Role Mining in the Presence of Separation of Duty Constraints

Sarana, Prasuna; Roy, Arindam; Sural, Shamik; Vaidya, Jaideep; Atluri, Vijayalakshmi

doi:10.1007/978-3-319-26961-0_7

Cited by 8 publications

(8 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The concurrent processing method implements optimization with double constraints during the process of role mining. In addition to these methods for satisfying cardinality constraints, Sarana et al [40] proposed three role-optimization methods, including separation-of-duty constraints either, during, or after, the mining process. In order to satisfy separation-of-duty constraints and ensure authorization security, Sun et al [41] proposed a method called role-mining optimization, with separation-of-duty constraints and security detection for authorizations.…”

Section: Methods Of Role Optimizationmentioning

confidence: 99%

“…Meanwhile, it is observed in Section 1 and Section 2 that the methods proposed by Kumar et al [35] and Blundo et al [36] only satisfied the cardinality constraint RPC; the method proposed by Hingankar et al [37] only satisfied the RUC; the CPA and RPA proposed by John et al [38] only satisfied the UCC; the method proposed by Ma et al [26] satisfied the RUC or RPC; the methods proposed by Sarana et al [40] did not satisfy any cardinality constraint but satisfied the SMER constraints; the methods proposed by Harika et al [39] could satisfy the UCC and PCC simultaneously. In addition, the system status was unknown using any of these methods.…”

Section: Advantages and Limitations Of The Reo_ccumecmentioning

confidence: 99%

See 1 more Smart Citation

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Sun

Liu

2019

Information

View full text Add to dashboard Cite

Role-based access control (RBAC) is one of the most popular access-control mechanisms because of its convenience for management and various security policies, such as cardinality constraints, mutually exclusive constraints, and user-capability constraints. Role-engineering technology is an effective method to construct RBAC systems. However, mining scales are very large, and there are redundancies in the mining results. Furthermore, conventional role-engineering methods not only do not consider more than one cardinality constraint, but also cannot ensure authorization security. To address these issues, this paper proposes a novel method called role-engineering optimization with cardinality constraints and user-oriented mutually exclusive constraints (REO_CCUMEC). First, we convert the basic role mining into a clustering problem, based on the similarities between users and use-partitioning and compression technologies, in order to eliminate redundancies, while maintaining its usability for mining roles. Second, we present three role-optimization problems and the corresponding algorithms for satisfying single or double cardinality constraints. Third, in order to evaluate the performance of authorizations in a role-engineering system, the maximal role assignments are implemented, while satisfying multiple security constraints. The theoretical analyses and experiments demonstrate the accuracy, effectiveness, and efficiency of the proposed method.

show abstract

Section: Methods Of Role Optimizationmentioning

confidence: 99%

Section: Advantages and Limitations Of The Reo_ccumecmentioning

confidence: 99%

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Sun

Liu

2019

Information

View full text Add to dashboard Cite

show abstract

“…At this, a -SMER constraint specifies a set of roles, of which only less that roles can be assigned to the same user. In addition, approaches for the generation of such SMER-constraints and for SoD-aware role mining are presented [17].…”

Section: Compliance Constraintsmentioning

confidence: 99%

RMPlib: A Library of Benchmarks for the Role Mining Problem

Anderer

Scheuermann

Mostaghim

et al. 2021

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Role Based Access Control is a widely spread concept in cyber security. Thus, the (NP-complete) Role Mining Problem (RMP), which consists of finding an optimal set of roles and a corresponding assignment of those roles to users, is of great scientific interest. Over the last years, different algorithms have been developed to search for good solutions to the RMP. However, conclusive benchmarks for thorough comparison of the developed methods are rarely known. This paper introduces to RMPlib, a library for the Role Mining Problem, containing a set of new industry-oriented benchmark instances partly taken from real-world use cases, partly created synthetically. Access to RMPlib is provided through a platform where researchers can actively contribute new benchmark instances and best solutions, such that the library adapts to the changing requirements in science. The current version of RMPlib can be found at https://github.com/RMPlib/RMPlib.

show abstract

“…Lu et al [23] also turned role mining problem into the optimal decomposition problem of the Boolean matrix, and used integer linear programming (ILP) to achieve role mining. Sarana et al [24] introduced separation of duty into the role mining, using minimum biclique cover (MBC) to achieve role mining. Zhang et al [25] designed a role mining model based on concept lattice, and found the minimum role set through the greedy algorithm of role substitution.…”

Section: Related Workmentioning

confidence: 99%

Access Control Role Evolution Mechanism for Open Computing Environment

Liu

Wang

2020

Electronics

View full text Add to dashboard Cite

Data resources in open computing environments (including big data, internet of things and cloud computing) are characterized by large scale, wide source, and strong dynamics. Therefore, the user-permission relationship of open computing environments has a huge scale and will be dynamically adjusted over time, which enables effective permission management in the role based access control (RBAC) model to become a challenging problem. In this paper, we design an evolution mechanism of access control roles for open computing environments. The mechanism utilizes the existing user-permission relationship in the current system to mine the access control role and generate the user-role and role-permission relationship. When the user-permission relationship changes, the roles are constantly tuned and evolved to provide role support for access control of open computing environments. We propose a novel genetic-based role evolution algorithm that can effectively mine and optimize roles while preserving the core permissions of the system. In addition, a role relationship aggregation algorithm is proposed to realize the clustering of roles, which provides a supplementary reference for the security administrator to give the role real semantic information. Experimental evaluations in real-world data sets show that the proposed mechanism is effective and reliable.

show abstract

Role Mining in the Presence of Separation of Duty Constraints

Cited by 8 publications

References 14 publications

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

RMPlib: A Library of Benchmarks for the Role Mining Problem

Access Control Role Evolution Mechanism for Open Computing Environment

Contact Info

Product

Resources

About