Role Based Access Control (RBAC) is a very popular access control model, for a long time investigated and widely deployed in the security architecture of diﬀerent enterprises. To implement RBAC, roles have to be ﬁrstly identiﬁed within the considered organization. Usually the process of (automatically) deﬁning the roles in a bottom up way, starting from the permissions assigned to each user, is called role mining. In literature, the role mining problem has been formally analyzed and several techniques have been proposed in order to obtain a set of valid roles. Recently, the problem of deﬁning diﬀerent kind of constraints on the number and the size of the roles included in the resulting role set has been addressed. In this paper we provide a formal deﬁnition of the role mining problem under the cardinality constraint, i.e. restricting the maximum number of permissions that can be included in a role. We discuss formally the computational complexity of the problem and propose a novel heuristic. Furthermore we present experimental results obtained after the application of the proposed heuristic on both real and synthetic datasets, and compare the resulting performance to previous proposals.
Constrained role mining / C. Blundo, S. Cimato - In: Security and trust management : 8th international workshop, STM 2012 : Pisa, Italy, september 13-14, 2012 : revised selected papers / [a cura di] A. Josang, P. Samarati, M. Petrocchi. - Berlin : Springer, 2013. - ISBN 9783642380037. - pp. 289-304 (( Intervento presentato al 8. convegno International Workshop on Security and Trust Management (STM) tenutosi a Pisa nel 2012.
|Titolo:||Constrained role mining|
CIMATO, STELVIO (Ultimo)
|Settore Scientifico Disciplinare:||Settore INF/01 - Informatica|
|Data di pubblicazione:||2013|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1007/978-3-642-38004-4|
|Tipologia:||Book Part (author)|
|Appare nelle tipologie:||03 - Contributo in volume|