Abstract
With the emergence of Role Based Access Control (RBAC) as the de facto access control model, organizations can now implement and manage many high level security policies. As a means of migration from traditional access control systems to RBAC, different role mining algorithms have been proposed in recent years for finding a minimal set of roles from existing user-permission assignments. While determining such roles, it is often required that certain security objectives are satisfied. A common goal is to enforce the role-usage cardinality constraint, which limits the maximum number of roles any user can have. In this paper, we propose two alternative approaches for role mining with an upper bound on the number of roles that can be assigned to each user, and validate their performance with benchmark data sets.
Chapter PDF
Similar content being viewed by others
References
Vaidya, J., Atluri, V., Guo, Q.: The Role Mining Problem: Finding a Minimal Descriptive Set of Roles. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 175–184 (2007)
Lu, H., Vaidya, J., Atluri, V.: Optimal Boolean Matrix Decomposition: Application to Role Engineering. In: Proceedings of the IEEE 24th International Conference on Data Engineering, pp. 297–306 (2008)
Hingankar, M., Sural, S.: Towards Role Mining with Restricted User-Role Assignment. In: Proceedings of the 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless VITAE), pp. 1–5 (2011)
Jürgen, S., Ulrike, S.: Role mining with ORCA. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 168–176 (2005)
Vaidya, J., Atluri, V., Warner, J.: Role Miner: Mining Roles using Subset Enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 144–153 (2006)
Geerts, F., Goethals, B., Mielikäinen, T.: Tiling Databases. In: Suzuki, E., Arikawa, S. (eds.) DS 2004. LNCS (LNAI), vol. 3245, pp. 278–289. Springer, Heidelberg (2004)
Zhang, D., Kotagiri, R., Tim, E., Trevor, Y.: Permission Set Mining: Discovering Practical and Useful Roles. In: Computer Security Applications Conference, ACSAC, pp. 247–256 (2008)
Zhang, D., Kotagiri, R., Tim, E.: Role Engineering using Graph Optimization. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 139–144 (2007)
Alina, E., William, H., Nikola, M., Prasad, R., Robert, S., Tarjan Robert, E.: Fast Exact and Heuristic Methods for Role Minimization Problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 1–10 (2008)
Kumar, R., Sural, S., Gupta, A.: Mining RBAC Roles under Cardinality Constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models, pp. 38–47. IEEE Computer Society Press (1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3) (2001)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S.B., Lobo, J.: Mining Roles with Multiple Objectives. ACM Transactions on Information and System Security 13(4), 36 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
John, J.C., Sural, S., Atluri, V., Vaidya, J.S. (2012). Role Mining under Role-Usage Cardinality Constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)