ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Mining roles with semantic meanings
Full text PdfPdf (314 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 13th ACM symposium on Access control models and technologies table of contents
Estes Park, CO, USA
SESSION: Role mining table of contents
Pages 21-30  
Year of Publication: 2008
ISBN:978-1-60558-129-3
Authors
Ian Molloy  Purdue University, West Lafayette, IN
Hong Chen  Purdue University, West Lafayette, IN
Tiancheng Li  Purdue University, West Lafayette, IN
Qihua Wang  Purdue University, West Lafayette, IN
Ninghui Li  Purdue University, West Lafayette, IN
Elisa Bertino  Purdue University, West Lafayette, IN
Seraphin Calo  IBM T.J. Watson Research Center, Hawthorne, NY
Jorge Lobo  IBM T.J. Watson Research Center, Hawthorne, NY
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 198,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1377836.1377840
What is a DOI?

ABSTRACT

With the growing adoption of role-based access control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. Researchers have proposed to use data mining techniques to discover roles to complement the costly top-down approaches for RBAC system construction. A key problem that has not been adequately addressed by existing role mining approaches is how to discover roles with semantic meanings. In this paper, we study the problem in two settings with different information availability. When the only information is user-permission relation, we propose to discover roles whose semantic meaning is based on formal concept lattices. We argue that the theory of formal concept analysis provides a solid theoretical foundation for mining roles from userpermission relation. When user-attribute information is also available, we propose to create roles that can be explained by expressions of user-attributes. Since an expression of attributes describes a real-world concept, the corresponding role represents a real-world concept as well. Furthermore, the algorithms we proposed balance the semantic guarantee of roles with system complexity. Our experimental results demonstrate the effectiveness of our approaches.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Boost C++ Libraries. http://www.boost.org/.
 
2
Axel Bucker, Identity Management Design Guide With IBM Tivoli Identity Manager, Vervante, 2005
3
Edward J. Coyne, Role engineering, Proceedings of the first ACM Workshop on Role-based access control, p.4-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270159]
 
4
M. P. Gallaher, A. C. O'Connor, and B. Kropp. The economic impact of role-based access control. Planning Report 02-1, National Institute of Standards and Technology, Mar. 2002.
 
5
Bernhard Ganter , C. Franzke , Rudolf Wille, Formal Concept Analysis: Mathematical Foundations, Springer-Verlag New York, Inc., Secaucus, NJ, 1997
6
Martin Kuhlmann , Dalia Shohat , Gerhard Schimpf, Role mining - revealing business roles for security administration using data mining technology, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775435]
 
7
C. Lindig. Fast concept analysis. In G. Stumme, editor, Working with Conceptual Structures - Contributions to ICCS 2000, 2000.
8
Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507717]
9
Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
10
Jürgen Schlegelmilch , Ulrike Steffens, Role mining with ORCA, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1064008]
11
Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, On modeling system-centric information for role engineering, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775434]
 
12
S. D. Stoller, P. Yang, C. R. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control, Oct. 2007.
13
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France  [doi>10.1145/1266840.1266870]
14
Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180424]
15
Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France  [doi>10.1145/1266840.1266862]

CITED BY  5
Vijay Atluri, Panel on role engineering, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Ninghui Li , Tiancheng Li , Ziqing Mao , Qihua Wang , Jorge Lobo, Evaluating role mining algorithms, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Qun Ni , Jorge Lobo , Seraphin Calo , Pankaj Rohatgi , Elisa Bertino, Automating role-based provisioning by learning from examples, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello , Nino Vincenzo Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Haibing Lu, Edge-RMP: Minimizing administrative assignments for role-based access control, Journal of Computer Security, v.17 n.2, p.211-235, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.8 Database applications
          Subjects: Data mining


General Terms:
Management, Security


Keywords:
RBAC, role engineering, role mining

Collaborative Colleagues:
Ian Molloy: colleagues
Hong Chen: colleagues
Tiancheng Li: colleagues
Qihua Wang: colleagues
Ninghui Li: colleagues
Elisa Bertino: colleagues
Seraphin Calo: colleagues
Jorge Lobo: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player