Abstract
Role mining and setup affect the usage of role-based access control (RBAC). Traditionally, user’s role and permission assigning are manipulated by security administrator of system. However, the cost is expensive and the operating process is complex. A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems. The relation among sets of permissions, roles and users was explored by generating mappings, and the relation between sets of users and attributes was analyzed by means of the concept lattice model, generating a critical mapping between the attribute and permission sets, and making the meaning of the role natural and operational. Thus, a role is determined by permission set and user’s attributes. The generated mappings were used to automatically assign permissions and roles to new users. Experimental results show that the proposed algorithm is effective and efficient.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
SANDHU R, COYNE E J. Role based access control models [J]. IEEE Computer, 1996, 29(2): 38–47.
FOCARDI R, GORRIERI R. Access control: Policies, models, and mechanisms [C]// Proceedings of Foundations of Security Analysis and Design. Bertinoro, Italy, 2000: 137–196.
PARK J H, SANDHU R. The UCONABC usage control model [J]. ACM Transactions on Information and System Security, 2004, 7(1): 128–174.
ZHANG X, LI Y, NALLA D. An attribute-based access matrix model [C]// Proceedings of the 2005 ACM Symposium on Applied Computing. Santa Fe, USA, 2005: 359–363.
LI Xiao-feng, FENG Deng-guo, CHEN Chao-wu, FANG Zi-he. Model for attribute based access control [J]. Journal on Communications, 2008, 29(4): 90–98. (in Chinese)
THOMAS R K, SANDHU R S. Task-based authentication controls (TABC): A family of models for active and enterprise-oriented authentication management [C]// Proceedings of the IFIP WG11.3 Workshop on Database Security. Lake Tahoe, California, 1997: 11–13.
BARKER S, SERGOT M J, WIJESEKERA D. Status-based access control [J]. ACM Transactions on Information and System Security, 2008, 12(1): 1–47.
YANG Qiu-wei, HONG Fan, YANG Mu-xiang. Security analysis on administrative model of role-based access control [J]. Journal of Software, 2006, 17(8): 1804–1810. (in Chinese)
SASTURKAR A, YANG Ping, STOLLER S D. Policy analysis for administrative role based access control [C]// Proceedings of the 19th IEEE Workshop on Computer Security Foundations. Venice, Italy, 2006: 183–196.
LIU Qiang, JIANG Yun-fei, RAO Dong-ning. Safety analysis of ARBAC policy based on graphplan [J]. Chinese Journal of Computers, 2009, 32(5): 910–921. (in Chinese)
COYNE E J. Role-engineering [C]. Proceedings of 1st ACM Workshop on Role-Based Access Control. Maryland, USA, 1995.
ZHANG D, RAMAMOHANRAO K, EBRINGER T. Role engineering using graph optimisation [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Autipolis, France, 2007: 139–144.
MOLLOY I, LI N, LI T, MAO Z, WANG Q, LOBO J. Evaluating role mining algorithms [C]// Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT). Stresa, Italy, 2009: 95–104.
SCHLEGELMILCH J, STEENS U. Role mining with orca [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). ACM, Stockholm, Sweden, 2005.
VAIDYA J, ATLURI V, WARNER J. Roleminer: Mining roles using subset enumeration [C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006: 144–153.
ANSI, ANSI INCITS 359-2004 for Role Based Access Control, 2004.
FERRAIOLO D F, GILBERT D M, LYNCH N. An examination of federal and commercial access control policy needs [C]// Proceedings of NIST-NCSC National Computer Security Conference. Baltimore, USA, 1993: 107–116.
MICHALSKI R S, ROSENFELD A, DURIC Z, MALOOF M, ZHANG Q. Application of machine learning in computer vision [C]// MICHALSKI R S, BRATKO I, KUBAT M, eds, Machine Learning and Data Mining: Methods and Applications. London: John Wiley & Sons, 1997: 83–113.
GANTER B, WILLE R. Formal concept analysis: Mathematical foundations [M]. Berlin: Springer-Verlag, 1999: 1–5.
WANG Guo-yin, YAO Yi-yu, YU Hong. A survey on rough set theory and applications [J]. Chinese Journal of Computers, 2009, 32(7): 1229–1246. (in Chinese)
VAIDYA J, ATLURI V, GUO Qi. The role mining problem: Finding a minimal descriptive set of roles [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Antipolis, France, 2007: 175–184.
ENE A, HORNE W, MILOSAVLJEVIC N, RAO P, SCHREIBER R, TARJAN R. Fast exact and heuristic methods for role minimization problems [C]// In The ACM Symposium on Access Control Models and Technologies. Colorado, USA, 2008.
COLANTONIO A, DI PIETRO R, OCELLO A, VINCENZO VERDE N. Taming role mining complexity in RBAC [J]. Computers & Security, 2010, 29: 548–564.
FRANK M, BUHMANN J M, BASIN D. On the definition of role mining [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 35–44.
TAKABI H, JAMES B. D. JOSHI. StateMiner: An efficient similarity-based approach for optimal mining of role hierarchy [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 55–64.
HU Jin-wei, ZHANG Yan, LI Rui-xuan, LU Zheng-ding. Role updating for assignments [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 89–98.
ZHANG Da-na, RAMAMOHANARAO K, VERSTEEG S. Graph based strategies to role engineering [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Oak Ridge, Tennessee, USA, 2010.
GONCALVES G, PONISZEWSKA-MARANDA A. Role engineering: From design to evolution of security schemes [J]. The Journal of Systems and Software, 2008, 81: 1306–1326.
LU H, VAIDYA J, ATLURI V. Optimal boolean matrix decomposition: Application to role engineering [C]// ICDE’ 08. Washington, DC, USA. IEEE Computer Society. 2008: 297–306.
MOLLOY I, CHEN H, LI T, WANG Q, LI N, BERTINO E, CALO S, LOBO J. Mining roles with semantic meanings [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Colorado, USA, 2008: 21–30.
FRANK M, BASIN D, BUHMANN J M. A class of probabilistic models for role engineering [C]// Proceedings of 15th ACM conference on Computers and Communications Security. Alexandria, Virginia, USA. 2008: 299–309.
COLANTONIO A, DI PIETRO R, OCELLO A, VERDE N V. A formal framework to elicit roles with business meaning in RBAC systems [C]// Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. Stresa, Italy, 2009: 85–94.
MA Xiao-pu, LI Rui-xuan, LU Zheng-ding. Role mining based on weights [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, Pennsylvania, USA. 2010: 65–74.
VAIDYA J, ATLURI V, WARNER J. Role engineering via prioritized subset enumeration [J]. IEEE Transactions on Dependable and Secure Computing, 2010, 7(3): 300–314.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Project(61003140) supported by the National Natural Science Foundation of China; Project(013/2010/A) supported by Macau Science and Technology Development Fund; Project(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
Rights and permissions
About this article
Cite this article
Han, Dj., Zhuo, Hk., Xia, Lt. et al. Permission and role automatic assigning of user in role-based access control. J. Cent. South Univ. Technol. 19, 1049–1056 (2012). https://doi.org/10.1007/s11771-012-1108-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11771-012-1108-0