IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

Role-based access control (RBAC) is the most popular access control model currently adopted in several contexts to define security management. Constraints play a crucial role since they can drive the selection of the best representation of the organization's security policies when migrating towards an RBAC system. In this paper, we examine different types of constraints addressing both theoretical aspects and practical considerations. On one side, we define the constrained role mining problem for each constraint type, showing its complexity. On the other hand, we present efficient heuristics adapted to each class of constraints, all derived from the specialization of a general approach for role mining. We show that our techniques improve over previous proposals, offering a complete set of experimentations obtained after the application of the heuristics to standard real-world datasets.

Managing constraints in role based access control / C. Blundo, S. Cimato, L. Siniscalchi. - In: IEEE ACCESS. - ISSN 2169-3536. - 8(2020 Aug), pp. 9146129.140497-9146129.140511. [10.1109/ACCESS.2020.3011310]

Managing constraints in role based access control

S. Cimato
;
2020

Abstract

Role-based access control (RBAC) is the most popular access control model currently adopted in several contexts to define security management. Constraints play a crucial role since they can drive the selection of the best representation of the organization's security policies when migrating towards an RBAC system. In this paper, we examine different types of constraints addressing both theoretical aspects and practical considerations. On one side, we define the constrained role mining problem for each constraint type, showing its complexity. On the other hand, we present efficient heuristics adapted to each class of constraints, all derived from the specialization of a general approach for role mining. We show that our techniques improve over previous proposals, offering a complete set of experimentations obtained after the application of the heuristics to standard real-world datasets.
constrained role mining; RBAC; role mining
Settore INF/01 - Informatica
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
ago-2020
IEEE ACCESS
Article (author)
01 - Articolo su periodico
File in questo prodotto:
File Dimensione Formato  
FINALArticle.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 1.19 MB
Formato Adobe PDF
Visualizza/Apri
1.19 MB Adobe PDF Visualizza/Apri
09146129.pdf

accesso aperto

Tipologia: Publisher's version/PDF
Dimensione 7.61 MB
Formato Adobe PDF
Visualizza/Apri
7.61 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/761124
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 10
social impact