Advertisement

Mining RBAC Roles under Cardinality Constraint

  • Ravi Kumar
  • Shamik Sural
  • Arobinda Gupta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6503)

Abstract

Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. In order to deploy RBAC, a complete and correct set of roles needs to be identified from the existing user permission assignments, keeping the number of roles low. This process is called role mining. After the roles are mined, users are assigned to these roles. While implementing RBAC, it is often required that a single role is not assigned a large number of permissions. Else, any user assigned to that role will be overburdened with too many operations. In this paper, we propose a heuristic bottom-up constrained role mining scheme that satisfies a cardinality condition that no role contains more than a given number of permissions. We compare its results with eight other recently proposed role mining algorithms. It is seen that the proposed scheme always satisfies the cardinality constraint and generates the least number of roles among all the algorithms studied.

Keywords

RBAC Role Engineering Role Mining Cardinality Constraint 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Coyne, E.J.: Role engineering. In: Proceedings of the 1st ACM Workshop on Role Based Access Control, USA, pp. 15–16 (1995)Google Scholar
  2. 2.
    Vanamali, S.: WHITE PAPER: Role engineering and RBAC, Role engineering: The cornerstone of role based access control. In: CISA, CISSP, pp. 1–3 (2008)Google Scholar
  3. 3.
    Vaidya, J., Atluri, V., Guo, Q.: The Role Mining Problem: Finding a minimal descriptive set of roles. In: The 12th ACM Symposium on Access Control Models and Technologies, France, pp. 175–184 (2007)Google Scholar
  4. 4.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  5. 5.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-Based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  6. 6.
    Goh, C., Baldwin, A.: Towards a more complete model of role. In: Proceedings of the 3rd ACM Workshop on Role Based Access Control, USA, pp. 55–62 (1998)Google Scholar
  7. 7.
    Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Proceedings of the 2nd ACM Workshop on Role Based Access Control, USA, pp. 121–125 (1997)Google Scholar
  8. 8.
    Rockle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of the 5th ACM Workshop on Role Based Access Control, Germany, pp. 103–110 (2000)Google Scholar
  9. 9.
    Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 33–42 (2002)Google Scholar
  10. 10.
    Shin, D., Ahn, G.J., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 169–178 (2003)Google Scholar
  11. 11.
    Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, USA, pp. 43–51 (2002)Google Scholar
  12. 12.
    Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Italy, pp. 179–186 (2003)Google Scholar
  13. 13.
    Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Sweden, pp. 168–176 (2005)Google Scholar
  14. 14.
    Vaidya, J., Atluri, V., Warner, J.: RoleMiner: Mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, USA, pp. 144–153 (2006)Google Scholar
  15. 15.
    Geerts, F., Goethals, B., Mielikainen, T.: Tiling databases. In: Suzuki, E., Arikawa, S. (eds.) DS 2004. LNCS (LNAI), vol. 3245, pp. 278–289. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Lu, H., Vaidya, J., Atluri, V.: Optimal Boolean matrix decomposition: Application to role engineering. In: Proceedings of the 24th IEEE International Conference on Data Engineering, USA, pp. 297–306 (2008)Google Scholar
  17. 17.
    Zhang, D., Ramamohanarao, K., Ebringer, T., Yann, T.: Permission set mining: Discovering practical and useful roles. In: Proceedings of the 2008 Annual Computer Security Applications Conference, USA, pp. 247–256 (2008)Google Scholar
  18. 18.
    Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., Lobo, J.: Evaluating role mining algorithms. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 95–104 (2009)Google Scholar
  19. 19.
    Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimization. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, France, pp. 139–144 (2007)Google Scholar
  20. 20.
    Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. In: ReviewGoogle Scholar
  21. 21.
    Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 1–10 (2008)Google Scholar
  22. 22.
    Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, USA, pp. 21–30 (2008)Google Scholar
  23. 23.
    Colantonio, A., Pietro, R.D., Verde, N.V., Ocello, A.: A formal framework to elicit roles with business meaning in RBAC Systems. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Italy, pp. 85–94 (2009)Google Scholar
  24. 24.
    Fuchs, L., Pernul, G.: HyDRo - Hybrid development of roles. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 287–302. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ravi Kumar
    • 1
  • Shamik Sural
    • 1
  • Arobinda Gupta
    • 1
  1. 1.School of Information TechnologyIndian Institute of TechnologyKharagpurIndia

Personalised recommendations