A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Proceedings of the tenth ACM symposium on Access control models and technologies
Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing)
Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing)
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Fast exact and heuristic methods for role minimization problems
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
A measure of variance for hierarchical nominal attributes
Information Sciences: an International Journal
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
The Role Hierarchy Mining Problem: Discovery of Optimal Role Hierarchies
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Optimal Boolean Matrix Decomposition: Application to Role Engineering
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Multi-assignment clustering for Boolean data
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Learning systems of concepts with an infinite relational model
AAAI'06 Proceedings of the 21st national conference on Artificial intelligence - Volume 1
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Role Engineering via Prioritized Subset Enumeration
IEEE Transactions on Dependable and Secure Computing
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
The minimum transfer cost principle for model-order selection
ECML PKDD'11 Proceedings of the 2011 European conference on Machine learning and knowledge discovery in databases - Volume Part I
PKDD'06 Proceedings of the 10th European conference on Principle and Practice of Knowledge Discovery in Databases
Multi-assignment clustering for boolean data
The Journal of Machine Learning Research
Algorithms for mining meaningful roles
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Constraint-Aware Role Mining via Extended Boolean Matrix Decomposition
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
Role mining tackles the problem of finding a role-based access control (RBAC) configuration, given an access-control matrix assigning users to access permissions as input. Most role-mining approaches work by constructing a large set of candidate roles and use a greedy selection strategy to iteratively pick a small subset such that the differences between the resulting RBAC configuration and the access control matrix are minimized. In this article, we advocate an alternative approach that recasts role mining as an inference problem rather than a lossy compression problem. Instead of using combinatorial algorithms to minimize the number of roles needed to represent the access-control matrix, we derive probabilistic models to learn the RBAC configuration that most likely underlies the given matrix. Our models are generative in that they reflect the way that permissions are assigned to users in a given RBAC configuration. We additionally model how user-permission assignments that conflict with an RBAC configuration emerge and we investigate the influence of constraints on role hierarchies and on the number of assignments. In experiments with access-control matrices from real-world enterprises, we compare our proposed models with other role-mining methods. Our results show that our probabilistic models infer roles that generalize well to new system users for a wide variety of data, while other models’ generalization abilities depend on the dataset given.