Role Mining in Access History Logs

A novel approach for role mining in the context of role engineering for role-based access control is developed in this paper. We propose a simple algorithm, based on the assumption that permissions from the same role appear near each other in the access history log. Closely cooccurring groups of permissions are selected as candidate roles and are ranked based on a novel heuristic, called role cohesion, that quantizes the permission proximity of a candidate role in the access log. High-rank roles are identified using the algorithm, which is tested with a simulation scenario.

[1]  Gerhard Schimpf,et al.  Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization , 2000, RBAC '00.

[2]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.

[3]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[4]  Ravi S. Sandhu,et al.  Engineering of role/permission assignments , 2001, Seventeenth Annual Computer Security Applications Conference.

[5]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[6]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[7]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Seunghun Jin,et al.  On modeling system-centric information for role engineering , 2003, SACMAT '03.

[10]  Michael P. Gallaher,et al.  Planning Report 02-1: The Economic Impact of Role-Based Access Control | NIST , 2002 .

[11]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[12]  M. Gallaher,et al.  The Economic Impact of Role-Based Access Control , 2002 .

[13]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[14]  American National Standard for Information Technology – Role Based Access Control , 2004 .