Role Mining for Engineering and Optimizing Role Based Access Control Systems

Get BibTex-formatted data

Download

PDF

Author

Ninghui Li, Tiancheng Li, Ian Mollog, Qihua Wang, Elisa Bertino, Seraphic Calo, Jorge Lobo

Tech report number

CERIAS TR 2007-60

Entry type

techreport

Abstract

Role engineering is the process of designing an RBAC system. A promising approach to role engineering is role mining, which uses data mining techniques to find an RBAC system from existing permission assignment data. Role mining techniques are also useful for optimizing and refactoring an existing RBAC system, which can become increasingly chaotic over time. In this paper we study the problem of mining an RBAC system that optimizes some objective measure of ``goodness'' for RBAC systems. We introduce the weighted structural complexity measure, which sums up the sizes of different RBAC system components (e.g., the number of roles, the number of user-role assignments, etc.), possibly with different weights for each component. Different optimization objectives can be achieved by choosing different weight combinations. We show that the optimization problem is NP-complete. We then develop heuristic techniques for mining RBAC systems with low weighted structural complexity. We show that the problem of mining a hierarchical RBAC system is closely related to formal concept analysis, and develop an algorithm using the notion of a concept lattice. We also introduce new approaches to generating synthetic data for evaluating role mining techniques. Our experiments show that our algorithms outperform existing approaches.

Download

PDF

Date

2007 – 11 – 30

Key alpha

LLM+07

Affiliation

Purdue University, IBM T.J.Watson Research Center

Publication Date

2007-11-30

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ LLM+07,
	title = "Role Mining for Engineering and Optimizing Role Based Access Control Systems
",
	author = "Ninghui Li, Tiancheng Li, Ian Mollog, Qihua Wang, Elisa Bertino, Seraphic Calo, Jorge Lobo",
	year = "2007",
	month = "11",
	day = "30",
	abstract = "Role engineering is the process of designing an RBAC system.  A promising approach to
role engineering is role mining, which uses data mining techniques to find an RBAC system
from existing permission assignment data.  Role mining techniques are also useful for
optimizing and refactoring an existing RBAC system, which can become increasingly chaotic
over time. In this paper we study the problem of mining an RBAC system that optimizes
some objective measure of ``goodness'' for RBAC systems. We introduce the weighted
structural complexity measure, which sums up the sizes of different RBAC system
components (e.g., the number of roles, the number of user-role assignments, etc.),
possibly with different weights for each component. Different optimization objectives can
be achieved by choosing different weight combinations.  We show that the optimization
problem is NP-complete.  We then develop heuristic techniques for mining RBAC systems
with low weighted structural complexity. We show that the problem of mining a
hierarchical RBAC system is closely related to formal concept analysis, and develop an
algorithm using the notion of a concept lattice. We also introduce new approaches to
generating synthetic data for evaluating role mining techniques. Our experiments show
that our algorithms outperform existing approaches.
",
	affiliation = "Purdue University, IBM T.J.Watson Research Center",
}