Role-based access control (RBAC) has become ade factostandard to control access to restrictedresources in complex systems and is widely deployed in many commercially available applications,including operating systems, databases and other softwares. The migration process towards RBAC,starting from the current access configuration, relies on the design of role mining techniques,whose aim is to define suitable roles that implement the given access policies. Some constraintscan be used to transform the roles automatically output by the mining procedures and effectivelycapture the organization’s status under analysis. Such constraints can limit the final configurationcharacteristics, such as the number of roles assigned to a user, or the number of permissions includedin a role, and produce a resulting role set that is effectively usable in real-world situations. In thispaper, we consider two constraints: the number of permissions a role can include and the numberof roles assigned to any user. In particular, we present two heuristics that produce roles compliantwith both constraints and evaluate their performances using both real-world and synthetic datasets.

Role Mining Heuristics for Permission-Role-Usage Cardinality Constraints / C. Blundo, S. Cimato, L. Siniscalchi. - In: COMPUTER JOURNAL. - ISSN 0010-4620. - 65:6(2021), pp. 1386-1411. [10.1093/comjnl/bxaa186]

Role Mining Heuristics for Permission-Role-Usage Cardinality Constraints

S. Cimato
Secondo
;
2021

Abstract

Role-based access control (RBAC) has become ade factostandard to control access to restrictedresources in complex systems and is widely deployed in many commercially available applications,including operating systems, databases and other softwares. The migration process towards RBAC,starting from the current access configuration, relies on the design of role mining techniques,whose aim is to define suitable roles that implement the given access policies. Some constraintscan be used to transform the roles automatically output by the mining procedures and effectivelycapture the organization’s status under analysis. Such constraints can limit the final configurationcharacteristics, such as the number of roles assigned to a user, or the number of permissions includedin a role, and produce a resulting role set that is effectively usable in real-world situations. In thispaper, we consider two constraints: the number of permissions a role can include and the numberof roles assigned to any user. In particular, we present two heuristics that produce roles compliantwith both constraints and evaluate their performances using both real-world and synthetic datasets.
RBAC; access control; heuristics; constrained role mining
Settore INF/01 - Informatica
Article (author)
File in questo prodotto:
File Dimensione Formato  
main_TCJ.pdf

embargo fino al 13/02/2022

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 1.87 MB
Formato Adobe PDF
1.87 MB Adobe PDF Visualizza/Apri
bxaa186.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 3.6 MB
Formato Adobe PDF
3.6 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/826504
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact