Wei Sun scite author profile

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

show abstract

Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control

Sun

Xie

2020

Future Internet

View full text Add to dashboard Cite

Recently, attribute-based access control (ABAC) has received increasingly more attention and has emerged as the desired access control mechanism for many organizations because of its flexibility and scalability for authorization management, as well as its security policies, such as separation-of-duty constraints and mutually exclusive constraints. Policy-engineering technology is an effective approach for the construction of ABAC systems. However, most conventional methods lack interpretability, and their constructing processes are complex. Furthermore, they do not consider the separation-of-duty constraints. To address these issues in ABAC, this paper proposes a novel method called policy engineering optimization with visual representation and separation of duty constraints (PEO_VR&SOD). First, to enhance interpretability while mining a minimal set of rules, we use the visual technique with Hamming distance to reduce the policy mining scale and present a policy mining algorithm. Second, to verify whether the separation of duty constraints can be satisfied in a constructed policy engineering system, we use the method of SAT-based model counting to reduce the constraints and construct mutually exclusive constraints to implicitly enforce the given separation of duty constraints. The experiments demonstrate the efficiency and effectiveness of the proposed method and show encouraging results.

show abstract

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Sun

Liu

2019

Information

View full text Add to dashboard Cite

Role-based access control (RBAC) is one of the most popular access-control mechanisms because of its convenience for management and various security policies, such as cardinality constraints, mutually exclusive constraints, and user-capability constraints. Role-engineering technology is an effective method to construct RBAC systems. However, mining scales are very large, and there are redundancies in the mining results. Furthermore, conventional role-engineering methods not only do not consider more than one cardinality constraint, but also cannot ensure authorization security. To address these issues, this paper proposes a novel method called role-engineering optimization with cardinality constraints and user-oriented mutually exclusive constraints (REO_CCUMEC). First, we convert the basic role mining into a clustering problem, based on the similarities between users and use-partitioning and compression technologies, in order to eliminate redundancies, while maintaining its usability for mining roles. Second, we present three role-optimization problems and the corresponding algorithms for satisfying single or double cardinality constraints. Third, in order to evaluate the performance of authorizations in a role-engineering system, the maximal role assignments are implemented, while satisfying multiple security constraints. The theoretical analyses and experiments demonstrate the accuracy, effectiveness, and efficiency of the proposed method.

show abstract

Flexible Agent delegation model based on RBAC

Sun¹,

Wang²,

Wu³

2010

Journal of Computer Applications

View full text Add to dashboard Cite

Synthesis and glycosidase inhibition evaluation of (3S,4S)-3-((R)-1,2-dihydroxyethyl)pyrrolidine-3,4-diol

Zhang

Bai

Sun

et al. 2016

Carbohydrate Research

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Wei Sun

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Flexible Agent delegation model based on RBAC

Synthesis and glycosidase inhibition evaluation of (3S,4S)-3-((R)-1,2-dihydroxyethyl)pyrrolidine-3,4-diol

Contact Info

Product

Resources

About