RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
CACTUS—clustering categorical data using summaries
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Proceedings of the tenth ACM symposium on Access control models and technologies
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Fast exact and heuristic methods for role minimization problems
Proceedings of the 13th ACM symposium on Access control models and technologies
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Effective trust management through a hybrid logical and relational approach
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A simple role mining algorithm
Proceedings of the 2010 ACM Symposium on Applied Computing
Managing risks in RBAC employed distributed environments
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Graph based strategies to role engineering
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Towards an integrated approach to role engineering
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Role mining in the presence of noise
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Baaz: a system for detecting access control misconfigurations
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
Detection of anomalous insiders in collaborative environments via relational analysis of access logs
Proceedings of the first ACM conference on Data and application security and privacy
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Adversaries' Holy Grail: access control analytics
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
An optimization model for the extended role mining problem
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Greedy algorithm for least privilege in RBAC model
COCOA'11 Proceedings of the 5th international conference on Combinatorial optimization and applications
Mining roles from web application usage patterns
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Role engineering: from theory to practice
Proceedings of the second ACM conference on Data and Application Security and Privacy
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Algorithms for mining meaningful roles
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Mining parameterized role-based policies
Proceedings of the third ACM conference on Data and application security and privacy
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
RMiner: a tool set for role mining
Proceedings of the 18th ACM symposium on Access control models and technologies
Role mining algorithm evaluation and improvement in large volume android applications
Proceedings of the first international workshop on Security in embedded systems and smartphones
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Toward mining of temporal roles
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Towards user-oriented RBAC model
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
SEC'13 Proceedings of the 22nd USENIX conference on Security
An optimization framework for role mining
Journal of Computer Security
| Hi-index | 0.00 |
Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. Essentially, there are two basic approaches to accomplish this: the top-down and the bottom-up. The top-down approach relies on a careful analysis of the business processes to define job functions and then specify appropriate roles from them. While this approach can aid in defining roles more accurately, it is tedious and time consuming since it requires that the semantics of the business processes be well understood. Moreover, it ignores existing permissions within an organization and does not utilize them. On the other hand, the bottom-up approach starts with existing permissions and attempts to derive roles from them, thus helping to automate role definition. In this paper, we present an unsupervised approach called RoleMiner that mines roles from existing user-permission assignments. Since a role is nothing but a set of permissions, when no semantics are available, the task of role mining is essentially that of clustering users that have same (or similar) permissions. However, unlike the traditional applications of data mining that ideally require identification of non-overlapping clusters, roles will have overlapping permission needs and thus permission sets that define roles should be allowed to overlap. It is this distinction from traditional clustering that makes the problem of role mining non-trivial. Our experiments with real and simulated data sets indicate that our role mining process is quite accurate and efficient.