Towards an integrated approach to role engineering

Authors:
Chris Giblin;Marcel Graf;Günter Karjoth;Andreas Wespi;Ian Molloy;Jorge Lobo;Seraphin Calo
Affiliations:
IBM Research Zurich, Zurich, Switzerland;IBM Research Zurich, Zurich, Switzerland;IBM Research Zurich, Zurich, Switzerland;IBM Research Zurich, Zurich, Switzerland;IBM Research Watson, Hawthorne, NY, USA;IBM Research Watson, Hawthorne, NY, USA;IBM Research Watson, Hawthorne, NY, USA
Venue:
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Year:
2010

Citing 14
Cited 2

The role control center: features and case studies

Proceedings of the eighth ACM symposium on Access control models and technologies
A methodology for managing roles in legacy systems

Proceedings of the eighth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
ManyEyes: a Site for Visualization at Internet Scale

IEEE Transactions on Visualization and Computer Graphics
Migrating to optimal RBAC with minimal perturbation

Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings

Proceedings of the 13th ACM symposium on Access control models and technologies
HyDRo --- Hybrid Development of Roles

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control

TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
A formal framework to elicit roles with business meaning in RBAC systems

Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms

Proceedings of the 14th ACM symposium on Access control models and technologies
A probabilistic approach to hybrid role mining

Proceedings of the 16th ACM conference on Computer and communications security
Scenario-Driven Role Engineering

IEEE Security and Privacy
On the definition of role mining

Proceedings of the 15th ACM symposium on Access control models and technologies
Mining roles with noisy data

Proceedings of the 15th ACM symposium on Access control models and technologies

Adversaries' Holy Grail: access control analytics

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes

International Journal of Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although role-based access control has become a preferred method to manage access control, it constitutes a significant effort to develop and maintain a role structure. Role engineering, the process of defining roles and assigning permissions and users to the roles, aims to define an accurate and complete set of roles using a variety of inputs. In this paper, we describe a unified approach to role engineering supporting a combination of different methodologies, and its partial implementation in the IBM Tivoli Role Modeling Assistant, a role engineering platform reflecting the dual importance of top-down and bottom-up data collection and analysis. Data, imported from multiple sources such as LDAP registries, human resource extracts in CSV format as well as from interviews with the organization's users and subject matter experts, can be browsed, filtered, and visualized. Roles can be created and edited manually or generated automatically from mining results.