A cost-driven approach to role engineering

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A cost-driven approach to role engineering

Full text

Pdf (254 KB)

Source

Symposium on Applied Computing archive
Proceedings of the 2008 ACM symposium on Applied computing table of contents

Fortaleza, Ceara, Brazil

SESSION: Computer security table of contents

Pages 2129-2136

Year of Publication: 2008

ISBN:978-1-59593-753-7

Authors

Alessandro Colantonio	Engiweb Security Roma, Italy
Roberto Di Pietro	Università di Roma Tre Roma, Italy
Alberto Ocello	Engiweb Security Roma, Italy

Sponsor

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 71, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1363686.1364198 What is a DOI?

ABSTRACT

In recent years role-based access control (RBAC) has been spreading within organizations. However, companies still have considerable difficulty migrating to this model, due to the complexity involved in identifying a set of roles fitting the real needs of the company. All the various role engineering methods proposed thus far lack a metric for measuring the "quality" of candidate roles produced. This paper proposes a new approach guided by a cost-based metric, where "cost" represents the effort to administer the resulting RBAC. Further, we propose REAM (Role-Based Association-rule Mining), an algorithm leveraging the cost metric to find candidate role-sets with the lowest possible administration cost. For a specific parameter set, RBAM behaves as already existing role mining algorithms and is, worst case, NP-complete. Yet, we will provide several examples showing the sensibility of assumptions made by the algorithm. Further, application of the algorithm to real data will highlight the improvements over current solutions. Finally, we comment on the direction of future research.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rakesh Agrawal , Ramakrishnan Srikant, Fast Algorithms for Mining Association Rules in Large Databases, Proceedings of the 20th International Conference on Very Large Data Bases, p.487-499, September 12-15, 1994
	2	ANSI/INCITS 359-2004, information technology-role based access control. InterNational Committee for Information Technology Standards (INCITS), 2004.
	3	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998 [doi>10.1145/293910.293151]
	4	Edward J. Coyne, Role engineering, Proceedings of the first ACM Workshop on Role-based access control, p.4-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States [doi>10.1145/270152.270159]
	5	P. Epstein , R. Sandhu, Engineering of Role/Permission Assignments, Proceedings of the 17th Annual Computer Security Applications Conference, p.127, December 10-14, 2001
	6	David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999 [doi>10.1145/300830.300834]
	7	D. F. Ferraiolo and R. Kuhn. Role-based access controls. In Proceedings of the 15^th NIST-NSA National Computer Security Conference, pages 554--563, Baltimore, MD, USA, Oct. 1992.
	8	M. P. Gallagher, A. O'Connor, and B. Kropp. The economic impact of role-based access control. Technical report, Planning report 02-1, National Institute of Standards and Technology (NIST), 2002.
	9	Axel Kern , Martin Kuhlmann , Andreas Schaad , Jonathan Moffett, Observations on the role life-cycle in the context of enterprise security management, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507718]
	10	Martin Kuhlmann , Dalia Shohat , Gerhard Schimpf, Role mining - revealing business roles for security administration using data mining technology, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy [doi>10.1145/775412.775435]
	11	Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507717]
	12	Haio Roeckle, Role-finding/role-engineering (panel session), Proceedings of the fifth ACM workshop on Role-based access control, p.68, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344303]
	13	Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344308]
	14	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	15	G. Schimpf. Role-engineering: Critical success factors for enterprise security administration, Dec. 2000. Position paper for {13}.
	16	Jürgen Schlegelmilch , Ulrike Steffens, Role mining with ORCA, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden [doi>10.1145/1063979.1064008]
	17	Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266870]
	18	Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA [doi>10.1145/1180405.1180424]
	19	Guizhen Yang, Computational aspects of mining maximal frequent patterns, Theoretical Computer Science, v.362 n.1, p.63-85, 11 October 2006 [doi>10.1016/j.tcs.2006.05.029]
	20	Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266862]

CITED BY 3

	Ian Molloy , Ninghui Li , Tiancheng Li , Ziqing Mao , Qihua Wang , Jorge Lobo, Evaluating role mining algorithms, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello , Nino Vincenzo Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Andreas P. Streich , Mario Frank , David Basin , Joachim M. Buhmann, Multi-assignment clustering for Boolean data, Proceedings of the 26th Annual International Conference on Machine Learning, p.969-976, June 14-18, 2009, Montreal, Quebec, Canada