Author
Ninghui Li, Tiancheng Li, Ian Mollog, Qihua Wang, Elisa Bertino, Seraphic Calo, Jorge Lobo
Abstract
Role engineering is the process of designing an RBAC system. A promising approach to
role engineering is role mining, which uses data mining techniques to find an RBAC system
from existing permission assignment data. Role mining techniques are also useful for
optimizing and refactoring an existing RBAC system, which can become increasingly chaotic
over time. In this paper we study the problem of mining an RBAC system that optimizes
some objective measure of ``goodness'' for RBAC systems. We introduce the weighted
structural complexity measure, which sums up the sizes of different RBAC system
components (e.g., the number of roles, the number of user-role assignments, etc.),
possibly with different weights for each component. Different optimization objectives can
be achieved by choosing different weight combinations. We show that the optimization
problem is NP-complete. We then develop heuristic techniques for mining RBAC systems
with low weighted structural complexity. We show that the problem of mining a
hierarchical RBAC system is closely related to formal concept analysis, and develop an
algorithm using the notion of a concept lattice. We also introduce new approaches to
generating synthetic data for evaluating role mining techniques. Our experiments show
that our algorithms outperform existing approaches.