Role mining techniques are frequently used to derive a set of roles representing the current organization of a company following the RBAC model and simplifying the definition and the implementation of security policies. Constraints on the resulting roles can be defined to have valid roles, that can be efficiently managed, limiting for example the number of permissions included in a role or the users a role can be assigned to. Since the associated problems are NP hard, several heuristics have been developed to find sub-optimal solutions adopting the concurrent or the post-processing approach. In the first case, assignment matrices are obtained satisfying the given constraints during the computation, while in the second case, the intermediate solutions are obtained without considering the constraints, that are enforced successively. In this paper we present two heuristics for the Permission Usage and Role Usage Cardinality Constraints in the post-processing approach: we consider constraints limiting the number of permissions that can be included in a role in the first case, and the number of roles that can include a permission in the second case, refining the roles produced by some other technique (not considering any constraint). For both heuristics we analyze their performance after their application to some standard datasets, showing the improved results obtained w.r.t. state of the art solutions.
Heuristics for constrained role mining in the post-processing framework / C. Blundo, S. Cimato, L. Siniscalchi. - In: JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING. - ISSN 1868-5137. - (2022), pp. 1-13. [Epub ahead of print] [10.1007/s12652-021-03648-1]
Heuristics for constrained role mining in the post-processing framework
S. CimatoSecondo
;
2022
Abstract
Role mining techniques are frequently used to derive a set of roles representing the current organization of a company following the RBAC model and simplifying the definition and the implementation of security policies. Constraints on the resulting roles can be defined to have valid roles, that can be efficiently managed, limiting for example the number of permissions included in a role or the users a role can be assigned to. Since the associated problems are NP hard, several heuristics have been developed to find sub-optimal solutions adopting the concurrent or the post-processing approach. In the first case, assignment matrices are obtained satisfying the given constraints during the computation, while in the second case, the intermediate solutions are obtained without considering the constraints, that are enforced successively. In this paper we present two heuristics for the Permission Usage and Role Usage Cardinality Constraints in the post-processing approach: we consider constraints limiting the number of permissions that can be included in a role in the first case, and the number of roles that can include a permission in the second case, refining the roles produced by some other technique (not considering any constraint). For both heuristics we analyze their performance after their application to some standard datasets, showing the improved results obtained w.r.t. state of the art solutions.
| File | Dimensione | Formato | |
|---|---|---|---|
|
main.pdf
Open Access dal 26/01/2023
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
576.56 kB
Formato
Adobe PDF
|
576.56 kB | Adobe PDF | Visualizza/Apri |
|
Blundo2022_Article_HeuristicsForConstrainedRoleMi.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
1.27 MB
Formato
Adobe PDF
|
1.27 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
