research-article

A simple role mining algorithm

Authors:

Carlo Blundo,

Stelvio CimatoAuthors Info & Claims

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

Pages 1958 - 1962

https://doi.org/10.1145/1774088.1774503

Published: 22 March 2010 Publication History

Get Access

Abstract

Complex organizations need to establish access control policies in order to manage access to restricted resources. Role Based Access Control paradigm has been introduced in '90 years aiming at simplifying the management of centralized access control. The definition of a good set of roles in order to match the organizational requirements of a company is a problem partially solved by role mining techniques, which return automatically a set of roles compatible with the permissions assigned to users. Unfortunately, the problem of finding an optimal role set has been proved to be NP-hard; so heuristics have been introduced in order to approximate the optimal solution. In this work we propose a novel heuristic and compare its results showing its efficiency and effectiveness.

References

[1]

C. Blundo and S. Cimato. A simple approach to role mining problem. Internal notes, 2009.

Google Scholar

[2]

A. Bucker. Identity management design guide with ibm tivoli identity manager, 2005.

Digital Library

Google Scholar

[3]

E. J. Coyne. Role engineering. In ACM Workshop on Role-Based Access Control, 1995.

Digital Library

Google Scholar

[4]

A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. Fast exact and heuristic methods for role minimization problems. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pages 1--10, USA, 2008.

Digital Library

Google Scholar

[5]

D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. ACM Transaction on Information System Security, 4(3):224--274, 2001.

Digital Library

Google Scholar

[6]

M. Frank, D. A. Basin, and J. M. Buhmann. A class of probabilistic models for role engineering. In ACM Conference on Computer and Communications Security, pages 299--310. ACM, 2008.

Digital Library

Google Scholar

[7]

Q. Guo, J. Vaidya, and V. Atluri. The role hierarchy mining problem: Discovery of optimal role hierarchies. In Computer Security Applications Conference, 2008. ACSAC 2008. Annual, pages 237--246, Dec. 2008.

Digital Library

Google Scholar

[8]

I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with semantic meanings. In SACMAT '08, pages 21--30, New York, NY, USA, 2008.

Digital Library

Google Scholar

[9]

I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo. Evaluating role mining algorithms. In B. Carminati and J. Joshi, eds, SACMAT, pp 95--104. ACM, 2009.

Digital Library

Google Scholar

[10]

R. Schreiber. Datasets used for role mining experiments. http://www.hpl.hp.com/personal/Robert_Schreiber/

Google Scholar

[11]

Scilab Consortium. Scilab: The open source platform for numerical computation. http://www.scilab.org/, Ver. 4--1 (for MacOS 10.4).

Google Scholar

[12]

J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: finding a minimal descriptive set of roles. In SACMAT '07, pages 175--184, New York, NY, USA, 2007. ACM.

Digital Library

Google Scholar

[13]

J. Vaidya, V. Atluri, and J. Warner. Roleminer: mining roles using subset enumeration. In CCS '06, pages 144--153, New York, NY, USA, 2006. ACM.

Digital Library

Google Scholar

[14]

D. Zhang, K. Ramamohanarao, and T. Ebringer. Role engineering using graph optimisation. In SACMAT '07, pages 139--144, New York, NY, USA, 2007. ACM.

Digital Library

Google Scholar

Cited By

View all

Anderer SScheuermann BMostaghim S(2024)Studies on Multi-objective Role Mining in ERP SystemsEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-57712-3_6(81-96)Online publication date: 2024
https://doi.org/10.1007/978-3-031-57712-3_6
Anderer SKempter TScheuermann BMostaghim S(2023)Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary AlgorithmsSN Computer Science10.1007/s42979-023-01805-14:4Online publication date: 24-May-2023
https://doi.org/10.1007/s42979-023-01805-1
Anderer SScheuermann BMostaghim S(2023)Evolutionary Optimization of Roles for Access Control in Enterprise Resource Planning SystemsComputational Intelligence10.1007/978-3-031-46221-4_1(1-23)Online publication date: 3-Nov-2023
https://doi.org/10.1007/978-3-031-46221-4_1
Show More Cited By

Recommendations

Mining parameterized role-based policies
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a ...
Role-based delegation: models and mechanisms
Role-Mining in Business: Taming Role-Based Access Control Administration

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

March 2010

2712 pages

ISBN:9781605586397

DOI:10.1145/1774088

Conference Chairs:
Sung Y. Shin
South Dakota State University
,
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Michael Schumacher
University of Applied Sciences Western Switzerland, Switzerland
,
Program Chairs:
Mathew J. Palakal
Indiana University Purdue University
,
Chih-Cheng Hung
Southern Polytechnic State University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Sixth Framework Programme

Conference

SAC'10

Sponsor:

SIGAPP

SAC'10: The 2010 ACM Symposium on Applied Computing

March 22 - 26, 2010

Sierre, Switzerland

Acceptance Rates

SAC '10 Paper Acceptance Rate 364 of 1,353 submissions, 27%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
271
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Anderer SScheuermann BMostaghim S(2024)Studies on Multi-objective Role Mining in ERP SystemsEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-57712-3_6(81-96)Online publication date: 2024
https://doi.org/10.1007/978-3-031-57712-3_6
Anderer SKempter TScheuermann BMostaghim S(2023)Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary AlgorithmsSN Computer Science10.1007/s42979-023-01805-14:4Online publication date: 24-May-2023
https://doi.org/10.1007/s42979-023-01805-1
Anderer SScheuermann BMostaghim S(2023)Evolutionary Optimization of Roles for Access Control in Enterprise Resource Planning SystemsComputational Intelligence10.1007/978-3-031-46221-4_1(1-23)Online publication date: 3-Nov-2023
https://doi.org/10.1007/978-3-031-46221-4_1
Blundo CCimato SSiniscalchi L(2022)Heuristics for constrained role mining in the post-processing frameworkJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03648-114:8(9925-9937)Online publication date: 25-Jan-2022
https://doi.org/10.1007/s12652-021-03648-1
Anderer SSchrader FScheuermann BMostaghim S(2022)Evolutionary Algorithms for the Constrained Two-Level Role Mining ProblemEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-04148-8_6(79-94)Online publication date: 4-Apr-2022
https://doi.org/10.1007/978-3-031-04148-8_6
Blundo CCimato SSiniscalchi L(2021)Role Mining Heuristics for Permission-Role-Usage Cardinality ConstraintsThe Computer Journal10.1093/comjnl/bxaa18665:6(1386-1411)Online publication date: 13-Feb-2021
https://doi.org/10.1093/comjnl/bxaa186
Blundo CCimato SSiniscalchi L(2020)Managing Constraints in Role Based Access ControlIEEE Access10.1109/ACCESS.2020.30113108(140497-140511)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3011310
Rao KNayak ARay IRahulamathavan YRajarajan M(2020)Role recommender-RBAC: Optimizing user-role assignments in RBACComputer Communications10.1016/j.comcom.2020.12.006Online publication date: Dec-2020
https://doi.org/10.1016/j.comcom.2020.12.006
Jia JGuan JWang L(2020)Role Mining: Survey and Suggestion on Role Mining in Access ControlMobile Internet Security10.1007/978-981-15-9609-4_4(34-50)Online publication date: 2-Nov-2020
https://doi.org/10.1007/978-981-15-9609-4_4
Mitra BSural SAtluri VVaidya J(2018)The generalized temporal role mining problemJournal of Computer Security10.5555/2746188.274619023:1(31-58)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/2746188.2746190
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Mining parameterized role-based policies

Role-based delegation: models and mechanisms

Role-Mining in Business: Taming Role-Based Access Control Administration