skip to main content
10.1145/2484417.2484423acmconferencesArticle/Chapter ViewAbstractPublication PagesmobihocConference Proceedingsconference-collections
research-article

Role mining algorithm evaluation and improvement in large volume android applications

Published: 08 May 2013 Publication History

Abstract

Role mining is a very useful engineering method to help administrators set up the mechanism of role based access control for information systems, but not applied in the Android security framework so far. This paper uses large volume Android applications from the Android Market (Google Play Store now), which include 44,971 applications (subjects), 125 permissions, and 222,734 application-permission assignments (application, permission), to evaluate the effectiveness of five popular role mining algorithms: HM, HPr, HPe, GO, and ORCA. Furthermore, according to the features of Android applications, we propose Mine-Tag, an algorithm that generates tags based on the descriptions of Android applications. These tags can be attached to each mined role to help administrators manage the roles. We set up experiments, evaluate algorithms, and discuss the insights of mining methods in Android applications.

References

[1]
D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In ACM CCS 2010, pages 73--84, 2010.
[2]
E. J. Coyne. Role engineering. In RBAC'95, page 4, December 1995.
[3]
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In USENIX Security Symposium, 2011.
[4]
W. Enck, M. Ongtang, and P. D. McDaniel. Understanding android security. IEEE Security & Privacy, 7(1):50--57, 2009.
[5]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystifie. In CCS 2011, pages 627--638, 2011.
[6]
D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224--274, 2001.
[7]
M. Frank, J. M. Buhmmann, and D. Basin. On the definition of role mining. In SACMAT'10, pages 35--44, June 2010.
[8]
W. Han, Z. Fang, W. Chen, W. Xu, and C. Lei. Poster: Collaborative policy administration. In CCS, pages 777--780, 2011.
[9]
E. Krause. Taxicab Geometry: An Adventure in Non-Euclidean Geometry. Dover Publ., 1987.
[10]
M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In SACMAT'03, pages 179--186, June 2003.
[11]
X. Ma, R. Li, and Z. Lu. Role mining based on weights. In SACMAT'10, pages 65--74, June 2010.
[12]
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with semantic meanings. In SACMAT, pages 21--30, 2008.
[13]
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. B. Calo, and J. Lobo. Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur., 13(4):36, 2010.
[14]
I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo. Evaluating role mining algorithms. In SACMAT, pages 95--104, 2009.
[15]
I. Molloy, N. Li, Y. Qi, J. Lobo, and L. Dickens. Mining roles with noisy data. In SACMAT'10, pages 45--54, June 2010.
[16]
I. Molloy, Y. Park, and S. Chari. Generative models for access control policies: applications to role mining over logs with attribution. In SACMAT '12, pages 45--56, New York, NY, USA, 2012. ACM.
[17]
G. Salton and C. Buckley. Term-weighting approaches in automatic text retrieval. Information processing & management, 24(5):513--523, 1988.
[18]
R. Sandhu, E. Coyne, H. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2), 1996.
[19]
B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Android permissions: a perspective combining risks and benefits. In SACMAT '12, pages 13--22, New York, NY, USA, 2012. ACM.
[20]
J. Schlegelmilch and U. Steffens. Role mining with orca. In SACMAT, pages 168--176, 2005.
[21]
J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: A formal perspective. ACM Trans. Inf. Syst. Secur., 13(3), 2010.
[22]
J. Vaidya, V. Atluri, and J. Warner. Roleminer: Mining roles using subset enumeration. In ACM CCS 2006, pages 144--153, 2006.

Cited By

View all
  • (2020)Role Mining: Survey and Suggestion on Role Mining in Access ControlMobile Internet Security10.1007/978-981-15-9609-4_4(34-50)Online publication date: 2-Nov-2020
  • (2016)A Survey of Role MiningACM Computing Surveys10.1145/287114848:4(1-37)Online publication date: 22-Feb-2016
  • (2016)How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role MiningInformation Systems Security and Privacy10.1007/978-3-319-27668-7_4(49-67)Online publication date: 1-Jan-2016
  • Show More Cited By

Index Terms

  1. Role mining algorithm evaluation and improvement in large volume android applications

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SESP '13: Proceedings of the first international workshop on Security in embedded systems and smartphones
    May 2013
    34 pages
    ISBN:9781450320689
    DOI:10.1145/2484417
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 08 May 2013

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. android
    2. permission-based access control
    3. rolemining
    4. tag-based description

    Qualifiers

    • Research-article

    Conference

    ASIA CCS '13
    Sponsor:

    Acceptance Rates

    SESP '13 Paper Acceptance Rate 3 of 6 submissions, 50%;
    Overall Acceptance Rate 3 of 6 submissions, 50%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)6
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2020)Role Mining: Survey and Suggestion on Role Mining in Access ControlMobile Internet Security10.1007/978-981-15-9609-4_4(34-50)Online publication date: 2-Nov-2020
    • (2016)A Survey of Role MiningACM Computing Surveys10.1145/287114848:4(1-37)Online publication date: 22-Feb-2016
    • (2016)How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role MiningInformation Systems Security and Privacy10.1007/978-3-319-27668-7_4(49-67)Online publication date: 1-Jan-2016
    • (2014)APP Vetting Based on the Consistency of Description and APKRevised Selected Papers of the 6th International Conference on Trusted Systems - Volume 947310.1007/978-3-319-27998-5_17(259-277)Online publication date: 16-Dec-2014

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media