RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
The Journal of Machine Learning Research
The author-topic model for authors and documents
UAI '04 Proceedings of the 20th conference on Uncertainty in artificial intelligence
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Fast exact and heuristic methods for role minimization problems
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Relational learning via collective matrix factorization
Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
Optimal Boolean Matrix Decomposition: Application to Role Engineering
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Multi-assignment clustering for Boolean data
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Learning systems of concepts with an infinite relational model
AAAI'06 Proceedings of the 21st national conference on Artificial intelligence - Volume 1
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
Learning author-topic models from text corpora
ACM Transactions on Information Systems (TOIS)
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
Ensuring continuous compliance through reconciling policy with usage
Proceedings of the 18th ACM symposium on Access control models and technologies
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
A bigData platform for analytics on access control policies and logs
Proceedings of the 18th ACM symposium on Access control models and technologies
Role mining algorithm evaluation and improvement in large volume android applications
Proceedings of the first international workshop on Security in embedded systems and smartphones
Hi-index | 0.00 |
We consider a fundamentally new approach to role and policy mining: finding RBAC models which reflect the observed usage of entitlements and the attributes of users. Such policies are interpretable, i.e., there is a natural explanation of why a role is assigned to a user and are conservative from a security standpoint since they are based on actual usage. Further, such "generative" models provide many other benefits including reconciliation with policies based on entitlements, detection of provisioning errors, as well as the detection of anomalous behavior. Our contributions include defining the fundamental problem as extensions of the well-known role mining problem, as well as providing several new algorithms based on generative machine learning models. Our algorithms find models which are causally associated with actual usage of entitlements and any arbitrary combination of user attributes when such information is available. This is the most natural process to provision roles, thus addressing a key usability issue with existing role mining algorithms. We have evaluated our approach on a large number of real life data sets, and our algorithms produce good role decompositions as measured by metrics such as coverage, stability, and generality We compare our algorithms with traditional role mining algorithms by equating usage with entitlement. Results show that our algorithms improve on existing approaches including exact mining, approximate mining, and probabilistic algorithms; the results are more temporally stable than exact mining approaches, and are faster than probabilistic algorithms while removing artificial constraints such as the number of roles assigned to each user. Most importantly, we believe that these roles more accurately capture what users actually do, the essence of a role, which is not captured by traditional methods.