Abstract
The administration of access control structures in Enterprise Resource Planning Systems (ERP) is mainly organized by Role Based Access Control. The associated optimization problem is called the Role Mining Problem (RMP), which is known to be NP-complete. The goal is to search for role concepts minimizing the number of roles. Algorithms for this task are presented in literature, but often they cannot be used for role mining in ERP in a straightforward way, as ERP systems have additional conditions and constraints. Some ERP systems require multiple levels of roles. This paper defines new two-level variants of the RMP, examines their relationship and presents three approaches to computing such hierarchical role concepts. One is aiming at optimizing multiple levels of roles simultaneously. The other approaches divide the multi-level role mining problem into separate sub-problems, which are optimized individually. All approaches are based on an evolutionary algorithm for single-level role mining and have been implemented and evaluated in a range of experiments.
This work is supported by the German Ministry of Education and Research under grant number 16KIS1000.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anderer, S., Kempter, T., Scheuermann, B., Mostaghim, S.: The dynamic role mining problem: role mining in dynamically changing business environments. In: Proceedings of IJCCI 2021, pp. 37–48. INSTICC, SciTePress (2021)
Anderer, S., Kreppein, D., Scheuermann, B., Mostaghim, S.: The addRole-EA: a new evolutionary algorithm for the role mining problem. In: Proceedings of IJCCI 2020, pp. 155–166. SciTePress (2020). https://doi.org/10.5220/0010025401550166
Anderer, S., Scheuermann, B., Mostaghim, S., Bauerle, P., Beil, M.: RMPlib: a library of benchmarks for the role mining problem. In: Proceedings of SACMAT 2021, SACMAT 2021, pp. 3–13. ACM, New York (2021). https://doi.org/10.1145/3450569.3463566
Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of SAC 2010, pp. 1958–1962. ACM Press, New York (2010). https://doi.org/10.1145/1774088.1774503
Dong, L.J., Wang, M.C., Kang, X.J.: Mining least privilege roles by genetic algorithm. Appl. Mech. Mater. 121–126, 4508–4512 (2011). https://doi.org/10.4028/www.scientific.net/AMM.121-126.4508
Du, X., Chang, X.: Performance of AI algorithms for mining meaningful roles. In: 2014 IEEE Congress on Evolutionary Computation (CEC), pp. 2070–2076. IEEE (2014). https://doi.org/10.1109/CEC.2014.6900321
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of SACMAT 2008, pp. 1–10. ACM Press, New York (2008). https://doi.org/10.1145/1377836.1377838
Guo, Q., Vaidya, J., Atluri, V.: The role hierarchy mining problem: Discovery of optimal role hierarchies. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 237–246. IEEE (2008)
Huang, H., Shang, F., Liu, J., Du, H.: Handling least privilege problem and role mining in RBAC. J. Comb. Optim. 30(1), 63–86 (2013). https://doi.org/10.1007/s10878-013-9633-9
Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17714-9_13
Lu, H., Vaidya, J., Atluri, V.: Optimal boolean matrix decomposition: application to role engineering. In: 24th International Conference on Data Engineering, pp. 297–306. IEEE (2008). https://doi.org/10.1109/ICDE.2008.4497438
Mitra, B., Sural, S., Vaidya, J., Atluri, V.: A survey of role mining. ACM Comput. Surv. 48(4), 1–37 (2016). https://doi.org/10.1145/2871148
Molloy, I., et al.: Mining roles with semantic meanings. In: Proceedings of SACMAT 2008, pp. 21–30. ACM Press, New York (2008). https://doi.org/10.1145/1377836.1377840
Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., Lobo, J.: Evaluating role mining algorithms. In: Proceedings of SACMAT 2009, pp. 95–104. ACM Press, New York (2009). https://doi.org/10.1145/1542207.1542224
Saenko, I., Kotenko, I.: Genetic algorithms for role mining problem. In: PDP 2011, pp. 646–650. IEEE (2011). https://doi.org/10.1109/PDP.2011.63
Saenko, I., Kotenko, I.: Reconfiguration of RBAC schemes by genetic algorithms. In: IDC 2016. SCI, vol. 678, pp. 89–98. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-48829-5_9
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996). https://doi.org/10.1109/2.485845
Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings of SACMAT 2005, pp. 168–176. ACM Press, New York (2005). https://doi.org/10.1145/1063979.1064008
Takabi, H., Joshi, J.B.: Stateminer: an efficient similarity-based approach for optimal mining of role hierarchy. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 55–64 (2010)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem. In: Proceedings of SACMAT 2007, pp. 175–184. ACM Press, New York (2007). https://doi.org/10.1145/1266840.1266870
Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2010). https://doi.org/10.1109/TDSC.2008.61
Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of SACMAT 2007, pp. 139–144. ACM Press, New York (2007). https://doi.org/10.1145/1266840.1266862
Zhang, D., Ramamohanarao, K., Versteeg, S., Zhang, R.: Graph based strategies to role engineering. In: Proceedings of CSIIRW 2010, pp. 1–4. ACM Press, New York (2010). https://doi.org/10.1145/1852666.1852694
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Anderer, S., Schrader, F., Scheuermann, B., Mostaghim, S. (2022). Evolutionary Algorithms for the Constrained Two-Level Role Mining Problem. In: Pérez Cáceres, L., Verel, S. (eds) Evolutionary Computation in Combinatorial Optimization. EvoCOP 2022. Lecture Notes in Computer Science, vol 13222. Springer, Cham. https://doi.org/10.1007/978-3-031-04148-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-04148-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04147-1
Online ISBN: 978-3-031-04148-8
eBook Packages: Computer ScienceComputer Science (R0)