Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)

Authors:
Ravi Mukkamala;Vishnu Kamisetty;Pawankumar Yedugani
Affiliations:
Department of Computer Science, Norfolk, Old Dominion University, Virginia, USA 23529-0162;Department of Computer Science, Norfolk, Old Dominion University, Virginia, USA 23529-0162;Department of Computer Science, Norfolk, Old Dominion University, Virginia, USA 23529-0162
Venue:
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Year:
2009

Citing 10
Cited 1

Role-Based Access Control Models

Computer
Effects of distributed database modeling on evaluation of transaction rollbacks

WSC' 90 Proceedings of the 22nd conference on Winter simulation
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
The role mining problem: finding a minimal descriptive set of roles

Proceedings of the 12th ACM symposium on Access control models and technologies
Fast exact and heuristic methods for role minimization problems

Proceedings of the 13th ACM symposium on Access control models and technologies
Migrating to optimal RBAC with minimal perturbation

Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting and resolving policy misconfigurations in access-control systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Evaluating role mining algorithms

Proceedings of the 14th ACM symposium on Access control models and technologies
Role Engineering via Prioritized Subset Enumeration

IEEE Transactions on Dependable and Secure Computing

Design of trustworthy smartphone-based multimedia services in cultural environments

Electronic Commerce Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

In Role Based Access Control (RBAC) systems, formulating a correct set of roles, assigning appropriate privileges to roles, and assigning roles to users are the fundamental design tasks. Whether these tasks are performed by a human (e.g., system administrator) or by a machine (e.g., expert system), misconfigurations are likely to occur. The misconfigurations could manifest as under-privileges (fewer privileges assigned) or over-privileges (more privileges than necessary). In this paper, we describe an approach based on role mining to detect and correct such misconfigurations. Here, the overlap among the users and privileges of different roles is used to identify possible misconfigurations.