A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
A role administration system in role-based authorization infrastructures: design and implementation
Proceedings of the 2003 ACM symposium on Applied computing
Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
BusiROLE: A Model for Integrating Business Roles into Identity Management
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time
International Journal of Information and Computer Security
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Proceedings of the 15th ACM symposium on Access control models and technologies
Incorporating social-cultural contexts in role engineering: an activity theoretic approach
International Journal of Business Information Systems
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Proceedings of the first ACM conference on Data and application security and privacy
Role approach in access control development with the usage control concept
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.01 |
In this paper, we develop a model forengineering role-permission assignment. Ourmodel builds upon the well-known RBAC96model [SCFY96]. Assigning permissions toroles is considered too complex an activity toaccomplish directly. Instead we advocatebreaking down this process into a number ofsteps. We specifically introduce the concept ofJobs, Work-patterns, and Tasks to facilitate role-permissionassignment into a series of smallersteps. We describe methodologies for using thismodel in two different ways. In a top-downapproach, roles are decomposed intopermissions, whereas in a bottom-up approach,permissions are aggregated into roles.