A Data-Centric Approach to Quality Estimation of Role Mining Results

Role mining has been extensively used to automatically generate roles for role-based access control. Nevertheless, the two core problems in role mining, role minimization and edge concentration, are both NP-hard. While many approximate algorithms have been developed to solve the problems, experimental tests disclose that no algorithm clearly outperforms the others in both role minimization and edge concentration. The performance results highly depend on the data set under study. To determine the right role mining algorithm, a trial-and-error approach is time consuming due to the computational overhead in mining large data set. We tackle the problem from a fresh angle. Instead of developing fast role mining algorithms, we adopt a data-centric approach that quickly estimates the bounds on optimal role mining results without actually running any role mining algorithm. Based on the inherent features of the data set, the approach can also determine whether it is easy to achieve both role minimization and edge concentration, and if not, which direction, role minimization or edge concentration, that role mining could move toward further.

[1]  M E J Newman,et al.  Modularity and community structure in networks. , 2006, Proceedings of the National Academy of Sciences of the United States of America.

[2]  Vijayalakshmi Atluri,et al.  Constraint-Aware Role Mining via Extended Boolean Matrix Decomposition , 2012, IEEE Transactions on Dependable and Secure Computing.

[3]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[4]  Joachim M. Buhmann,et al.  Role Mining with Probabilistic Models , 2013, TSEC.

[5]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[6]  Jorge Lobo,et al.  Mining Roles with Multiple Objectives , 2010, TSEC.

[7]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[8]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[9]  Alessandro Colantonio,et al.  A new role mining framework to elicit business roles and to mitigate enterprise risk , 2011, Decis. Support Syst..

[10]  Richard M. Karp,et al.  A n^5/2 Algorithm for Maximum Matchings in Bipartite Graphs , 1971, SWAT.

[11]  Stelvio Cimato,et al.  Constrained Role Mining , 2012, STM.

[12]  Alessandro Colantonio,et al.  Visual Role Mining: A Picture Is Worth a Thousand Roles , 2012, IEEE Transactions on Knowledge and Data Engineering.

[13]  Shamik Sural,et al.  Mining RBAC Roles under Cardinality Constraint , 2010, ICISS.

[14]  Nora Cuppens-Boulahia,et al.  Role Mining to Assist Authorization Governance: How Far Have We Gone? , 2012, Int. J. Secur. Softw. Eng..

[15]  J. R. Johnson,et al.  Implementation of Strassen's Algorithm for Matrix Multiplication , 1996, Proceedings of the 1996 ACM/IEEE Conference on Supercomputing.

[16]  Leo Katz,et al.  A new status index derived from sociometric analysis , 1953 .

[17]  Ian Molloy Automatic migration to role based access control , 2010 .

[18]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[19]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[20]  Kathryn Fraughnaugh,et al.  Introduction to graph theory , 1973, Mathematical Gazette.

[21]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[22]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[23]  Xuemin Lin On the computational complexity of edge concentration , 2000, Discret. Appl. Math..

[24]  Alessandro Colantonio,et al.  Taming role mining complexity in RBAC , 2010, Comput. Secur..

[25]  Vijayalakshmi Atluri,et al.  Role Mining under Role-Usage Cardinality Constraint , 2012, SEC.

[26]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[27]  Vijayalakshmi Atluri,et al.  Role Mining in the Presence of Separation of Duty Constraints , 2015, ICISS.

[28]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[29]  Stephen P. Borgatti,et al.  Social Network Analysis, Two-Mode Concepts in , 2009, Encyclopedia of Complexity and Systems Science.

[30]  Vijayalakshmi Atluri,et al.  An optimization framework for role mining , 2014, J. Comput. Secur..

[31]  Vijayalakshmi Atluri,et al.  Meeting Cardinality Constraints in Role Mining , 2015, IEEE Transactions on Dependable and Secure Computing.

[32]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[33]  Vijayalakshmi Atluri,et al.  Edge-RMP: Minimizing administrative assignments for role-based access control , 2009, J. Comput. Secur..

[34]  Young Bae Jun,et al.  Linear operators that preserve graphical properties of matrices: Isolation numbers , 2014 .

[35]  Ruixuan Li,et al.  Role mining based on cardinality constraints , 2015, Concurr. Comput. Pract. Exp..

[36]  Vijayalakshmi Atluri,et al.  The Role Hierarchy Mining Problem: Discovery of Optimal Role Hierarchies , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[37]  Michael Netter,et al.  How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining , 2015, ICISSP.

[38]  Richard M. Karp,et al.  A n^5/2 Algorithm for Maximum Matchings in Bipartite Graphs , 1971, SWAT.

[39]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.