Role Mining with Probabilistic Models

Frank, Mario; Buhman, Joachim M.; Basin, David

doi:10.1145/2445566.2445567

Cited by 36 publications

(31 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Limiting the maximum allowed number of parent or child roles of a role or the maximal hierarchy depth can ease administrative staff's understanding of the overall role model. Note that [15] already considers RBAC hierarchies. However, they only introduce an overall hierarchy depth of two and indicate the possibility to extend their probabilistic approach with more layers.…”

Section: Discussionmentioning

confidence: 99%

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Kunz

Fuchs²,

Netter³

et al. 2015

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract.Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences.

show abstract

Section: Discussionmentioning

confidence: 99%

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Kunz

Fuchs²,

Netter³

et al. 2015

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…Since MBC is an NPhard problem, a heuristic strategy has been presented in [9] for finding the minimum biclique cover of a bipartite graph which can be used to find the minimum set of roles covering all the user-permission assignments. In [11], the authors formulate the role mining problem as a predictive problem and call it as Inference RMP. They propose two probabilistic models, namely, disjoint-decomposition model (DDM) and multi-assignment clustering (MAC) to generate roles from the available user-permission assignments.…”

Section: Related Workmentioning

confidence: 99%

The generalized temporal role mining problem

Mitra

Sural

Atluri

et al. 2015

JCS

View full text Add to dashboard Cite

Role mining, the process of deriving a set of roles from the available user-permission assignments, is considered to be an essential step in successful implementation of Role-Based Access Control (RBAC) systems. Traditional role mining techniques, however, are not equipped to handle temporal extensions of RBAC like the Temporal-RBAC (TRBAC) model. In this paper, we formally define the problem of finding a minimal set of roles from temporal user-permission assignments, such that in the resulting TRBAC system, users acquire either the same or a subset of the permissions originally assigned to them for the complete or partial durations of time as specified in the input. We show that the problem is NP-complete and propose a greedy algorithm for solving it. Our algorithm first derives a set of candidate roles from the temporal user-permission assignments and then selects the least possible number of roles from the candidate role set. The final output consists of a set of roles, a user-to-role assignment relation, a role-to-permission assignment relation and a role enabling base describing the time durations for which each role is enabled. Performance of the proposed approach has been evaluated on a number of synthetic as well as real-world datasets.

show abstract

“…Several RMP variants relax the abovementioned primary constraint and allow for a limited amount of difference between UA × PA and UPA or set the objective to be one of minimizing this difference under the constraint that the number of roles should be bounded from above by a given number; see, e.g., Lu et al (2008), Vaidya et al (2010), and Frank et al (2013). Lu et al (2008) formulate the basic RMP and several of its variants using binary integer programming and provide heuristic solutions obtained via greedy algorithms.…”

Section: Review Of Relevant Literaturementioning

confidence: 99%

“…This can help determine a suitable stopping condition when employing probabilistic algorithms for the basic RMP. Frank et al (2008Frank et al ( , 2013 propose a probabilistic scheme to solve the role mining problem. Different from most RMP studies that try to compress the UPAs into UAs and PAs, they propose that RMP is more an inference problem than a data compression problem.…”

Section: Review Of Relevant Literaturementioning

confidence: 99%

Role Refinement in Access Control: Model and Analysis

Xia

Dawande

Mookerjee

2014

INFORMS Journal on Computing

View full text Add to dashboard Cite

A ccess control mechanisms in software systems administer user privileges by granting users permission to perform certain operations while denying unauthorized access to others. Such mechanisms are essential to ensure that important business functions in an organization are conducted securely and smoothly. Currently, the dominant access control approach in most major software systems is role-based access control. In this approach, permissions are first assigned to roles, and users acquire permissions by becoming members of certain roles. However, given the dynamic nature of organizations, a fixed set of roles usually cannot meet the demands that users (existing or new) have to conduct business.The typical response to this problem is to myopically create new roles to meet immediate demand that cannot be satisfied by an existing set of roles. This ad hoc creation of roles invariably leads to a proliferation in the number of roles with the accompanying administrative overhead. Based on discussions with practitioners, we propose a role refinement scheme that reconstructs a system of roles to reduce the cost of role management. We first show that the role-refinement problem is strongly NP-hard and then provide two polynomial-time approximation algorithms (a greedy algorithm and a randomized rounding algorithm) and establish their performance guarantees. Finally, numerical experiments-based on a real data set from a firm's enterprise resource planning system-are conducted to demonstrate the applicability and performance of our refinement scheme.

show abstract

Role Mining with Probabilistic Models

Cited by 36 publications

References 39 publications

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

The generalized temporal role mining problem

Role Refinement in Access Control: Model and Analysis

Contact Info

Product

Resources

About