Summary
Role‐based access control (RBAC) has been widely used based on its good applicability and high flexibility in recent years. However, the RBAC system needs to be updated to meet the changes in access control policies during its run time. As the complexity of modifying role‐permission assignments, new roles are continuously added to the system without considering the business processes and the user demands. Therefore, the RBAC system needs to be reconfigured over time to optimize the RBAC configuration and keep as close as possible to the original at the same time. Although there have several RBAC reconfiguration schemes by generating roles that are similar to the deployed ones, most of them neglect the difference between roles (meaningful or meaningless, frequently used, or infrequently used, etc) and generate more roles than needed, which in turn increases the system management burden. In this paper, we first propose a method to evaluate the quality of roles based on two indicators and formally define the problem of RBAC reconfiguration with minimal roles and perturbation. Then, we present a log‐based RBAC reconfiguration approach that handles the motivation problem and its detail algorithm process. The effectiveness and stability of our approach is demonstrated by experiments at last.