Abstract
In recent years, Role Based Access Control (RBAC) has emerged as the most popular access control mechanism, especially for commercial applications. In RBAC, permissions are assigned to roles, which are then assigned to users. The key to the effectiveness of RBAC is the underlying role set that is used. The process of identifying an appropriate set of roles that optimally meets the organizational requirements is called role mining. One of the most useful constraints that can be expressed in RBAC is Separation of Duty (SoD). SoD constraints allow organizations to put a restriction on the minimum number of users required to complete a critical task. However, existing role mining algorithms do not handle SoD constraints and cannot be easily extended to incorporate SoD constraints. In this paper, we consider the problem of role mining when SoD constraints are present. We develop three alternative approaches that can be applied either during or after role mining. We evaluate the performance of all three approaches on several real world data sets and demonstrate their effectiveness.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Comput. 29, 38–47 (1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. In: ACM TISSEC, pp. 224–274 (2001)
Zhang, D., Kotagiri, R., Tim, E.: Role engineering using graph optimization. In: ACM SACMAT, pp. 139–144 (2007)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: ACM SACMAT, pp. 175–184 (2007)
Lu, H., Vaidya, J., Atluri, V.: Optimal boolean matrix decomposition: application to role engineering. In: IEEE ICDE, pp. 297–306 (2008)
John, J.C., Sural, S., Atluri, V., Vaidya, J.S.: Role mining under role-usage cardinality constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 150–161. Springer, Heidelberg (2012)
Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation of duty. In: ACM TISSEC, pp. 5–39 (2007)
Alina, E., William, H., Nikola, M., Prasad, R., Robert, S., Robert, T.E.: Fast exact and heuristic methods for role minimization problems. In: ACM SACMAT, pp. 1–10 (2008)
Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010)
Vaidya, J., Atluri, V., Warner, J.: Role miner: mining roles using subset enumeration. In: ACM CCS, pp. 144–153 (2006)
Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. In: IEEE TDSC, pp. 655–669 (2012)
Coyne, E.J.: Role engineering. In: ACM Workshop on RBAC, pp. 15–16 (1996)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S.B., Lobo, J.: Mining roles with multiple objectives. In: ACM TISSEC, pp. 1–35 (2010)
Harika, P., Nagajyothi, M., John, J.C., Sural, S., Vaidya, J., Atluri, V.: Meeting cardinality constraints in role mining. IEEE TDSC 12(1), 71–84 (2015)
Ye, W., Li, R., Gu, X., Li, Y., Wen, K.: Role mining using answer set programming. In: FGCS (2014)
Li, R., Li, H., Gu, X., Li, Y., Ye, W., Ma, X.: Role mining based on cardinality constraints. In: Concurrency and Computation Practice and Experience (2015). doi:10.1002/cpe.3456
Ma, X., Li, R., Wang, H., Li, H.: Role mining based on permission cardinality constraint and user cardinality constraint. In: Security and Communication Networks (2014). doi:10.1002/sec.1177
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sarana, P., Roy, A., Sural, S., Vaidya, J., Atluri, V. (2015). Role Mining in the Presence of Separation of Duty Constraints. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-26961-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26960-3
Online ISBN: 978-3-319-26961-0
eBook Packages: Computer ScienceComputer Science (R0)