More Web Proxy on the site http://driver.im/

research-article

A class of probabilistic models for role engineering

Authors:

Joachim M. BuhmannAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 299 - 310

https://doi.org/10.1145/1455770.1455809

Published: 27 October 2008 Publication History

Abstract

Role Engineering is a security-critical task for systems using role-based access control (RBAC). Different role-mining approaches have been proposed that attempt to automatically infer appropriate roles from existing user-permission assignments. However, these approaches are mainly combinatorial and lack an underlying probabilistic model of the domain. We present the first probabilistic model for RBAC. Our model defines a general framework for expressing user permission assignments and can be specialized to different domains by limiting its degrees of freedom with appropriate constraints. For one practically important instance of this framework, we show how roles can be inferred from data using a state-of-the-art machine-learning algorithm. Experiments on both randomly generated and real-world data provide evidence that our approach not only creates meaningful roles but also identifies erroneous user-permission assignments in given data.

References

[1]

R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. SIGMOD Rec., 22(2):207?-216, 1993.

Digital Library

[2]

C. E. Antoniak. Mixtures of Dirichlet processes with applications to Bayesian nonparametric problems. The Annals of Statistics, 2(6):1152?-1174, November 1974.

[3]

T. M. Cover and J. A. Thomas. Elements of information theory. Wiley-Interscience, New York, NY, USA, 1991.

Digital Library

[4]

E. J. Coyne. Role engineering. In RBAC '95: Proceedings of the first ACM Workshop on Role-based access control, page 4, New York, NY, USA, 1996. ACM.

Digital Library

[5]

P. Epstein and R. Sandhu. Engineering of role/permission assignments. In ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference, page 127, Washington, DC, USA, 2001. IEEE Computer Society.

Digital Library

[6]

T. S. Ferguson. A Bayesian analysis of some nonparametric problems. Annals of Statistics, 1(2):209?-230, 1973.

[7]

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-?274, 2001.

Digital Library

[8]

J. F. Gimpel. The minimization of spatially-multiplexed character sets. Commun. ACM, 17(6):315?-318, 1974.

Digital Library

[9]

C. Kemp, J. B. Tenenbaum, T. L. Griffths, T. Yamada, and N. Ueda. Learning systems of concepts with an infinite relational model. In Proceedings of the 21st National Conference on Artificial Intelligence, 2006.

Digital Library

[10]

M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies, pages 179?-186, New York, NY, USA, 2003. ACM.

Digital Library

[11]

H. Lu, J. Vaidya, and V. Atluri. Optimal Boolean matrix decomposition: Application to role engineering. In Proceedings of the 24th International Conference on Data Engineering (ICDE), pages ?, 2008.

Digital Library

[12]

P. Miettinen, T. Mielik¨ainen, A. Gionis, G. Das, and H. Mannila. The Discrete Basis Problem. In Lecture Notes in Artificial Intelligence, pages 335?-346, Berlin, Germany, 2006. Springer.

Digital Library

[13]

R. M. Neal. Markov chain sampling methods for Dirichlet process mixture models. Journal of Computational and Graphical Statistics, 9(2):249-?265, 2000.

[14]

G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies, pages 33?-42, New York, NY, USA, 2002. ACM.

Digital Library

[15]

J. Schlegelmilch and U. Steffens. Role mining with ORCA. In SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies, pages 168?-176, New York, NY, USA, 2005. ACM.

Digital Library

[16]

J. Vaidya, V. Atluri, and Q. Guo. The Role Mining Problem: Finding a minimal descriptive set of roles. In The Twelth ACM Symposium on Access Control Models and Technologies, pages 175-?184, Sophia Antipolis, France, June 20-22 2007.

Digital Library

[17]

J. Vaidya, V. Atluri, and J. Warner. Roleminer: Mining roles using subset enumeration. In CCS '06: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, 2006. ACM Press.

Digital Library

[18]

D. Zhang, K. Ramamohanarao, and T. Ebringer. Role engineering using graph optimisation. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 139?-144, New York, NY, USA, 2007. ACM.

Digital Library

Cited By

Al Lail MPinto DAlmanza LSalazar FRizzi C(2024)Beyond Traditional Methods: Deep Learning with Data Augmentation for Robust Access Control2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637533(1-6)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637533
Zhu SZhang Y(2024)Probabilistic Access Policies with Automated Reasoning SupportComputer Aided Verification10.1007/978-3-031-65633-0_20(443-466)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_20
Blundo CCimato SSiniscalchi L(2022)Heuristics for constrained role mining in the post-processing frameworkJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03648-114:8(9925-9937)Online publication date: 25-Jan-2022
https://doi.org/10.1007/s12652-021-03648-1
Show More Cited By

Index Terms

A class of probabilistic models for role engineering
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Role Mining with Probabilistic Models

Role mining tackles the problem of finding a role-based access control (RBAC) configuration, given an access-control matrix assigning users to access permissions as input. Most role-mining approaches work by constructing a large set of candidate roles ...
Edge-RMP: Minimizing administrative assignments for role-based access control

Because of its ease of administration, role-based access control (RBAC) has become the norm to enforcing security in most of today's organizations. For implementing RBAC, it is important to devise a complete and correct set of roles. This task, known as ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
614
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Al Lail MPinto DAlmanza LSalazar FRizzi C(2024)Beyond Traditional Methods: Deep Learning with Data Augmentation for Robust Access Control2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637533(1-6)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637533
Zhu SZhang Y(2024)Probabilistic Access Policies with Automated Reasoning SupportComputer Aided Verification10.1007/978-3-031-65633-0_20(443-466)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_20
Blundo CCimato SSiniscalchi L(2022)Heuristics for constrained role mining in the post-processing frameworkJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03648-114:8(9925-9937)Online publication date: 25-Jan-2022
https://doi.org/10.1007/s12652-021-03648-1
Zhang ZYang ZLi WDu X(2021)Optimal Mining on Type Control policy for Cloud Environment2021 IEEE 6th International Conference on Signal and Image Processing (ICSIP)10.1109/ICSIP52628.2021.9688802(1083-1089)Online publication date: 22-Oct-2021
https://doi.org/10.1109/ICSIP52628.2021.9688802
Nyame GQin Z(2020)Precursors of Role-Based Access Control Design in KMS: A Conceptual FrameworkInformation10.3390/info1106033411:6(334)Online publication date: 22-Jun-2020
https://doi.org/10.3390/info11060334
Blundo CCimato SSiniscalchi L(2020)Managing Constraints in Role Based Access ControlIEEE Access10.1109/ACCESS.2020.30113108(140497-140511)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3011310
Bai WPan ZGuo SChen ZRanchal R(2019)RMMDISecurity and Communication Networks10.1155/2019/80853032019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/8085303
Jiang JYuan XMao R(2018)Research on Role Mining Algorithms in RBACProceedings of the 2018 2nd High Performance Computing and Cluster Technologies Conference10.1145/3234664.3234680(1-5)Online publication date: 22-Jun-2018
https://dl.acm.org/doi/10.1145/3234664.3234680
Kunz MFuchs LNetter MPernul G(2016)How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role MiningInformation Systems Security and Privacy10.1007/978-3-319-27668-7_4(49-67)Online publication date: 1-Jan-2016
https://doi.org/10.1007/978-3-319-27668-7_4
Lu HHong YYang YDuan LBadar N(2015)Towards user-oriented RBAC modelJournal of Computer Security10.5555/2746188.274619323:1(107-129)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.5555/2746188.2746193
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents