skip to main content
10.1145/1852666.1852694acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsiirwConference Proceedingsconference-collections
research-article

Graph based strategies to role engineering

Published: 21 April 2010 Publication History

Abstract

Role Engineering for Role Based Access Control (RBAC) has emerged as a challenging area of research, both in industry and academia. The problem originates from the practical need to create a set of roles that accurately reflects the internal functionalities of an enterprise. Existing approaches that have used data mining techniques for this problem often generate too many candidate roles and do not consider the effect of a given combination of roles on the overall configuration.
Identification of an ideal RBAC solution is only possible with a clear and concise evaluation of the RBAC configuration goals. To address this issue, we discuss use of the graph model for the Role Engineering problem and show how effective this approach is in the search for a role engineering solution. We evaluate and formalise the problem of identifying the minimum number of descriptive roles for RBAC using a graph model and propose how its variations can be represented. Finally, we introduce novel strategies using the proposed models for future innovation and perform experimentation on both real and synthetically generated data.

Supplementary Material

Supplemental material. (a25-zhang_slides.pdf)

References

[1]
A. Colantonio, R. D. Pietro, and A. Ocello. Leveraging lattices to improve role mining. In Proceedings of The Ifip Tc 11 23rd International Information Security Conference (SEC'08), pages 333--347, Boston, 2008. Springer.
[2]
E. J. Coyne. Role engineering. In RBAC '95: Proceedings of the first ACM Workshop on Role-based access control, pages 4--5, New York, NY, USA, 1995. ACM Press.
[3]
A. Ene, W. Horne, M. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. Fast exact and heuristic methods for role minimization problems. In SACMAT'08: Proceedings of the thirteenth ACM symposium on Access control models and technologies, Estes Park, Colorado, June 2008.
[4]
D. F. Ferraiolo and D. R. Kuhn. Role-Based Access Control. In Proceedings of the 15th NIST-NCSC National Computer Security Conference, pages 554--563, Bultimore, Maryland, USA, 1992.
[5]
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224--274, 2001.
[6]
A. N. S. I. Inc. Role Based Access Control. ANSI INCITS 359--2004, 2004.
[7]
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with semantic meanings. In SACMAT'08: Proceedings of the thirteenth ACM symposium on Access control models and technologies, Estes Park, Colorado, June 2008.
[8]
J. Vaidya. The role mining problem: Finding a minimal descriptive set of roles. In SACMAT '07: Proceedings of the twelfth ACM symposium on Access control models and technologies, pages 175--184, New York, NY, USA, 2007. ACM Press.
[9]
J. Vaidya, V. Atluri, and J. Warner. Roleminer: Mining roles using subset enumeration. In CCS '06: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, 2006. ACM Press.
[10]
D. Zhang, K. Ramamohanarao, and T. Ebringer. Role engineering using graph optimisation. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 139--144, New York, NY, USA, 2007. ACM.
[11]
D. Zhang, K. Ramamohanarao, and R. Zhang. Synthetic data generation for study of role engineering. http://www.cs.mu.oz.au/~zhangd/roledata, 2008.

Cited By

View all
  • (2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
  • (2024)Studies on Multi-objective Role Mining in ERP SystemsEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-57712-3_6(81-96)Online publication date: 2024
  • (2022)Evolutionary Algorithms for the Constrained Two-Level Role Mining ProblemEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-04148-8_6(79-94)Online publication date: 4-Apr-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
April 2010
257 pages
ISBN:9781450300179
DOI:10.1145/1852666
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 April 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. graph modeling
  2. role engineering
  3. role mining
  4. role-based access control

Qualifiers

  • Research-article

Conference

CSIIRW '10

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
  • (2024)Studies on Multi-objective Role Mining in ERP SystemsEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-57712-3_6(81-96)Online publication date: 2024
  • (2022)Evolutionary Algorithms for the Constrained Two-Level Role Mining ProblemEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-04148-8_6(79-94)Online publication date: 4-Apr-2022
  • (2021)Research of Genetic Optimization Algorithms in the Design of VLAN2021 29th Telecommunications Forum (TELFOR)10.1109/TELFOR52709.2021.9653295(1-4)Online publication date: 23-Nov-2021
  • (2019)Tensile deformation of nanocrystalline Al-matrix composites: Effects of the SiC particle and grapheneComputational Materials Science10.1016/j.commatsci.2018.09.050156(187-194)Online publication date: Jan-2019
  • (2018)Using the graph-theoretic approach to solving the Role Mining problem2018 Dynamics of Systems, Mechanisms and Machines (Dynamics)10.1109/Dynamics.2018.8601487(1-5)Online publication date: Nov-2018
  • (2016)A Survey of Role MiningACM Computing Surveys10.1145/287114848:4(1-37)Online publication date: 22-Feb-2016
  • (2016)Mining temporal roles using many-valued conceptsComputers and Security10.1016/j.cose.2016.04.00260:C(79-94)Online publication date: 1-Jul-2016
  • (2015)An analysis of graphs that represent a role-based security policy hierarchyJournal of Computer Security10.3233/JCS-15053223:5(641-657)Online publication date: 25-Sep-2015
  • (2015)Migrating from DAC to RBACData and Applications Security and Privacy XXIX10.1007/978-3-319-20810-7_5(69-84)Online publication date: 23-Jun-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media