research-article

The Secrecy Resilience of Access Control Policies and Its Application to Role Mining

Authors:

Mahesh TripunitaraAuthors Info & Claims

SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

Pages 115 - 126

https://doi.org/10.1145/3532105.3535030

Published: 08 June 2022 Publication History

Abstract

We propose a notion that we call the secrecy resilience of an access control policy that, to our knowledge, has not been explored in prior work. We seek to capture with this notion the property inherent to an access control policy that measures its resistance to disclosure. We motivate and then propose a definition for secrecy resilience that is based on the notion of entropy from information theory. We focus on policies expressed in Role-Based Access Control (RBAC), and contrast RBAC from the access matrix from the standpoint of secrecy resilience. We observe that similar to other objectives such as the minimization of the number of roles, an RBAC policy with the best secrecy resilience can be a desirable objective of bottom-up role-mining, with which we seek to compute an RBAC policy given as input an access matrix. We have carried out an empirical assessment of several role-mining algorithms from the standpoint of secrecy resilience for two underlying distribution-events pairs each of which captures a kind of best-case from the standpoint of a defender. Towards carrying out the empirical assessment, we make an additional contribution to role-mining: we propose new reductions for the two problems of minimizing the number of roles and the number of edges, and discuss the manner in which our reductions are superior to reductions in existing work.

Supplementary Material

MP4 File (SACMAT22-sacmat71-guo.mp4)

Secrecy Resilience of Access Control Policies, presentation video

Download
45.90 MB

References

[1]

Simon Anderer, Bernd Scheuermann, Sanaz Mostaghim, Patrick Bauerle, and Matthias Beil. Rmplib: A library of benchmarks for the role mining problem. In Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, SACMAT '21, page 3--13, New York, NY, USA, 2021. Association for Computing Machinery.

Digital Library

[2]

Thomas Cover and Joy Thomas. Elements of Information Theory. Wiley-Interscience, 2 edition, 2006.

Digital Library

[3]

Niklas Een and Niklas Sorensson. The MiniSat page. http://minisat.se/, last accessed: February 25, 2022.

[4]

Alina Ene, William Horne, Nikola Milosavljevic, Prasad Rao, Robert Schreiber, and Robert E. Tarjan. Fast exact and heuristic methods for role minimization problems. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT '08, pages 1--10, New York, NY, USA, 2008. Association for Computing Machinery.

Digital Library

[5]

Mario Frank, Joachim M. Buhman, and David Basin. Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur., 15(4), apr 2013.

[6]

Shafi Goldwasser and Silvio Micali. Probabilistic encryption and how to play mental poker keeping secret all partial information. In Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC '82, pages 365--377, New York, NY, USA, 1982. Association for Computing Machinery.

Digital Library

[7]

Patricia P. Griffiths and Bradford W. Wade. An authorization mechanism for a relational database system. ACM Trans. Database Syst., 1(3):242--255, sep 1976.

Digital Library

[8]

Gurobi. Gurobi optimizer. gurobi.com, last accessed: February 25, 2022.

[9]

Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography. Chapman and Hall/CRC, 2 edition, 2014.

Digital Library

[10]

Adam J. Lee, Marianne Winslett, Jim Basney, and Von Welch. The traust authorization service. ACM Trans. Inf. Syst. Secur., 11(1), February 2008.

Digital Library

[11]

Ninghui Li and Mahesh V. Tripunitara. Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur., 9(4):391--420, nov 2006.

Digital Library

[12]

Anuj Mehrotra and Michael A. Trick. A column generation approach for graph coloring. INFORMS Journal on Computing, 8(4):344--354, 1996.

Digital Library

[13]

Barsha Mitra, Shamik Sural, Jaideep Vaidya, and Vijayalakshmi Atluri. A survey of role mining. ACM Comput. Surv., 48(4), feb 2016.

[14]

Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang, and Jorge Lobo. Evaluating role mining algorithms. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT '09, pages 95--104, New York, NY, USA, 2009. Association for Computing Machinery.

Digital Library

[15]

Marvin Nakayama. Cs 341, fall 2011, solutions for quiz 2, day section. Available from https://web.njit.edu/ marvin/cs341/oldexams/13fd-quiz2-soln.pdf, 2011.

[16]

Michelle Roby. Protecting national secrets. Boeing Frontiers, 05, May 2006.

[17]

R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. Computer, 29(2):38--47, 1996.

Digital Library

[18]

G. S. Tseitin. On the Complexity of Derivation in Propositional Calculus, pages 466--483. Springer Berlin Heidelberg, Berlin, Heidelberg, 1983.

[19]

Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. The role mining problem: Finding a minimal descriptive set of roles. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT '07, pages 175--184, New York, NY, USA, 2007. Association for Computing Machinery.

Digital Library

[20]

Jaideep Vaidya, Vijayalakshmi Atluri, Qi Guo, and Haibing Lu. Edge-rmp: Minimizing administrative assignments for role-based access control. Journal of Computer Security, 17(2):211--235, apr 2009.

Digital Library

[21]

Jaideep Vaidya, Vijayalakshmi Atluri, and Janice Warner. Roleminer: Mining roles using subset enumeration. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS '06, pages 144--153, New York, NY, USA, 2006. Association for Computing Machinery.

Digital Library

[22]

Stephen A. Vavasis. Quadratic programming is in NP. Information Processing Letters, 36(2):73--77, 1990.

Digital Library

Cited By

Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Zhu FYang CZhu LGu J(2024)Application of Matrix Factorization Role Mining Algorithm in Role-Based Access Control for Edge RMP2024 9th International Conference on Electronic Technology and Information Science (ICETIS)10.1109/ICETIS61828.2024.10593712(761-767)Online publication date: 17-May-2024
https://doi.org/10.1109/ICETIS61828.2024.10593712

Index Terms

The Secrecy Resilience of Access Control Policies and Its Application to Role Mining

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Mining parameterized role-based policies
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

June 2022

282 pages

ISBN:9781450393577

DOI:10.1145/3532105

General Chair:
Sven Dietrich
City University of New York
,
Program Chairs:
Omar Chowdhury
The University of Iowa
,
Daniel Takabi
Georgia State University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 June 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '22

Sponsor:

SIGSAC

SACMAT '22: The 27th ACM Symposium on Access Control Models and Technologies

June 8 - 10, 2022

NY, New York, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
146
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)2

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Zhu FYang CZhu LGu J(2024)Application of Matrix Factorization Role Mining Algorithm in Role-Based Access Control for Edge RMP2024 9th International Conference on Electronic Technology and Information Science (ICETIS)10.1109/ICETIS61828.2024.10593712(761-767)Online publication date: 17-May-2024
https://doi.org/10.1109/ICETIS61828.2024.10593712

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten