RoleVAT: Visual Assessment of Practical Need for Role Based Access Control

Zhang, Dana; Ramamohanarao, Kotagiri; Versteeg, Steven; Zhang, Rui

doi:10.1109/acsac.2009.11

Cited by 15 publications

(12 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Our sources for these can be classified into three. (1) top-down design of RBAC policies [3,15,16,17], (2) role mining and engineering [18,19,20,21,22,23,24,25], and, (3) evaluation of approaches to access-enforcement [4,5,8]. We also have created some new kinds of policies based on policies from the literature.…”

Section: Rbac Policiesmentioning

confidence: 99%

An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

Komlenovic

Tripunitara

Zitouni

2011

Proceedings of the First ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We assess six approaches, each of which has either been proposed in the literature, or is a natural candidate for access enforcement. The approaches are: directed graph, access matrix, authorization recycling, CPOL, Bloom filter and cascade Bloom filter. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We present our results from an empirical assessment of time, space and administrative efficiency based on the benchmark. We conclude with inferences we can make regarding the best approach to access enforcement for particular RBAC deployments based on our assessment.

show abstract

Section: Rbac Policiesmentioning

confidence: 99%

An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

Komlenovic

Tripunitara

Zitouni

2011

Proceedings of the First ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…If a small δ is allowed, k can be considerably smaller than the Boolean rank. For an estimate of k in O(|U SER| 2 )-time, based on visual inspection, one could, for instance, employ the method proposed in [31].…”

Section: Discussionmentioning

confidence: 99%

On the definition of role mining

Frank

Buhmann

Basin

2010

Proceedings of the 15th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

There have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for role mining, the existing definitions of role mining, and the methods used to assess role mining results. Given basic assumptions on how access-control configurations are generated, we propose a novel definition of the role mining problem that fulfills the requirements that real-world enterprises typically have. In this way, we recast role mining as a prediction problem.

show abstract

“…We are aware that the visualization of large-scale RBAC models might result into very large and complex images. In this case, a section of the RBAC model (e.g., visualize only a set of roles and their assignments) can reduce the complexity for illustration purposes or other visualizations might be more applicable (e.g., [28,3]). …”

Section: Methodsmentioning

confidence: 98%

Anomaly detection and visualization in generative RBAC models

Leitner

Rinderle-Ma

2014

Proceedings of the 19th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (currentstate) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.

show abstract

RoleVAT: Visual Assessment of Practical Need for Role Based Access Control

Cited by 15 publications

References 20 publications

An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

On the definition of role mining

Anomaly detection and visualization in generative RBAC models

Contact Info

Product

Resources

About