Role mining algorithm evaluation and improvement in large volume android applications

Authors:
Xinyi Zhang;Weili Han;Zheran Fang;Yuliang Yin;Hossen Mustafa
Affiliations:
Fudan University, Shanghai, China;Fudan University, Shanghai, China;Fudan University, Shanghai, China;Fudan University, Shanghai, China;University of South Carolina, Columbia, USA
Venue:
Proceedings of the first international workshop on Security in embedded systems and smartphones
Year:
2013

Citing 21
Cited 0

Term-weighting approaches in automatic text retrieval

Information Processing and Management: an International Journal
Role-Based Access Control Models

Computer
Role engineering

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
Mining roles with semantic meanings

Proceedings of the 13th ACM symposium on Access control models and technologies
Understanding Android Security

IEEE Security and Privacy
Evaluating role mining algorithms

Proceedings of the 14th ACM symposium on Access control models and technologies
The role mining problem: A formal perspective

ACM Transactions on Information and System Security (TISSEC)
On the definition of role mining

Proceedings of the 15th ACM symposium on Access control models and technologies
Mining roles with noisy data

Proceedings of the 15th ACM symposium on Access control models and technologies
Role mining based on weights

Proceedings of the 15th ACM symposium on Access control models and technologies
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
Mining Roles with Multiple Objectives

ACM Transactions on Information and System Security (TISSEC)
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
Poster: collaborative policy administration

Proceedings of the 18th ACM conference on Computer and communications security
Android permissions: a perspective combining risks and benefits

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Generative models for access control policies: applications to role mining over logs with attribution

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Role mining is a very useful engineering method to help administrators set up the mechanism of role based access control for information systems, but not applied in the Android security framework so far. This paper uses large volume Android applications from the Android Market (Google Play Store now), which include 44,971 applications (subjects), 125 permissions, and 222,734 application-permission assignments (application, permission), to evaluate the effectiveness of five popular role mining algorithms: HM, HPr, HPe, GO, and ORCA. Furthermore, according to the features of Android applications, we propose Mine-Tag, an algorithm that generates tags based on the descriptions of Android applications. These tags can be attached to each mined role to help administrators manage the roles. We set up experiments, evaluate algorithms, and discuss the insights of mining methods in Android applications.