Mining Roles with Multiple Objectives

Molloy, Ian; Chen, Hong; Li, Tiancheng; Wang, Qihua; Li, Ninghui; Bertino, Elisa; Calo, Seraphin; Lobo, Jorge

doi:10.1145/1880022.1880030

Cited by 90 publications

(103 citation statements)

References 23 publications

(41 reference statements)

Supporting

Mentioning

100

Contrasting

Order By: Relevance

“…Other non-evolutionary approaches have been proposed for mining policies from logs for less expressive access control models (e.g., RBAC [7,8]). In some cases, additional information, besides the request logs, is needed as training data [9].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Evolutionary Inference of Attribute-Based Access Control Policies

Medvet

Bartoli

Carminati

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The interest in attribute-based access control policies is increasingly growing due to their ability to accommodate the complex security requirements of modern computer systems. With this novel paradigm, access control policies consist of attribute expressions which implicitly describe the properties of subjects and protection objects and which must be satisfied for a request to be allowed. Since specifying a policy in this framework may be very complex, approaches for policy mining, i.e., for inferring a specification automatically from examples in the form of logs of authorized and denied requests, have been recently proposed. In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.

show abstract

Section: Related Workmentioning

confidence: 99%

“…We assess the complexity of a policy P with the weighted structural complexity (WSC) [8]. WSC is a weighted sums of the complexity of rule components (e U , e R , O and c)-see [5] for the details.…”

Section: Problem Statementmentioning

confidence: 99%

Evolutionary Inference of Attribute-Based Access Control Policies

Medvet

Bartoli

Carminati

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Other role mining approaches include role mining with noisy data [12], where the input data is first cleansed to remove the noise before generating candidate roles, role mining based on weights [10] in which a certain weight is associated with each permission depending on its importance, mining roles having low structural complexity and semantic meaning [11], and Visual Role Mining (VRM) [4], which enumerates roles based on a visual analysis of the graphical representation of the user-permission assignments. Xu and Stoller [19] propose algorithms for role mining which optimize a number of policy quality metrics.…”

Section: Related Workmentioning

confidence: 99%

Toward Mining of Temporal Roles

Mitra

Sural

Atluri

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In Role-Based Access Control (RBAC), users acquire permissions through their assigned roles. Role mining, the process of finding a set of roles from direct user-permission assignments, is essential for successful implementation of RBAC. In many organizations it is often required that users are given permissions that can vary with time. To handle such requirements, temporal extensions of RBAC like Temporal-RBAC (TRBAC) and Generalized Temporal Role-Based Access Control (GTRBAC) have been proposed. Existing role mining techniques, however, cannot be used to process the temporal element associated with roles in these models. In this paper, we propose a method for mining roles in the context of TRBAC. First we formally define the Temporal Role Mining Problem (TRMP), and then show that the TRMP problem is NP-complete and present a heuristic approach for solving it.

show abstract

“…Our algorithms aim to optimize the policy's weighted structural complexity (WSC), which is a generalization of policy size [8]. The weighted structural complexity of a core PRBAC policy is defined by…”

Section: The Problemmentioning

confidence: 99%

“…Xu and Stoller's elimination algorithm is partly inspired by Molloy et al's Hierarchical Miner algorithm for mining roles with semantic meaning based on user-attribute data [8]. Colantonio et al developed a different method for taking user-attribute data into account during role mining; their method partitions the set of users based on the values of selected attributes, and then performs role mining separately for each of the resulting sets of users [2].…”

Section: Related Workmentioning

confidence: 99%

Mining parameterized role-based policies

Stoller

2013

Proceedings of the Third ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) framework in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and reports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.

show abstract

Mining Roles with Multiple Objectives

Cited by 90 publications

References 23 publications

Evolutionary Inference of Attribute-Based Access Control Policies

Evolutionary Inference of Attribute-Based Access Control Policies

Toward Mining of Temporal Roles

Mining parameterized role-based policies

Contact Info

Product

Resources

About