On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Role based access control is an efficient and effective way to manage and govern permissions to a large number of users. However, defining a role infrastructure that accurately reflects the internal functionalities and workings of a large enterprise is a challenging task. Recent research has focused on the theoretical components of automated role identification while practical applications for identifying roles remain unsolved.This research proposes a practical data mining heuristic method that is fast, scalable and capable of identifying comprehensive roles and placing them into a hierarchy. Permission set pattern data mining can be used to identify the roles with partial orderings that cover the largest portion of user permissions within a system. We test the algorithm on real user permission assignments as well as on generated data sets. Roles identified in test sets cover up to 85% of user permissions and analysis show the roles offer significant administrative benefit. We find interesting correlations between roles and their relationships and analyse the tradeoffs between identifying roles with complete coverage to identifying roles that are most effective and offer significant administrative benefit.