Role-Based Access Control Models
Computer
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Migrating to role-based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Proceedings of the tenth ACM symposium on Access control models and technologies
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Optimal Boolean Matrix Decomposition: Application to Role Engineering
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Proceedings of the 13th ACM symposium on Access control models and technologies
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automating role-based provisioning by learning from examples
Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards an integrated approach to role engineering
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Role mining in the presence of noise
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Role engineering: from theory to practice
Proceedings of the second ACM conference on Data and Application Security and Privacy
Authorization in cross-border eHealth systems
Information Systems Frontiers
Constraint-enhanced role engineering via answer set programming
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
Over-Fitting and Error Detection for Online Role Mining
International Journal of Web Services Research
An optimization framework for role mining
Journal of Computer Security
| Hi-index | 0.00 |
Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role based access control. A key problem related to this is the notion of goodness - when is a set of roles good? Recently, the role mining problem (RMP) has been defined as the problem of discovering an optimal set of roles from existing user permissions. Several different objectives for optimality have been proposed. However, one problem with these definitions is that often organizations already have a deployed set of roles and wish to optimize this set. Even if an optimal set of roles is discovered, if this is widely different, it is impossible to simply throw out the deployed roles and start using the new ones as this may disrupt organizational processes and separation of duty constraints that are defined on roles. Essentially, what is missing is taking role migration cost into account when defining optimality, which would allow us to come up with the best suited set of roles. In this paper, we define a fundamentally different Role Mining Problem that takes the problem of deployed roles into account. We define the Minimal Perturbation RMP as the problem of discovering an optimal set of roles from existing user permissions that are similar to the currently deployed roles. In order to do this, we discuss the concept of similarity of roles and propose suitable definitions. Solutions also need to be parameterized to set relative weight of similarity and minimality to find the optimal set. We propose a heuristic solution based on the previously developed FastMiner algorithm that meets these requirements. We demonstrate the effectiveness of the algorithm through our experimental results.