An optimization model for the extended role mining problem

Authors:
Emre Uzun;Vijayalakshmi Atluri;Haibing Lu;Jaideep Vaidya
Affiliations:
MSIS Department and CIMIC, Rutgers University;MSIS Department and CIMIC, Rutgers University;MSIS Department and CIMIC, Rutgers University;MSIS Department and CIMIC, Rutgers University
Venue:
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Year:
2011

Citing 11
Cited 0

The role-based access control system of a European bank: a case study and discussion

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation

Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles

Proceedings of the 12th ACM symposium on Access control models and technologies
Fast exact and heuristic methods for role minimization problems

Proceedings of the 13th ACM symposium on Access control models and technologies
Evaluating role mining algorithms

Proceedings of the 14th ACM symposium on Access control models and technologies
Optimal Boolean Matrix Decomposition: Application to Role Engineering

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Extended Boolean Matrix Decomposition

ICDM '09 Proceedings of the 2009 Ninth IEEE International Conference on Data Mining
The role mining problem: A formal perspective

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The primary purpose of Role Mining is to effectively determine the roles in an enterprise using the permissions that have already been assigned to the users. If this permission assignment is viewed as a 0-1 matrix, then Role Mining aims to decompose this matrix into two matrices which represent user-role and role-permission assignments. This decomposition is known as Boolean Matrix Decomposition (BMD). In this paper, we use an Extended BMD (EBMD) to consider separation of duty constraints (SOD) and exceptions, that are common to any security system, in the role mining process. Essentially, in EBMD, we introduce negative assignments. An additional benefit of allowing negative assignments in roles is that, a less number of roles can be used to reconstruct the same given user-permission assignments. We introduce Extended Role Mining Problem and its variants and present their optimization models. We also propose a heuristic algorithm that is capable of utilizing these models to find good decompositions.