ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Role mining with ORCA
Full text PdfPdf (213 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the tenth ACM symposium on Access control models and technologies table of contents
Stockholm, Sweden
SESSION: Role management table of contents
Pages: 168 - 176  
Year of Publication: 2005
ISBN:1-59593-045-0
Authors
Jürgen Schlegelmilch  OFFIS e. V. Escherweg, Oldenburg, Germany
Ulrike Steffens  OFFIS e. V. Escherweg, Oldenburg, Germany
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 119,   Citation Count: 13
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1063979.1064008
What is a DOI?

ABSTRACT

With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Role-based access control (RBAC) has proven to be a solution to this problem but relies on a well-defined set of role definitions, a role concept for the enterprise in question. The definition of a role concept (role engineering) is a difficult task traditionally performed via interviews and workshops. However, often users already have the permissions that they need to do their jobs, and roles can be derived from these permission assignments using data mining technology, thus giving the process of role concept definition a head-start.In this paper, we present the ORCA role mining tool and its algorithm. The algorithm performs a cluster analysis on permission assignments to build a hierarchy of permission clusters and presents the results to the user in graphical form. It allows the user to interactively add expert knowledge to guide the clustering algorithm. The tool provides valuable insights into the permission structures of an enterprise and delivers an initial role hierarchy for the definition of an enterprise role concept using a bottom-up approach.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ACM. Proceedings of the 3rd ACM Workshop on Role-Based Access Control (RBAC 1998). ACM Press, 1998.
 
2
ACM. Proceedings of the 4th ACM workshop on Role-Based Access Control (RBAC 1999). ACM Press, 1999.
 
3
ACM. Proceedings of the 5th ACM workshop on Role-Based Access Control (RBAC 2000). ACM Press, 2000.
 
4
Information Technology -- Role Based Access Control. Number ANSI/INCITS 359-2004. InterNational Committee for Information Technology Standards, 2004.
5
Edward J. Coyne, Role engineering, Proceedings of the first ACM Workshop on Role-based access control, p.4-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270159]
 
6
P. Epstein , R. Sandhu, Engineering of Role/Permission Assignments, Proceedings of the 17th Annual Computer Security Applications Conference, p.127, December 10-14, 2001
 
7
D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.
 
8
U. Grimmer and H. Hinrichs. A methodological approach to data quality management supported by data mining. In E. M. Pierce and R. Katz-Haas, editors, 6th Conference on Information Quality (IQ 2001), pages 217--232. MIT, 2001.
 
9
Jiawei Han , Micheline Kamber, Data mining: concepts and techniques, Morgan Kaufmann Publishers Inc., San Francisco, CA, 2000
 
10
James B. D. Joshi , Elisa Bertino , Arif Ghafoor, Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model, Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment, p.951-956, August 26-19, 2002
 
11
Axel Kern, Advanced Features for Enterprise-Wide Role-Based Access Control, Proceedings of the 18th Annual Computer Security Applications Conference, p.333, December 09-13, 2002
12
Martin Kuhlmann , Dalia Shohat , Gerhard Schimpf, Role mining - revealing business roles for security administration using data mining technology, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775435]
13
Jonathan D. Moffett, Control principles and role hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.63-69, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286900]
14
Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319186]
 
15
Generalized Role-Based Access Control, Proceedings of the The 21st International Conference on Distributed Computing Systems, p.391, April 16-19, 2001
16
Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507717]
17
Haio Roeckle, Role-finding/role-engineering (panel session), Proceedings of the fifth ACM workshop on Role-based access control, p.68, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344303]
18
Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
 
19
R. Rymon. SE-trees outperform decision trees in noisy domains. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD-96), pages 331--334. AAAI Press, 1996.
 
20
R. Rymon. Sage -- Enabling Role-Based User Management. Presentation slides, Eurekify, Dec. 2002.
21
Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286891]
22
Ravi Sandhu , Venkata Bhamidipati , Edward Coyne , Srinivas Ganta , Charles Youman, The ARBAC97 model for role-based administration of roles: preliminary description and outline, Proceedings of the second ACM workshop on Role-based access control, p.41-50, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266752]
 
23
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
24
G. Schimpf. Role-engineering: Critical success factors for enterprise security administration. Position paper for {17}Dec. 2000.
 
25
M. Sel. RBAC & Role Mining. Technical report, COSIC, 2004.

CITED BY  13
Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello , Nino Vincenzo Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello, A cost-driven approach to role engineering, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Alina Ene , William Horne , Nikola Milosavljevic , Prasad Rao , Robert Schreiber , Robert E. Tarjan, Fast exact and heuristic methods for role minimization problems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Mario Frank , David Basin , Joachim M. Buhmann, A class of probabilistic models for role engineering, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Nabil Adam, Migrating to optimal RBAC with minimal perturbation, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Hong Chen , Tiancheng Li , Qihua Wang , Ninghui Li , Elisa Bertino , Seraphin Calo , Jorge Lobo, Mining roles with semantic meanings, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Vijay Atluri, Panel on role engineering, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Lujo Bauer , Scott Garriss , Michael K. Reiter, Detecting and resolving policy misconfigurations in access-control systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Ninghui Li , Tiancheng Li , Ziqing Mao , Qihua Wang , Jorge Lobo, Evaluating role mining algorithms, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Haibing Lu, Edge-RMP: Minimizing administrative assignments for role-based access control, Journal of Computer Security, v.17 n.2, p.211-235, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.1 MODELS AND PRINCIPLES
      H.1.2 User/Machine Systems
          Subjects: Human factors

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Human Factors


Keywords:
cluster analysis, data mining, role definition, role engineering, role hierarchy, role mining, role-based access control

Collaborative Colleagues:
Jürgen Schlegelmilch: colleagues
Ulrike Steffens: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player