Evaluating role mining algorithms

Authors:
Ian Molloy;Ninghui Li;Tiancheng Li;Ziqing Mao;Qihua Wang;Jorge Lobo
Affiliations:
Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;IBM T.J. Watson Research Center, Hawthorne, NY, USA
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 17
Cited 26

Role engineering

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Mining frequent patterns without candidate generation

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A scenario-driven role engineering process for functional RBAC roles

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
An administration concept for the enterprise role-based access control model

Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering

Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation

Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles

Proceedings of the 12th ACM symposium on Access control models and technologies
A cost-driven approach to role engineering

Proceedings of the 2008 ACM symposium on Applied computing
Fast exact and heuristic methods for role minimization problems

Proceedings of the 13th ACM symposium on Access control models and technologies
Migrating to optimal RBAC with minimal perturbation

Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings

Proceedings of the 13th ACM symposium on Access control models and technologies
A class of probabilistic models for role engineering

Proceedings of the 15th ACM conference on Computer and communications security
Optimal Boolean Matrix Decomposition: Application to Role Engineering

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering

Dynamic security policy learning

Proceedings of the first ACM workshop on Information security governance
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Effective trust management through a hybrid logical and relational approach

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A simple role mining algorithm

Proceedings of the 2010 ACM Symposium on Applied Computing
On the definition of role mining

Proceedings of the 15th ACM symposium on Access control models and technologies
Mining roles with noisy data

Proceedings of the 15th ACM symposium on Access control models and technologies
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy

Proceedings of the 15th ACM symposium on Access control models and technologies
Role mining based on weights

Proceedings of the 15th ACM symposium on Access control models and technologies
Towards an integrated approach to role engineering

Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Evaluating the risk of adopting RBAC roles

DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mining Roles with Multiple Objectives

ACM Transactions on Information and System Security (TISSEC)
Towards automatic update of access control policy

LISA'10 Proceedings of the 24th international conference on Large installation system administration
A new role mining framework to elicit business roles and to mitigate enterprise risk

Decision Support Systems
Mining RBAC roles under cardinality constraint

ICISS'10 Proceedings of the 6th international conference on Information systems security
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

Proceedings of the first ACM conference on Data and application security and privacy
RAR: A role-and-risk based flexible framework for secure collaboration

Future Generation Computer Systems
Detecting and resolving policy misconfigurations in access-control systems

ACM Transactions on Information and System Security (TISSEC)
Adversaries' Holy Grail: access control analytics

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Process compliance analysis based on behavioural profiles

Information Systems
An optimization model for the extended role mining problem

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Discovering access-control misconfigurations: new approaches and evaluation methodologies

Proceedings of the second ACM conference on Data and Application Security and Privacy
Role engineering: from theory to practice

Proceedings of the second ACM conference on Data and Application Security and Privacy
Algorithms for mining meaningful roles

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
RolX: structural role extraction & mining in large graphs

Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Role mining algorithm evaluation and improvement in large volume android applications

Proceedings of the first international workshop on Security in embedded systems and smartphones
An optimization framework for role mining

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

While many role mining algorithms have been proposed in recent years, there lacks a comprehensive study to compare these algorithms. These role mining algorithms have been evaluated when they were proposed, but the evaluations were using different datasets and evaluation criteria. In this paper, we introduce a comprehensive framework for evaluating role mining algorithms. We categorize role mining algorithms into two classes based on their outputs; Class 1 algorithms output a sequence of prioritized roles while Class 2 algorithms output complete RBAC states. We then develop techniques that enable us to compare these algorithms directly. We also introduce a new role mining algorithm and two new ways for algorithmically generating datasets for evaluation. Using synthetic as well as real datasets, we compared nine role mining algorithms. Our results illustrate the strengths and weaknesses of these algorithms.