Skip to main content
SpringerLink
Log in

Mining RBAC Roles under Cardinality Constraint

  • Conference paper
Book cover Information Systems Security (ICISS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6503))

Included in the following conference series:

Abstract

Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. In order to deploy RBAC, a complete and correct set of roles needs to be identified from the existing user permission assignments, keeping the number of roles low. This process is called role mining. After the roles are mined, users are assigned to these roles. While implementing RBAC, it is often required that a single role is not assigned a large number of permissions. Else, any user assigned to that role will be overburdened with too many operations. In this paper, we propose a heuristic bottom-up constrained role mining scheme that satisfies a cardinality condition that no role contains more than a given number of permissions. We compare its results with eight other recently proposed role mining algorithms. It is seen that the proposed scheme always satisfies the cardinality constraint and generates the least number of roles among all the algorithms studied.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Coyne, E.J.: Role engineering. In: Proceedings of the 1st ACM Workshop on Role Based Access Control, USA, pp. 15–16 (1995)

    Google Scholar 

  2. Vanamali, S.: WHITE PAPER: Role engineering and RBAC, Role engineering: The cornerstone of role based access control. In: CISA, CISSP, pp. 1–3 (2008)

    Google Scholar 

  3. Vaidya, J., Atluri, V., Guo, Q.: The Role Mining Problem: Finding a minimal descriptive set of roles. In: The 12th ACM Symposium on Access Control Models and Technologies, France, pp. 175–184 (2007)

    Google Scholar 

  4. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  5. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-Based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  6. Goh, C., Baldwin, A.: Towards a more complete model of role. In: Proceedings of the 3rd ACM Workshop on Role Based Access Control, USA, pp. 55–62 (1998)

    Google Scholar 

  7. Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Proceedings of the 2nd ACM Workshop on Role Based Access Control, USA, pp. 121–125 (1997)

    Google Scholar 

  8. Rockle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of the 5th ACM Workshop on Role Based Access Control, Germany, pp. 103–110 (2000)

    Google Scholar 

  9. Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 33–42 (2002)

    Google Scholar 

  10. Shin, D., Ahn, G.J., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 169–178 (2003)

    Google Scholar 

  11. Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 43–51 (2002)

    Google Scholar 

  12. Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 179–186 (2003)

    Google Scholar 

  13. Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Sweden, pp. 168–176 (2005)

    Google Scholar 

  14. Vaidya, J., Atluri, V., Warner, J.: RoleMiner: Mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, USA, pp. 144–153 (2006)

    Google Scholar 

  15. Geerts, F., Goethals, B., Mielikainen, T.: Tiling databases. In: Suzuki, E., Arikawa, S. (eds.) DS 2004. LNCS (LNAI), vol. 3245, pp. 278–289. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Lu, H., Vaidya, J., Atluri, V.: Optimal Boolean matrix decomposition: Application to role engineering. In: Proceedings of the 24th IEEE International Conference on Data Engineering, USA, pp. 297–306 (2008)

    Google Scholar 

  17. Zhang, D., Ramamohanarao, K., Ebringer, T., Yann, T.: Permission set mining: Discovering practical and useful roles. In: Proceedings of the 2008 Annual Computer Security Applications Conference, USA, pp. 247–256 (2008)

    Google Scholar 

  18. Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., Lobo, J.: Evaluating role mining algorithms. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 95–104 (2009)

    Google Scholar 

  19. Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimization. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, France, pp. 139–144 (2007)

    Google Scholar 

  20. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. In: Review

    Google Scholar 

  21. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 1–10 (2008)

    Google Scholar 

  22. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 21–30 (2008)

    Google Scholar 

  23. Colantonio, A., Pietro, R.D., Verde, N.V., Ocello, A.: A formal framework to elicit roles with business meaning in RBAC Systems. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 85–94 (2009)

    Google Scholar 

  24. Fuchs, L., Pernul, G.: HyDRo - Hybrid development of roles. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 287–302. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Indian Institute of Technology, Kharagpur, 721302, India

    Ravi Kumar, Shamik Sural & Arobinda Gupta

Authors
  1. Ravi Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arobinda Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, 382007, Gujarat, India

    Anish Mathuria

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kumar, R., Sural, S., Gupta, A. (2010). Mining RBAC Roles under Cardinality Constraint. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17714-9_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17713-2

  • Online ISBN: 978-3-642-17714-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation