Abstract
Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. In order to deploy RBAC, a complete and correct set of roles needs to be identified from the existing user permission assignments, keeping the number of roles low. This process is called role mining. After the roles are mined, users are assigned to these roles. While implementing RBAC, it is often required that a single role is not assigned a large number of permissions. Else, any user assigned to that role will be overburdened with too many operations. In this paper, we propose a heuristic bottom-up constrained role mining scheme that satisfies a cardinality condition that no role contains more than a given number of permissions. We compare its results with eight other recently proposed role mining algorithms. It is seen that the proposed scheme always satisfies the cardinality constraint and generates the least number of roles among all the algorithms studied.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Coyne, E.J.: Role engineering. In: Proceedings of the 1st ACM Workshop on Role Based Access Control, USA, pp. 15–16 (1995)
Vanamali, S.: WHITE PAPER: Role engineering and RBAC, Role engineering: The cornerstone of role based access control. In: CISA, CISSP, pp. 1–3 (2008)
Vaidya, J., Atluri, V., Guo, Q.: The Role Mining Problem: Finding a minimal descriptive set of roles. In: The 12th ACM Symposium on Access Control Models and Technologies, France, pp. 175–184 (2007)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-Based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Goh, C., Baldwin, A.: Towards a more complete model of role. In: Proceedings of the 3rd ACM Workshop on Role Based Access Control, USA, pp. 55–62 (1998)
Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Proceedings of the 2nd ACM Workshop on Role Based Access Control, USA, pp. 121–125 (1997)
Rockle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of the 5th ACM Workshop on Role Based Access Control, Germany, pp. 103–110 (2000)
Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 33–42 (2002)
Shin, D., Ahn, G.J., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 169–178 (2003)
Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 43–51 (2002)
Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 179–186 (2003)
Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Sweden, pp. 168–176 (2005)
Vaidya, J., Atluri, V., Warner, J.: RoleMiner: Mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, USA, pp. 144–153 (2006)
Geerts, F., Goethals, B., Mielikainen, T.: Tiling databases. In: Suzuki, E., Arikawa, S. (eds.) DS 2004. LNCS (LNAI), vol. 3245, pp. 278–289. Springer, Heidelberg (2004)
Lu, H., Vaidya, J., Atluri, V.: Optimal Boolean matrix decomposition: Application to role engineering. In: Proceedings of the 24th IEEE International Conference on Data Engineering, USA, pp. 297–306 (2008)
Zhang, D., Ramamohanarao, K., Ebringer, T., Yann, T.: Permission set mining: Discovering practical and useful roles. In: Proceedings of the 2008 Annual Computer Security Applications Conference, USA, pp. 247–256 (2008)
Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., Lobo, J.: Evaluating role mining algorithms. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 95–104 (2009)
Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimization. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, France, pp. 139–144 (2007)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. In: Review
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 1–10 (2008)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 21–30 (2008)
Colantonio, A., Pietro, R.D., Verde, N.V., Ocello, A.: A formal framework to elicit roles with business meaning in RBAC Systems. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 85–94 (2009)
Fuchs, L., Pernul, G.: HyDRo - Hybrid development of roles. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 287–302. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kumar, R., Sural, S., Gupta, A. (2010). Mining RBAC Roles under Cardinality Constraint. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-17714-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17713-2
Online ISBN: 978-3-642-17714-9
eBook Packages: Computer ScienceComputer Science (R0)