Algorithms for mining meaningful roles

Xu, Zhongyuan; Stoller, Scott D.

doi:10.1145/2295136.2295146

Cited by 50 publications

(86 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This assumption is based on the claims of several publications (e.g. (Xu and Stoller, 2012), (Zhang et al, 2013b)) of outperforming competitive approaches in terms of the quality of generated roles. A total of 23 different quality criteria can be identified.…”

Section: Quality-related Criteriamentioning

confidence: 99%

See 1 more Smart Citation

Analyzing Quality Criteria in Role-based Identity and Access Management

Kunz

Fuchs

Netter

et al. 2015

Proceedings of the 1st International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Abstract:Roles have turned into the de facto standard for access control in enterprise identity management systems. However, as roles evolve over time, companies struggle to develop and maintain a consistent role model. Up to now, the core challenge of measuring the current quality of a role model and selecting criteria for its optimization remains unsolved. In this paper, we conduct a survey of existing role mining techniques and identify quality criteria inherently used by these approaches. This guides organizations during the selection of a role mining technique that matches their company-specific quality preferences. Moreover, our analysis aims to stimulate the research community to integrate quality metrics in future role mining approaches.

show abstract

Section: Quality-related Criteriamentioning

confidence: 99%

“…Furthermore, restrictions on the composition of a role, e.g. by allowing only certain attributes of users in a role are possible (Xu and Stoller, 2012).…”

Section: Quality-related Criteriamentioning

confidence: 99%

Analyzing Quality Criteria in Role-based Identity and Access Management

Kunz

Fuchs

Netter

et al. 2015

Proceedings of the 1st International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Xu and Stoller [19] propose algorithms for role mining which optimize a number of policy quality metrics. Verde et al present an approach in [18] to make role mining applicable to large datasets and hence scalable.…”

Section: Related Workmentioning

confidence: 99%

Toward Mining of Temporal Roles

Mitra

Sural

Atluri

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In Role-Based Access Control (RBAC), users acquire permissions through their assigned roles. Role mining, the process of finding a set of roles from direct user-permission assignments, is essential for successful implementation of RBAC. In many organizations it is often required that users are given permissions that can vary with time. To handle such requirements, temporal extensions of RBAC like Temporal-RBAC (TRBAC) and Generalized Temporal Role-Based Access Control (GTRBAC) have been proposed. Existing role mining techniques, however, cannot be used to process the temporal element associated with roles in these models. In this paper, we propose a method for mining roles in the context of TRBAC. First we formally define the Temporal Role Mining Problem (TRMP), and then show that the TRMP problem is NP-complete and present a heuristic approach for solving it.

show abstract

“…Our algorithm always generates policies with full inheritance [13]. This implies that a role hierarchy edge in RH all is included in the result policy whenever the roles that it connects are included in the policy.…”

Section: Mining Hierarchical Prbac Policies: Elimination Algorithmmentioning

confidence: 99%

“…Third, the algorithm decides which of the candidate roles generated in the first two steps to include in the final policy. Inspired by [13], we consider two strategies for this. The elimination strategy repeatedly removes low-quality roles from the set of candidate roles, until no more roles can be removed without losing some of the permissions granted in the given ACL policy.…”

Section: Introductionmentioning

confidence: 99%

Mining parameterized role-based policies

Stoller

2013

Proceedings of the Third ACM Conference on Data and Application Security and Privacy

Self Cite

View full text Add to dashboard Cite

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) framework in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and reports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.

show abstract

Algorithms for mining meaningful roles

Cited by 50 publications

References 13 publications

Analyzing Quality Criteria in Role-based Identity and Access Management

Analyzing Quality Criteria in Role-based Identity and Access Management

Toward Mining of Temporal Roles

Mining parameterized role-based policies

Contact Info

Product

Resources

About