Role Based Access Control (RBAC) models have been adopted in many organizations as the standard way to implement security policies and assign access to restricted resources to roles and roles to users. To capture the business relationships within the organization and efficiently migrate towards RBAC, several role mining techniques have been defined. Constraints on the resulting roles and assignments to users can be imposed to filter out inconsistent situations produced by the automatic algorithm and to better capture the status of the organization. In this paper we are interested in constraints on the number of permissions that can be included in a role and on the number of persons a role can be assigned to. We analyze the problem and propose a couple of heuristics. The heuristics have been applied to standard datasets to validate their performance.
PRUCC-RM: Permission-Role-Usage Cardinality Constrained Role Mining / C. Blundo, S. Cimato, L. Siniscalchi - In: Computer Software and Applications Conference (COMPSAC), 2017 IEEE 41st AnnualPrima edizione. - [s.l] : IEEE, 2017. - ISBN 9781538603673. - pp. 149-154 (( Intervento presentato al 9. convegno Security Aspects of Process and Services Engineering tenutosi a Torino nel 2017 [10.1109/COMPSAC.2017.195].
PRUCC-RM: Permission-Role-Usage Cardinality Constrained Role Mining
S. CimatoSecondo
;
2017
Abstract
Role Based Access Control (RBAC) models have been adopted in many organizations as the standard way to implement security policies and assign access to restricted resources to roles and roles to users. To capture the business relationships within the organization and efficiently migrate towards RBAC, several role mining techniques have been defined. Constraints on the resulting roles and assignments to users can be imposed to filter out inconsistent situations produced by the automatic algorithm and to better capture the status of the organization. In this paper we are interested in constraints on the number of permissions that can be included in a role and on the number of persons a role can be assigned to. We analyze the problem and propose a couple of heuristics. The heuristics have been applied to standard datasets to validate their performance.File | Dimensione | Formato | |
---|---|---|---|
main-sapse.pdf
accesso riservato
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
391.05 kB
Formato
Adobe PDF
|
391.05 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.