Mining constraints in role-based access control

Abstract Constraints are an important aspect of role-based access control (RBAC) and sometimes argued to be the principal motivation of RBAC. While role engineering is proposed to define an architectural structure of the organization’s security policies, none of the work has employed constraint mining in migrating a non-RBAC system to an RBAC system to our knowledge, thus providing the motivation for this work. In this paper, we first define a wide variety of constraints, which are the best-known ones to date, and then create a relationship between the conventional data mining technology and the constraints. We further propose an anti-association rule mining algorithm to generate the constraints. Experiments on performance study prove the superiority of the new algorithm.

[1]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[2]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[3]  Kotagiri Ramamohanarao,et al.  Permission Set Mining: Discovering Practical and Useful Roles , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[4]  M. Gallaher,et al.  The Economic Impact of Role-Based Access Control , 2002 .

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Yuan Qi,et al.  Mining roles with noisy data , 2010, SACMAT '10.

[7]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[8]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[9]  Joachim M. Buhmann,et al.  A probabilistic approach to hybrid role mining , 2009, CCS.

[10]  Joachim M. Buhmann,et al.  On the definition of role mining , 2010, SACMAT '10.

[11]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[12]  Michael P. Gallaher,et al.  Planning Report 02-1: The Economic Impact of Role-Based Access Control | NIST , 2002 .

[13]  Bart Goethals,et al.  Tiling Databases , 2004, Discovery Science.

[14]  Božidar V. Popović,et al.  Mathematical and Computer Modelling , 2011 .

[15]  Hassan Takabi,et al.  StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy , 2010, SACMAT '10.

[16]  Ruixuan Li,et al.  Role mining based on weights , 2010, SACMAT '10.

[17]  T. Mexia,et al.  Author ' s personal copy , 2009 .

[18]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[19]  Vijayalakshmi Atluri,et al.  Optimal Boolean Matrix Decomposition: Application to Role Engineering , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[20]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[21]  Jeremy L. Jacob,et al.  The role-based access control system of a European bank: a case study and discussion , 2001, SACMAT '01.

[22]  Vijayalakshmi Atluri,et al.  Migrating to optimal RBAC with minimal perturbation , 2008, SACMAT '08.