An optimization framework for role mining

Authors:
Haibing Lu;Jaideep Vaidya;Vijayalakshmi Atluri
Affiliations:
OMIS, Santa Clara University, Santa Clara, CA, USA. E-mail: hlu@scu.edu;MSIS, Rutgers University, Newark, NJ, USA. E-mails: {jsvaidya, atluri}@cimic.rutgers.edu;MSIS, Rutgers University, Newark, NJ, USA. E-mails: {jsvaidya, atluri}@cimic.rutgers.edu
Venue:
Journal of Computer Security
Year:
2014

Citing 28
Cited 0

Matrix computations (3rd ed.)

Matrix computations (3rd ed.)
Role engineering

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A scenario-driven role engineering process for functional RBAC roles

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Simulation

Simulation
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
PROXIMUS: a framework for analyzing very high dimensional discrete-attributed datasets

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration

Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation

Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles

Proceedings of the 12th ACM symposium on Access control models and technologies
Fast exact and heuristic methods for role minimization problems

Proceedings of the 13th ACM symposium on Access control models and technologies
Migrating to optimal RBAC with minimal perturbation

Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings

Proceedings of the 13th ACM symposium on Access control models and technologies
The Boolean column and column-row matrix decompositions

Data Mining and Knowledge Discovery
On the Positive--Negative Partial Set Cover problem

Information Processing Letters
The Discrete Basis Problem

IEEE Transactions on Knowledge and Data Engineering
A class of probabilistic models for role engineering

Proceedings of the 15th ACM conference on Computer and communications security
Evaluating role mining algorithms

Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control

Journal of Computer Security
Optimal Boolean Matrix Decomposition: Application to Role Engineering

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Multi-assignment clustering for Boolean data

ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
Mining discrete patterns via binary matrix factorization

Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
A probabilistic approach to hybrid role mining

Proceedings of the 16th ACM conference on Computer and communications security
Extended Boolean Matrix Decomposition

ICDM '09 Proceedings of the 2009 Ninth IEEE International Conference on Data Mining
Mining roles with noisy data

Proceedings of the 15th ACM symposium on Access control models and technologies
The discrete basis problem

PKDD'06 Proceedings of the 10th European conference on Principle and Practice of Knowledge Discovery in Databases
Constraint-Aware Role Mining via Extended Boolean Matrix Decomposition

IEEE Transactions on Dependable and Secure Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Role Based Access Control RBAC is accepted as the de facto access control model for organizations of all sizes. However, engineering the right set of roles is crucial to enable the correct deployment of RBAC within an organization. Indeed, discovering an optimal and correct set of roles from existing permission assignments, referred to as the role mining problem RMP, has gained significant attention in recent years. Role Mining is itself an instantiation of Boolean matrix decomposition --wherein a Boolean matrix is decomposed into two Boolean matrices giving a set of basis vectors and their appropriate combination. In fact, such decompositions are useful in a number of application domains beyond role engineering, including text mining as well as knowledge discovery. While a Boolean matrix can be decomposed in many ways, however, certain decompositions better characterize the semantics associated with the original matrix in a succinct but comprehensive way. Indeed, one can find different decompositions that are optimal with respect to different criteria that may match various semantics. In this paper, we first present a number of variants of the optimal Boolean matrix decomposition problem, including usage RMP, basic RMP, δ-approximate RMP, and edge RMP, that have pragmatic implications in the context of role mining. We then present a unified framework for modeling the optimal Boolean matrix decomposition and its variants using integer linear programming ILP. Such modeling allows us to directly adopt the huge body of heuristic solutions and tools developed for integer linear programming. We also develop efficient heuristics and solutions for each RMP variant, and validate them by a comprehensive experimental evaluation.