Role mining refers to the problem of discovering an optimal set of roles from existing user permissions. In most role mining algorithms, the full set of user-permission assignments (UPA) is given as input. The challenge we are facing in the current paper is mining roles from actual web-application usage information. This information is collected by monitoring the access of users to application during a period of time. We analyze the actual permissions required to access the application in each user's session, and construct a set of user-permission assignments, which result in an incomplete UPA. We propose an algorithm that uses the session permission information to overcome the deficient data. We show by example how each step of the algorithm overcomes by heuristic instances of higher uncertainty. We demonstrate by simulation the efficiency of our algorithm in handling different levels of deficient data.
[1]
Jaideep Vaidya,et al.
RoleMiner: mining roles using subset enumeration
,
2006,
CCS '06.
[2]
Yuan Qi,et al.
Mining roles with noisy data
,
2010,
SACMAT '10.
[3]
Vijayalakshmi Atluri,et al.
The role mining problem: finding a minimal descriptive set of roles
,
2007,
SACMAT '07.
[4]
Jorge Lobo,et al.
Mining roles with semantic meanings
,
2008,
SACMAT '08.
[5]
Vijayalakshmi Atluri,et al.
The role mining problem: A formal perspective
,
2010,
TSEC.
[6]
Ulrike Steffens,et al.
Role mining with ORCA
,
2005,
SACMAT '05.
[7]
Sushil Jajodia,et al.
Data and Applications Security and Privacy XXIV
,
2010
.
[8]
Vijayalakshmi Atluri,et al.
Role Mining in the Presence of Noise
,
2010,
DBSec.