MINING ROLES USING ATTRIBUTES OF PERMISSIONS

Recently, many approaches were proposed to generate roles using automatic techniques. However, most of these approaches generate many composite roles because they only optimize minimality of the state in role-based access control (RBAC). The responsibility of the composite roles is complex and hardly interpretable, which weakens the robustness of the RBAC state. In this paper, we propose to use operations and resources of permissions as the functional information in role mining algorithm and present a novel approach, role mining with functional features (FMiner), to reduce composite roles. The FMiner approach is a two-phase solution. Firstly, an initial RBAC state is built by formal concept analysis theory. Secondly, relative closeness is defined to measure the functional similarity between roles. We optimize the relative closeness and minimality of the initial RBAC state simultaneously. The experimental results demonstrate the effectiveness of the proposed approach on reducing composite roles.

[1]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[2]  Mark Strembeck,et al.  A scenario-driven role engineering process for functional RBAC roles , 2002, SACMAT '02.

[3]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[4]  Vincent S. Tseng,et al.  A Novel Algorithm for Mining Fuzzy High Utility Itemsets , 2009 .

[5]  Joachim M. Buhmann,et al.  A class of probabilistic models for role engineering , 2008, CCS.

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Alessandro Colantonio,et al.  A cost-driven approach to role engineering , 2008, SAC '08.

[8]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[9]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[10]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[11]  Ruixuan Li,et al.  Role mining based on weights , 2010, SACMAT '10.

[12]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[13]  Vijayalakshmi Atluri,et al.  The Role Hierarchy Mining Problem: Discovery of Optimal Role Hierarchies , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[14]  Hassan Takabi,et al.  StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy , 2010, SACMAT '10.

[15]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[16]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[17]  Joachim M. Buhmann,et al.  On the definition of role mining , 2010, SACMAT '10.

[18]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[20]  Kotagiri Ramamohanarao,et al.  Permission Set Mining: Discovering Practical and Useful Roles , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[21]  Joachim M. Buhmann,et al.  A probabilistic approach to hybrid role mining , 2009, CCS.

[22]  Mark Strembeck,et al.  Deriving role engineering artifacts from business processes and scenario models , 2011, SACMAT '11.

[23]  George Karypis,et al.  C HAMELEON : A Hierarchical Clustering Algorithm Using Dynamic Modeling , 1999 .