Toward Mining of Temporal Roles

Mitra, Barsha; Sural, Shamik; Atluri, Vijayalakshmi; Vaidya, Jaideep

doi:10.1007/978-3-642-39256-6_5

Cited by 21 publications

(36 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This problem definition extends the work presented in [28] by incorporating both exact and inexact variants of the problem. The acceptable level of mismatch for the inexact variant can be set appropriately by specifying the value of an input parameter to the problem.…”

Section: Introductionmentioning

confidence: 77%

“…Note that an exact version of the problem where δ = 0, was introduced as the Temporal Role Mining Problem (TRMP) in [28]. Hence, TRMP is a special case of GTRMP.…”

Section: Generalized Temporal Role Mining Problem (Gtrmp)mentioning

confidence: 99%

“…(ii) We propose a greedy algorithm to solve GTRMP. It incorporates several improvements over the one proposed in [28]. (iii) Results of extensive experiments in terms of the number of roles produced and the overall execution time with both synthetic as well as real-world datasets are presented.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The generalized temporal role mining problem

Mitra

Sural

Atluri

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

Role mining, the process of deriving a set of roles from the available user-permission assignments, is considered to be an essential step in successful implementation of Role-Based Access Control (RBAC) systems. Traditional role mining techniques, however, are not equipped to handle temporal extensions of RBAC like the Temporal-RBAC (TRBAC) model. In this paper, we formally define the problem of finding a minimal set of roles from temporal user-permission assignments, such that in the resulting TRBAC system, users acquire either the same or a subset of the permissions originally assigned to them for the complete or partial durations of time as specified in the input. We show that the problem is NP-complete and propose a greedy algorithm for solving it. Our algorithm first derives a set of candidate roles from the temporal user-permission assignments and then selects the least possible number of roles from the candidate role set. The final output consists of a set of roles, a user-to-role assignment relation, a role-to-permission assignment relation and a role enabling base describing the time durations for which each role is enabled. Performance of the proposed approach has been evaluated on a number of synthetic as well as real-world datasets.

show abstract

Section: Introductionmentioning

confidence: 77%

“…Note that an exact version of the problem where δ = 0, was introduced as the Temporal Role Mining Problem (TRMP) in [28]. Hence, TRMP is a special case of GTRMP.…”

Section: Generalized Temporal Role Mining Problem (Gtrmp)mentioning

confidence: 99%

See 1 more Smart Citation

The generalized temporal role mining problem

Mitra

Sural

Atluri

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…2). Timestamps as an attribute of permissions are, for instance, only considered by one approach [41]. However, their integration into role mining seems promising as they heavily can influence role design.…”

Section: Discussionmentioning

confidence: 99%

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Kunz

Fuchs²,

Netter³

et al. 2015

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract.Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences.

show abstract

“…Timestamps as an attribute of permissions are, for instance, only considered by one approach (Mitra et al, 2013). However, their integration into role mining seems promising as they heavily can influence role design.…”

Section: Discussionmentioning

confidence: 99%

Analyzing Quality Criteria in Role-based Identity and Access Management

Kunz

Fuchs

Netter

et al. 2015

Proceedings of the 1st International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Abstract:Roles have turned into the de facto standard for access control in enterprise identity management systems. However, as roles evolve over time, companies struggle to develop and maintain a consistent role model. Up to now, the core challenge of measuring the current quality of a role model and selecting criteria for its optimization remains unsolved. In this paper, we conduct a survey of existing role mining techniques and identify quality criteria inherently used by these approaches. This guides organizations during the selection of a role mining technique that matches their company-specific quality preferences. Moreover, our analysis aims to stimulate the research community to integrate quality metrics in future role mining approaches.

show abstract

Toward Mining of Temporal Roles

Cited by 21 publications

References 20 publications

The generalized temporal role mining problem

The generalized temporal role mining problem

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Analyzing Quality Criteria in Role-based Identity and Access Management

Contact Info

Product

Resources

About