Skip to main content
SpringerLink
Log in

Role Mining in the Presence of Separation of Duty Constraints

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

Abstract

In recent years, Role Based Access Control (RBAC) has emerged as the most popular access control mechanism, especially for commercial applications. In RBAC, permissions are assigned to roles, which are then assigned to users. The key to the effectiveness of RBAC is the underlying role set that is used. The process of identifying an appropriate set of roles that optimally meets the organizational requirements is called role mining. One of the most useful constraints that can be expressed in RBAC is Separation of Duty (SoD). SoD constraints allow organizations to put a restriction on the minimum number of users required to complete a critical task. However, existing role mining algorithms do not handle SoD constraints and cannot be easily extended to incorporate SoD constraints. In this paper, we consider the problem of role mining when SoD constraints are present. We develop three alternative approaches that can be applied either during or after role mining. We evaluate the performance of all three approaches on several real world data sets and demonstrate their effectiveness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Comput. 29, 38–47 (1996)

    Article  Google Scholar 

  2. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. In: ACM TISSEC, pp. 224–274 (2001)

    Google Scholar 

  3. Zhang, D., Kotagiri, R., Tim, E.: Role engineering using graph optimization. In: ACM SACMAT, pp. 139–144 (2007)

    Google Scholar 

  4. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: ACM SACMAT, pp. 175–184 (2007)

    Google Scholar 

  5. Lu, H., Vaidya, J., Atluri, V.: Optimal boolean matrix decomposition: application to role engineering. In: IEEE ICDE, pp. 297–306 (2008)

    Google Scholar 

  6. John, J.C., Sural, S., Atluri, V., Vaidya, J.S.: Role mining under role-usage cardinality constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 150–161. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation of duty. In: ACM TISSEC, pp. 5–39 (2007)

    Google Scholar 

  8. Alina, E., William, H., Nikola, M., Prasad, R., Robert, S., Robert, T.E.: Fast exact and heuristic methods for role minimization problems. In: ACM SACMAT, pp. 1–10 (2008)

    Google Scholar 

  9. Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Vaidya, J., Atluri, V., Warner, J.: Role miner: mining roles using subset enumeration. In: ACM CCS, pp. 144–153 (2006)

    Google Scholar 

  11. Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. In: IEEE TDSC, pp. 655–669 (2012)

    Google Scholar 

  12. Coyne, E.J.: Role engineering. In: ACM Workshop on RBAC, pp. 15–16 (1996)

    Google Scholar 

  13. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S.B., Lobo, J.: Mining roles with multiple objectives. In: ACM TISSEC, pp. 1–35 (2010)

    Google Scholar 

  14. Harika, P., Nagajyothi, M., John, J.C., Sural, S., Vaidya, J., Atluri, V.: Meeting cardinality constraints in role mining. IEEE TDSC 12(1), 71–84 (2015)

    Google Scholar 

  15. Ye, W., Li, R., Gu, X., Li, Y., Wen, K.: Role mining using answer set programming. In: FGCS (2014)

    Google Scholar 

  16. Li, R., Li, H., Gu, X., Li, Y., Ye, W., Ma, X.: Role mining based on cardinality constraints. In: Concurrency and Computation Practice and Experience (2015). doi:10.1002/cpe.3456

  17. Ma, X., Li, R., Wang, H., Li, H.: Role mining based on permission cardinality constraint and user cardinality constraint. In: Security and Communication Networks (2014). doi:10.1002/sec.1177

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, IIT Kharagpur, Kharagpur, India

    Prasuna Sarana & Shamik Sural

  2. Advanced Technology Development Centre, IIT Kharagpur, Kharagpur, India

    Arindam Roy

  3. MSIS Department, Rutgers University, Newark, USA

    Jaideep Vaidya & Vijayalakshmi Atluri

Authors
  1. Prasuna Sarana
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arindam Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaideep Vaidya
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Vijayalakshmi Atluri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shamik Sural .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, Fairfax, Virginia, USA

    Sushil Jajoda

  2. Jadavpur University, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Sarana, P., Roy, A., Sural, S., Vaidya, J., Atluri, V. (2015). Role Mining in the Presence of Separation of Duty Constraints. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26961-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26960-3

  • Online ISBN: 978-3-319-26961-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation