Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

Sun, Wei; Wei, Shiwei; Guo, Huaping; Liu, Hongbing

doi:10.3390/fi11090201

Cited by 4 publications

(4 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to these methods for satisfying cardinality constraints, Sarana et al [40] proposed three role-optimization methods, including separation-of-duty constraints either, during, or after, the mining process. In order to satisfy separation-of-duty constraints and ensure authorization security, Sun et al [41] proposed a method called role-mining optimization, with separation-of-duty constraints and security detection for authorizations.…”

Section: Methods Of Role Optimizationmentioning

confidence: 99%

See 1 more Smart Citation

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Sun

Liu

2019

Information

Self Cite

View full text Add to dashboard Cite

Role-based access control (RBAC) is one of the most popular access-control mechanisms because of its convenience for management and various security policies, such as cardinality constraints, mutually exclusive constraints, and user-capability constraints. Role-engineering technology is an effective method to construct RBAC systems. However, mining scales are very large, and there are redundancies in the mining results. Furthermore, conventional role-engineering methods not only do not consider more than one cardinality constraint, but also cannot ensure authorization security. To address these issues, this paper proposes a novel method called role-engineering optimization with cardinality constraints and user-oriented mutually exclusive constraints (REO_CCUMEC). First, we convert the basic role mining into a clustering problem, based on the similarities between users and use-partitioning and compression technologies, in order to eliminate redundancies, while maintaining its usability for mining roles. Second, we present three role-optimization problems and the corresponding algorithms for satisfying single or double cardinality constraints. Third, in order to evaluate the performance of authorizations in a role-engineering system, the maximal role assignments are implemented, while satisfying multiple security constraints. The theoretical analyses and experiments demonstrate the accuracy, effectiveness, and efficiency of the proposed method.

show abstract

Section: Methods Of Role Optimizationmentioning

confidence: 99%

“…To simulate the actual scenarios while satisfying the security requirements in the role-engineering system, we adopt the method of generating the t-t SMER constraints [41]. The value of the cardinality constraint is greater than or equal to 2, and the density of the user-capability matrix changes from 0.4 to 0.6 with a step of 0.05.…”

Section: Methodsmentioning

confidence: 99%

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Sun

Liu

2019

Information

Self Cite

View full text Add to dashboard Cite

show abstract

“…Sarana et al [41] proposed three methods for role optimization with the separation-of-duty constraints. To satisfy separation-ofduty constraints while ensuring authorization security, Sun et al [42] constructed various mutually exclusive constraints to implement the given separation-of-duty constraints, converted the authorization query problem into a partial maximal satisfiability problem, and proposed a novel role-mining optimization method.…”

Section: Role Engineering With Constraintsmentioning

confidence: 99%

Hybrid Role-Engineering Optimization with Multiple Cardinality Constraints Using Natural Language Processing and Integer Linear Programming Techniques

Sun

2022

Mobile Information Systems

Self Cite

View full text Add to dashboard Cite

Role-based access control (RBAC) is a widely popular access control mechanism because of its convenience for authorization administration, as well as various security policies, such as separation-of-duty constraints and cardinality constraints. In recent few years, role-engineering technology has emerged as an efficient approach to construct optimal RBAC systems. However, the top-down approaches are labor-intensive and error-prone; the bottom-up approaches lack flexibility and scalability as the organizational requirements change dynamically, and cannot generate valuable or meaningful roles that are relevant to actual application scenarios. Furthermore, most conventional methods do not consider multiple cardinality constraints. To address these issues, this paper proposes a novel hybrid role-engineering method. First, to develop an initial access control system while alleviating manual workloads, we use the natural language processing techniques to extract machine-readable and machine-enforceable access control policies from the top-down natural language requirement documents. Second, to flexibly meet diverse organizational requirements while enhancing the security of role-engineering processes, according to different evaluation measures or optimization objectives, we define several variants of the optimization problem with multiple cardinality constraints via Boolean matrix decomposition and present a unified modelling framework for these variants using integer linear programming technique. Third, to verify whether the constraints can be satisfied in the constructed access control system, we present the heuristic optimization algorithms in the bottom-up ways. The experimental evaluations demonstrate the effectiveness and efficiency of the proposed method.

show abstract

“…A role mining framework was proposed in [25] taking into account the organizational entity-relation information. The work done in [26], [27] showed the role mining and role engineering optimization with separation of duty and cardinality constraints.…”

Section: Related Workmentioning

confidence: 99%

Intelligent Role-Based Access Control Model and Framework Using Semantic Business Roles in Multi-Domain Environments

et al. 2020

View full text Add to dashboard Cite

Today's rapidly developing communication technologies and dynamic collaborative business models made the security of data and resources more crucial than ever especially in multi-domain environments like Cloud and Cyber-Physical Systems (CPS). It enforced the research community to develop enhanced access control techniques and models for resources across multi-domain distributed environments so that the security requirements of all participating organizations can be fulfilled through considering dynamicity of changing environments and versatility of access control policies. The popularity of Role-Based Access Control (RBAC) model is irrefutable because of low administrative overhead and largescale implementation in business organizations. However, it does not incorporate the dynamically changing policies and lacks semantically meaningful business roles which could have a diverse impact upon access decisions in multi-domain business environments. This paper describes our proposed novel access control framework that uses semantic business roles and intelligent agents through implementation of our Intelligent RBAC (I-RBAC) model. It encompasses occupational entitlements as roles for multiple domains. We use the dataset of original occupational roles provided by Standard Occupational Classification (SOC), USA. The novelty of the paper lies in developing a core I-RBAC ontology using real-world semantic business roles and intelligent agent technologies together for achieving required level of access control in highly dynamic multi-domain environment. The intelligent agents use WordNet and bidirectional LSTM deep neural network for automated population of organizational ontology from unstructured text policies. This dynamically learned organizational ontology is further matched with our core I-RBAC ontology in order to extract unified semantic business roles. The proposed I-RBAC model is mathematically described and the overall I-RBAC framework and its implementation architecture is explained. At the end, the I-RBAC model is validated through the implementation results that show a linear runtime trend of the model in presence of a large number of permission assignments and multiple queries.

show abstract

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

Cited by 4 publications

References 39 publications

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Hybrid Role-Engineering Optimization with Multiple Cardinality Constraints Using Natural Language Processing and Integer Linear Programming Techniques

Intelligent Role-Based Access Control Model and Framework Using Semantic Business Roles in Multi-Domain Environments

Contact Info

Product

Resources

About