Finding an Optimum Set of Roles in a CPAC Model

Purpose-based access control models are widely applied in both governments and industry. According to users' attributes, users are required to dynamically act as various roles. Access permissions with roles are assigned to users that shows what can do for the purposes with certain conditions. Conditional role involved purpose-based access control models (CPAC) are designed for users to dynamically act with conditional roles. For efficiency of an access method, it is a challenging problem to find an optimal set of roles from an existing access control model. This paper devises a set of roles in implementing a CPAC model that can deal with the problem. We define a conditional role mining problem (CRMP) model that includes conditional roles and purposes. Algorithms are developed to discover an optimal set of roles from existing permissions in the access control model. Furthermore, based on practical situations, two different variations from CRMP are introduced. One is named δ-approx CRMP while the other is Minimal Noise CRMP. The two variations are not analysed in this paper but in future work.

[1]  Elisa Bertino,et al.  A role-involved purpose-based access control model , 2012, Inf. Syst. Frontiers.

[2]  Hua Wang,et al.  Editorial: Special Issue on Security and Privacy of IoT , 2017, World Wide Web.

[3]  Yanchun Zhang,et al.  Optimal Privacy-Aware Path in Hippocratic Databases , 2009, DASFAA.

[4]  Hua Wang,et al.  Injecting purpose and trust into data anonymisation , 2009, CIKM.

[5]  Yanchun Zhang,et al.  A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.

[6]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[7]  Hua Wang,et al.  Trust-Involved Access Control in Collaborative Open Social Networks , 2010, 2010 Fourth International Conference on Network and System Security.

[8]  Richard Chbeir,et al.  User Profile Matching in Social Networks , 2010, 2010 13th International Conference on Network-Based Information Systems.

[9]  Jian Pei,et al.  Publishing anonymous survey rating data , 2011, Data Mining and Knowledge Discovery.

[10]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[11]  Elisa Bertino,et al.  A Role-Involved Conditional Purpose-Based Access Control Model , 2010, EGES/GISP.

[12]  Sabah S. Al-Fedaghi,et al.  Beyond Purpose-Based Privacy Access Control , 2007, ADC.

[13]  Elisa Bertino,et al.  A Conditional Role-Involved Purpose-Based Access Control Model , 2011, J. Organ. Comput. Electron. Commer..

[14]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[15]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[16]  Hua Wang,et al.  Privacy-Preserving Task Recommendation Services for Crowdsourcing , 2021, IEEE Transactions on Services Computing.

[17]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[18]  Elisa Bertino,et al.  A conditional purpose-based access control model with dynamic roles , 2011, Expert Syst. Appl..

[19]  Jun Gu,et al.  Dynamic Purpose-Based Access Control , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[20]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[21]  Jian Pei,et al.  Mining frequent patterns without candidate generation , 2000, SIGMOD '00.

[22]  Ji Zhang,et al.  Outlier detection from large distributed databases , 2013, World Wide Web.

[23]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[24]  Yanchun Zhang,et al.  Satisfying Privacy Requirements Before Data Anonymization , 2012, Comput. J..

[25]  Jinli Cao,et al.  Ticket-Based Service Access Scheme for Mobile Users , 2002, ACSC.

[26]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[27]  Md. Enamul Kabir,et al.  Conditional Purpose Based Access Control Model for Privacy Protection , 2009, ADC.

[28]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[29]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[30]  Xiaohong Jiang,et al.  Editorial: Special issue on security and privacy in network computing , 2019, World Wide Web.

[31]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007, Third International Symposium on Information Assurance and Security.

[32]  Elisa Bertino,et al.  Protecting outsourced data in cloud computing through access management , 2016, Concurr. Comput. Pract. Exp..

[33]  M. Gallaher,et al.  The Economic Impact of Role-Based Access Control , 2002 .

[34]  Jiankun Hu,et al.  Seamless integration of dependability and security concepts in SOA: A feedback control system based framework and taxonomy , 2011, J. Netw. Comput. Appl..

[35]  Elisa Bertino,et al.  Privacy-Preserving User Profile Matching in Social Networks , 2020, IEEE Transactions on Knowledge and Data Engineering.

[36]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[37]  Georgios Kambourakis,et al.  Special issue on Security, Privacy and Trust in network-based Big Data , 2015, Inf. Sci..