Role Based Access Control (RBAC) is a very popular access control model, for a long time investigated and widely deployed in the security architecture of different enterprises. To implement RBAC, roles have to be firstly identified within the considered organization. Usually the process of (automatically) defining the roles in a bottom up way, starting from the permissions assigned to each user, is called role mining. In literature, the role mining problem has been formally analyzed and several techniques have been proposed in order to obtain a set of valid roles. Recently, the problem of defining different kind of constraints on the number and the size of the roles included in the resulting role set has been addressed. In this paper we provide a formal definition of the role mining problem under the cardinality constraint, i.e. restricting the maximum number of permissions that can be included in a role. We discuss formally the computational complexity of the problem and propose a novel heuristic. Furthermore we present experimental results obtained after the application of the proposed heuristic on both real and synthetic datasets, and compare the resulting performance to previous proposals.
Constrained role mining / C. Blundo, S. Cimato - In: Security and trust management : 8th international workshop, STM 2012 : Pisa, Italy, september 13-14, 2012 : revised selected papers / [a cura di] A. Josang, P. Samarati, M. Petrocchi. - Berlin : Springer, 2013. - ISBN 9783642380037. - pp. 289-304 (( Intervento presentato al 8. convegno International Workshop on Security and Trust Management (STM) tenutosi a Pisa nel 2012 [10.1007/978-3-642-38004-4].
Constrained role mining
S. CimatoUltimo
2013
Abstract
Role Based Access Control (RBAC) is a very popular access control model, for a long time investigated and widely deployed in the security architecture of different enterprises. To implement RBAC, roles have to be firstly identified within the considered organization. Usually the process of (automatically) defining the roles in a bottom up way, starting from the permissions assigned to each user, is called role mining. In literature, the role mining problem has been formally analyzed and several techniques have been proposed in order to obtain a set of valid roles. Recently, the problem of defining different kind of constraints on the number and the size of the roles included in the resulting role set has been addressed. In this paper we provide a formal definition of the role mining problem under the cardinality constraint, i.e. restricting the maximum number of permissions that can be included in a role. We discuss formally the computational complexity of the problem and propose a novel heuristic. Furthermore we present experimental results obtained after the application of the proposed heuristic on both real and synthetic datasets, and compare the resulting performance to previous proposals.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
