Role Mining to Assist Authorization Governance: How Far Have We Gone?

The concept of role has revolutionized the access control systems by making them more efficient and by simplifying their management. Role mining is the discipline of automating the definition of roles in a given access control system. It is a vivid research area, which has attracted a growing interest in the last years. Research on role mining has produced several interesting contributions in this field, and has also raised several related issues toward leveraging them in actual enterprises. This paper is a comprehensive analysis of the main research directions around role mining and the future trends. The authors present the problem of role mining, the current achievements to solve it and the related open issues. With this objective, they define a complete and realistic business process for Role Mining, and the authors sequentially analyze the issues related to each step of the process by investigating the main contributions in the literature. They also point the unhandled issues and we highlight the future perspectives.

[1]  Joachim M. Buhmann,et al.  A class of probabilistic models for role engineering , 2008, CCS.

[2]  Vijayalakshmi Atluri,et al.  Extended Boolean Matrix Decomposition , 2009, 2009 Ninth IEEE International Conference on Data Mining.

[3]  Jérôme Amilhastre,et al.  Complexity of Minimum Biclique Cover and Minimum Biclique Decomposition for Bipartite Domino-free Graphs , 1998, Discret. Appl. Math..

[4]  Vijayalakshmi Atluri,et al.  Optimal Boolean Matrix Decomposition: Application to Role Engineering , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[5]  Vijayalakshmi Atluri,et al.  Migrating to optimal RBAC with minimal perturbation , 2008, SACMAT '08.

[6]  Ruixuan Li,et al.  Role mining based on weights , 2010, SACMAT '10.

[7]  Marianne Huchard,et al.  Performances of Galois Sub-hierarchy-building Algorithms , 2007, ICFCA.

[8]  Jorge Lobo,et al.  Mining Roles with Multiple Objectives , 2010, TSEC.

[9]  Joachim M. Buhmann,et al.  On the definition of role mining , 2010, SACMAT '10.

[10]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[11]  Alessandro Colantonio,et al.  A new role mining framework to elicit business roles and to mitigate enterprise risk , 2011, Decis. Support Syst..

[12]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[13]  Naren Ramakrishnan,et al.  Nonorthogonal decomposition of binary matrices for bounded-error data compression and analysis , 2006, TOMS.

[14]  Nora Cuppens-Boulahia,et al.  Towards Automated Assistance for Mined Roles Analysis in Role Mining Applications , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[15]  A. Laub,et al.  The singular value decomposition: Its computation and some applications , 1980 .

[16]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[17]  Alessandro Colantonio,et al.  Leveraging Lattices to Improve Role Mining , 2008, SEC.

[18]  Alessandro Colantonio,et al.  A formal framework to elicit roles with business meaning in RBAC systems , 2009, SACMAT '09.

[19]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[20]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[21]  Joachim M. Buhmann,et al.  A probabilistic approach to hybrid role mining , 2009, CCS.

[22]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[23]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[24]  Yuan Qi,et al.  Mining roles with noisy data , 2010, SACMAT '10.

[25]  Stéphane Coulondre,et al.  Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d'accès , 2007, Ingénierie des Systèmes d Inf..

[26]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[27]  Joachim M. Buhmann,et al.  Multi-assignment clustering for Boolean data , 2009, ICML '09.

[28]  Alessandro Colantonio,et al.  Visual Role Mining: A Picture Is Worth a Thousand Roles , 2012, IEEE Transactions on Knowledge and Data Engineering.

[29]  Ravi S. Sandhu,et al.  Roles in information security - A survey and classification of the research area , 2011, Comput. Secur..

[30]  Mao Bi,et al.  Role based Access Control Model , 2003 .

[31]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..