Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Structured management of role-permission relationships
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Multi-Objective Optimization Using Evolutionary Algorithms
Multi-Objective Optimization Using Evolutionary Algorithms
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Task-role-based access control model
Information Systems
Proceedings of the tenth ACM symposium on Access control models and technologies
An effective role administration model using organization structure
ACM Transactions on Information and System Security (TISSEC)
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
A Critique of the ANSI Standard on Role-Based Access Control
IEEE Security and Privacy
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Fast exact and heuristic methods for role minimization problems
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
Optimal Boolean Matrix Decomposition: Application to Role Engineering
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
ABBA: adaptive bicluster-based approach to impute missing values in binary matrices
Proceedings of the 2010 ACM Symposium on Applied Computing
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards an integrated approach to role engineering
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Evaluating the risk of adopting RBAC roles
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
Adversaries' Holy Grail: access control analytics
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
Algorithms for mining meaningful roles
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Mining parameterized role-based policies
Proceedings of the third ACM conference on Data and application security and privacy
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.02 |
The role-based access control (RBAC) model has proven to be cost effective to reduce the complexity and costs of access permission management. To maximize the advantages offered by RBAC, the role engineering discipline has been introduced. A viable approach is to explore current applications and systems to find de facto roles embedded in existing user permissions, leading to what is usually referred to as role mining. However, a key problem that has not yet been adequately addressed by existing role mining approaches is how to propose roles that have business meaning. In order to do this, we provide a new formal framework that also enjoys practical relevance. In particular, the proposed framework leverages business information - such as business processes and organization structure - to implement role mining algorithms. Our key observation is that a role is likely to be meaningful from a business perspective when it involves activities within the same business process or organizational units within the same branch. To measure the "spreading" of a role among business processes or organization structure, we resort to centrality indices. Such indices are used in our cost-driven approach during the role mining process. Finally, we illustrate the application of the framework through a few examples.