RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
On the hardness of approximating minimization problems
Journal of the ACM (JACM)
On the computational complexity of edge concentration
Discrete Applied Mathematics
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Covering Rectilinear Polygons with Axis-Parallel Rectangles
SIAM Journal on Computing
The maximum edge biclique problem is NP-complete
Discrete Applied Mathematics
Proceedings of the tenth ACM symposium on Access control models and technologies
Graph Theory With Applications
Graph Theory With Applications
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
Automating role-based provisioning by learning from examples
Proceedings of the 14th ACM symposium on Access control models and technologies
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
Multi-assignment clustering for Boolean data
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Information Processing Letters
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
A simple role mining algorithm
Proceedings of the 2010 ACM Symposium on Applied Computing
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Graph based strategies to role engineering
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Role mining in the presence of noise
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
Adversaries' Holy Grail: access control analytics
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
An optimization model for the extended role mining problem
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
Role engineering: from theory to practice
Proceedings of the second ACM conference on Data and Application Security and Privacy
Multi-assignment clustering for boolean data
The Journal of Machine Learning Research
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Algorithms for mining meaningful roles
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
Toward mining of temporal roles
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Towards user-oriented RBAC model
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Over-Fitting and Error Detection for Online Role Mining
International Journal of Web Services Research
An optimization framework for role mining
Journal of Computer Security
Hi-index | 0.00 |
We describe several new bottom-up approaches to problems in role engineering for Role-Based Access Control (RBAC). The salient problems are all NP-complete, even to approximate, yet we find that in instances that arise in practice these problems can be solved in minutes. We first consider role minimization, the process of finding a smallest collection of roles that can be used to implement a pre-existing user-to-permission relation. We introduce fast graph reductions that allow recovery of the solution from the solution to a problem on a smaller input graph. For our test cases, these reductions either solve the problem, or reduce the problem enough that we find the optimum solution with a (worst-case) exponential method. We introduce lower bounds that are sharp for seven of nine test cases and are within 3.4% on the other two. We introduce and test a new polynomial-time approximation that on average yields 2% more roles than the optimum. We next consider the related problem of minimizing the number of connections between roles and users or permissions, and we develop effective heuristic methods for this problem as well. Finally, we propose methods for several related problems.