Role Mining under Role-Usage Cardinality Constraint
نویسندگان
چکیده
With the emergence of Role Based Access Control (RBAC) as the de facto access control model, organizations can now implement and manage many high level security policies. As a means of migration from traditional access control systems to RBAC, di↵erent role mining algorithms have been proposed in recent years for finding a minimal set of roles from existing user-permission assignments. While determining such roles, it is often required that certain security objectives are satisfied. A common goal is to enforce the role-usage cardinality constraint, which limits the maximum number of roles any user can have. In this paper, we propose two alternative approaches for role mining with an upper bound on the number of roles that can be assigned to each user, and validate their performance with benchmark data sets.
منابع مشابه
Visual Approach to Role Mining with Permission Usage Cardinality Constraint
Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. This paper offers a new role engineering approach to RBAC, referred to as visual role mining. The key idea is to graphically represent userpermission assignments to enable quick analysis and elicitation of meaningful roles with constraint. There are two algorithms: ...
متن کاملRole mining based on permission cardinality constraint and user cardinality constraint
Constraint is an essential aspect of RBAC and is sometimes argued to be the principle motivation for RBAC. However, most of role mining algorithms don’t consider the constraint. Furthermore, they just compare the least cost of the authorization process while don’t consider how to assess the accuracy of the derived role state, thus providing the motivation for this work. In this paper, we first ...
متن کاملConstrained Role Mining
Role Based Access Control (RBAC) is a very popular access control model, for long time investigated and widely deployed in the security architecture of different enterprises. To implement RBAC, roles have to be firstly identified within the considered organization. Usually the process of (automatically) defining the roles in a bottom up way, starting from the permissions assigned to each user, ...
متن کاملCardinality Constraint Access Control Model and Implementation
Analysis constraints and its diversity in security access control model. Cardinality is a common constraint in access control model. An extended cardinality constraint access control model is established. According to actual demand, we describe the user-role, user-session, role-session cardinality constraints based on the RBAC model. The differences between static and dynamic cardinality constr...
متن کاملMining Cardinalities from Knowledge Bases
Cardinality is an important structural aspect of data that has not received enough attention in the context of RDF knowledge bases (KBs). Information about cardinalities can be useful for data users and knowledge engineers when writing queries, reusing or engineering KBs. Such cardinalities can be declared using OWL and RDF constraint languages as constraints on the usage of properties over ins...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012