to define everything from scratch, which is not acceptable for organizations that already have an RBAC system in place. In this paper, we formally define the problem of mining role hierarchy with minimal perturbation and present StateMiner, a heuristic solution to find an RBAC state as similar as possible to both the existing state and the optimal state. We present experiments to demonstrate the effectiveness of our approach.
- E. J. Coyne, "Role-engineering", In Proc. ACM Workshop on Role-Based Access Control, pages 15--16, 1995. Google ScholarDigital Library
- M. P. Gallagher, A.C. O'Connor, and B. Kropp, "The economic impact of role-based access control", Planning report 02-1, National Institute of Standards and Technology, 2002.Google Scholar
- K. Brooks, "Migrating to role-based access control", In Proc. ACM Workshop on Role-Based Access Control, pages 71--81, 1999. Google ScholarDigital Library
- D. Shin, G.-J. Ahn, S. Cho, and S. Jin, "On modeling system-centric information for role engineering", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 169--178, 2003. Google ScholarDigital Library
- P. Epstein and R. Sandhu, "Engineering of role/permission assignment", In Proc. 17th Annual Computer Security Application Conference, pages 127--137, 2001. Google ScholarDigital Library
- A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett, "Observations on the role life-cycle in the context of enterprise security management", In Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 43--51, 2002. Google ScholarDigital Library
- M. Kuhlmann, D. Shohat, and G. Schimpf, "Role mining-revealing business roles for security administration using data mining technology", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 179--186, 2003. Google ScholarDigital Library
- J. Schlegelmilch and U. Steffens, "Role mining with ORCA", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 168--176, 2005. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and Q. Guo, "The role mining problem: Finding a minimal descriptive set of roles", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 175--184, 2007. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and J. Warner, "Roleminer: Mining roles using subset enumeration", In Proc. ACM Conference on Computer and Communications Security (CCS), pages 144--153, 2006. Google ScholarDigital Library
- D. Zhang, K. Ramamohanarao, and T. Ebringer, "Role engineering using graph optimisation", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 139--144, 2007. Google ScholarDigital Library
- A. Colantonio, R. Di Pietro, and A. Ocello, "A Cost-Driven Approach to Role Engineering", In Proc. 2008 ACM symposium on Applied computing (SAC'08), pages 2129--2136, 2008. Google ScholarDigital Library
- H. Lu, J. Vaidya, and V. Atluri, "Optimal Boolean Matrix Decomposition: Application to Role Engineering", In Proc. IEEE 24th International Conference on Data Engineering (ICDE2008), pages 297--306, 2008. Google ScholarDigital Library
- Q. Guo, J. Vaidya, and V. Atluri, "The Role Hierachry Mining Problem: Discovery of Optimal Role Hierarchies", In Proc. 2008 Annual Computer Security Applications Conference, pages 237--246, 2008. Google ScholarDigital Library
- A. Ene, W. Horne, N. Milosavljevic, "Fast Exact and Heuristic Methods for Role Minimization Problems", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 1--10, 2008. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and Q. Guo, "Migrating to Optimal RBAC with Minimal Perturbation", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 11--20, 2008. Google ScholarDigital Library
- I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo, "Mining Roles with Semantic Meanings", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 21--30, 2008. Google ScholarDigital Library
- I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo, "Evaluating Role Mining Algorithms", In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pages 95--104, 2009. Google ScholarDigital Library
- M. Frank, D. Basin, J. M. Buhmann, "A Class of Probabilistic Models for Role Engineering", In Proc. 15th ACM conference on Computer and Communications Security (CCS), pages 299--310, 2008. Google ScholarDigital Library
- M. Frank, A. P. Streich, D. Basin, and J. M. Buhmann, "A Probabilistic Approach to Hybrid Role Mining", In Proc. 16th ACM conference on Computer and Communications Security (CCS), pages 101--111, 2009. Google ScholarDigital Library
- H. Takabi and J. B. D. Joshi, "An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy", 16th ACM Conference on Computer and Communications Security (CCS)(Poster), 2009. Google ScholarDigital Library
- B. Ganter and R. Wille, "Formal Concept Analysis: Mathematical Foundations", Springer, 1998. Google ScholarDigital Library
- K. Deb, "Multi Objective Optimization Using Evolutionary Algorithms", John Wiley and Sons, 2001. Google ScholarDigital Library
- C. Lindig, "Fast concept analysis", In G. Stumme, editor, Working with Conceptual Structures - Contributions to ICCS 2000, 2000.Google Scholar
- http://www.st.cs.uni-saarland.de/~lindigGoogle Scholar
Index Terms
- StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Recommendations
Role mining based on weights
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologiesRole mining from the existing permissions has been widely applied to aid the process of migrating to an RBAC system. While all permissions are treated evenly in previous approaches, none of the work has employed the weights of permissions in role mining ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Edge-RMP: Minimizing administrative assignments for role-based access control
Because of its ease of administration, role-based access control (RBAC) has become the norm to enforcing security in most of today's organizations. For implementing RBAC, it is important to devise a complete and correct set of roles. This task, known as ...
Comments