A Scalable Role Mining Approach for Large Organizations

Role-based access control (RBAC) model has gained significant attention in cybersecurity in recent years. RBAC restricts system access only to authorized users based on the roles and regulations within an organization. The flexibility and usability of this model have encouraged organizations to migrate from traditional discretionary access control (DAC) models to RBAC. However, this transition requires accomplishing a very challenging task called role mining in which users' roles are generated from the existing access control lists. Although various approaches have been proposed to address this NP-complete problem in the literature, they suffer either from low scalability such that their execution time increases exponentially with the input size, or they rely on fast heuristics with low optimality that generate too many roles. In this paper, we introduce a highly scalable yet optimal approach to tackle the role mining problem. To this end, we utilize a non-negative rank reduced matrix decomposition method to decompose a large-scale user-permission assignment into two constitutive components, i.e. the user-role and role-permission assignments. Then, we apply a thresholding technique to convert real-valued components into binary-valued factors. We employ various access control configurations and demonstrate that our proposed model is able to effectively discover the latent relationship behind the user-permission data even with large datasets.

[1]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[2]  Michael W. Berry,et al.  Algorithms and applications for approximate nonnegative matrix factorization , 2007, Comput. Stat. Data Anal..

[3]  Hassan Takabi,et al.  StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy , 2010, SACMAT '10.

[4]  Vijayalakshmi Atluri,et al.  Optimal Boolean Matrix Decomposition: Application to Role Engineering , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[5]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[6]  H. Sebastian Seung,et al.  Algorithms for Non-negative Matrix Factorization , 2000, NIPS.

[7]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[8]  Farnoush Banaei Kashani,et al.  An Accurate and Scalable Role Mining Algorithm based on Graph Embedding and Unsupervised Feature Learning , 2020, HICSS.

[9]  Michael W. Berry,et al.  Document clustering using nonnegative matrix factorization , 2006, Inf. Process. Manag..

[10]  Trupti M. Kodinariya,et al.  Review on determining number of Cluster in K-Means Clustering , 2013 .

[11]  Tai-Myung Chung,et al.  Context-Role Based Access Control for Context-Aware Application , 2006, HPCC.

[12]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[13]  Vijayalakshmi Atluri,et al.  An optimization framework for role mining , 2014, J. Comput. Secur..

[14]  Yuan Qi,et al.  Mining roles with noisy data , 2010, SACMAT '10.

[15]  Ruck Thawonmas,et al.  Bounded-SVD: A Matrix Factorization Method with Bound Constraints for Recommender Systems , 2015, 2015 International Conference on Emerging Information Technology and Engineering Solutions.

[16]  H. Sebastian Seung,et al.  Learning the parts of objects by non-negative matrix factorization , 1999, Nature.

[17]  Axel Bucker Identity Management Design Guide With IBM Tivoli Identity Manager , 2005 .

[18]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[19]  Nanda Kambhatla,et al.  Dimension Reduction by Local Principal Component Analysis , 1997, Neural Computation.

[20]  Seog Park,et al.  Context-Aware Role Based Access Control Using User Relationship , 2013 .

[21]  Zhe Chen,et al.  RMMDI: A Novel Framework for Role Mining Based on the Multi-Domain Information , 2019, Secur. Commun. Networks.

[22]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[23]  Alessandro Colantonio,et al.  Taming role mining complexity in RBAC , 2010, Comput. Secur..

[24]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[25]  C. R. Ramakrishnan,et al.  Efficient policy analysis for administrative role based access control , 2007, CCS '07.

[26]  Young Ik Eom,et al.  CA-RBAC: Context Aware RBAC Scheme in Ubiquitous Computing Environments , 2010, J. Inf. Sci. Eng..

[27]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[28]  Mohamed Shehab,et al.  Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach , 2015, SACMAT.

[29]  Kotagiri Ramamohanarao,et al.  Permission Set Mining: Discovering Practical and Useful Roles , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[30]  Marinka Zitnik,et al.  Fast optimization of non-negative matrix tri-factorization , 2019, PloS one.

[31]  R. L. Thorndike Who belongs in the family? , 1953 .

[32]  Debajyoti Mukhopadhyay,et al.  Matrix Factorization Model in Collaborative Filtering Algorithms: A Survey , 2015 .

[33]  Muhammad Nabeel Tahir C-RBAC: Contextual role-based access control model , 2007 .