6533b7cffe1ef96bd1257cd4

RESEARCH PRODUCT

Constrained Role Mining

Stelvio CimatoCarlo Blundo

subject

FOS: Computer and information sciencesComputer Science - Cryptography and SecurityProcess (engineering)business.industryComputer scienceDistributed computingVertex coverAccess controlTop-down and bottom-up designEnterprise information security architecturecomputer.software_genreSet (abstract data type)Order (exchange)Role-based access controlData miningbusinessCryptography and Security (cs.CR)computer

description

Role Based Access Control (RBAC) is a very popular access control model, for long time investigated and widely deployed in the security architecture of different enterprises. To implement RBAC, roles have to be firstly identified within the considered organization. Usually the process of (automatically) defining the roles in a bottom up way, starting from the permissions assigned to each user, is called {\it role mining}. In literature, the role mining problem has been formally analyzed and several techniques have been proposed in order to obtain a set of valid roles. Recently, the problem of defining different kind of constraints on the number and the size of the roles included in the resulting role set has been addressed. In this paper we provide a formal definition of the role mining problem under the cardinality constraint, i.e. restricting the maximum number of permissions that can be included in a role. We discuss formally the computational complexity of the problem and propose a novel heuristic. Furthermore we present experimental results obtained after the application of the proposed heuristic on both real and synthetic datasets, and compare the resulting performance to previous proposals

yearjournalcountryeditionlanguage
2013-01-01
https://doi.org/10.1007/978-3-642-38004-4_19