ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Role mining - revealing business roles for security administration using data mining technology
Full text PdfPdf (219 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents
Como, Italy
SESSION: Role Engineering table of contents
Pages: 179 - 186  
Year of Publication: 2003
ISBN:1-58113-681-1
Authors
Martin Kuhlmann  SYSTOR Security Solutions GmbH, Hermann-Heinrich-Gossen-Strasse 3, Cologne
Dalia Shohat  SYSTOR Security Solutions GmbH, Hermann-Heinrich-Gossen-Strasse 3, Cologne
Gerhard Schimpf  SMF TEAM IT-Security Consulting, Am Waldweg 23, Pforzheim
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 16,   Downloads (12 Months): 130,   Citation Count: 19
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775435
What is a DOI?

ABSTRACT

In this paper we describe the work devising a new technique for role-finding to implement Role-Based Security Administration. Our results stem from industrial projects, where large-scale customers wanted to migrate to Role-Based Access Control (RBAC) based on already existing access rights patterns in their production IT-systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gerhard Schimpf, Security management for administration and control of corporate-wide, diverse systems, ACM SIGSAC Review, v.15 n.1, p.4-10, Jan. 1997  [doi>10.1145/250021.250022]
 
2
"Security Administration Manager (SAM), Release 2.4. Concepts and Facilities," Systor GmbH & Co. KG, Küüln, Germany (1999).
 
3
B. J. Biddle and E. J. Thomas, "Role Theory: Concepts and Research". New York: Robert E. Krieger Publishing Company, 1979.
 
4
D. F. Ferraiolo and R. D. Kuhn, "Role-Based Access Controls," presented at 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, USA, 1992.
5
Roland Awischus, Role based access control with the security administration manager (SAM), Proceedings of the second ACM workshop on Role-based access control, p.61-68, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266758]
 
6
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
7
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
8
Axel Mönkeberg , René Rakete, Three for one: role-based access-control management in rapidly changing heterogeneous environments, Proceedings of the fifth ACM workshop on Role-based access control, p.83-88, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344306]
9
Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
10
Ravi Sandhu, Engineering authority and trust in cyberspace: the OM-AM and RBAC way, Proceedings of the fifth ACM workshop on Role-based access control, p.111-119, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344309]
11
Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]
12
Edward J. Coyne, Role engineering, Proceedings of the first ACM Workshop on Role-based access control, p.4-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270159]
13
E. B. Fernandez , J. C. Hawkins, Determining role rights from use cases, Proceedings of the second ACM workshop on Role-based access control, p.121-125, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266767]
14
Axel Kern , Martin Kuhlmann , Andreas Schaad , Jonathan Moffett, Observations on the role life-cycle in the context of enterprise security management, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507718]
15
David F. Ferraiolo, An argument for the role-based access control model, Proceedings of the sixth ACM symposium on Access control models and technologies, p.142-143, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.378405]
 
16
Pete A. Epstein , Ravi Sandhu, Engineering of role/permission assignments, 2002
17
Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
18
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
 
19
J. Grabmeyer and A. Rudolph, "Techniques of Cluster Algorithms in Data Mining", IBM Informationssysteme GmbH, December 10, 1998.
 
20
Axel Kern, Advanced Features for Enterprise-Wide Role-Based Access Control, Proceedings of the 18th Annual Computer Security Applications Conference, p.333, December 09-13, 2002
 
21
IBM Intelligent Miner for Data, User Manual.
 
22
H. Rückle and G. Schimpf, "Rollen-Engineering im IT-Berechtigungsmanagement" KES Zeitschrift für Kommunikations- und EDV Sicherheit 5/00, 2000.

CITED BY  19
Horst F. Wedde , Mario Lischka, Modular authorization and administration, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.363-391, August 2004
Axel Kern , Claudia Walhorn, Rule support for role-based access control, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Jürgen Schlegelmilch , Ulrike Steffens, Role mining with ORCA, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Stephen Smaldone , Vinod Ganapathy , Liviu Iftode, Working set-based access control for network file systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello, A cost-driven approach to role engineering, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Alina Ene , William Horne , Nikola Milosavljevic , Prasad Rao , Robert Schreiber , Robert E. Tarjan, Fast exact and heuristic methods for role minimization problems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Mario Frank , David Basin , Joachim M. Buhmann, A class of probabilistic models for role engineering, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Nabil Adam, Migrating to optimal RBAC with minimal perturbation, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Hong Chen , Tiancheng Li , Qihua Wang , Ninghui Li , Elisa Bertino , Seraphin Calo , Jorge Lobo, Mining roles with semantic meanings, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Vijay Atluri, Panel on role engineering, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Lujo Bauer , Scott Garriss , Michael K. Reiter, Detecting and resolving policy misconfigurations in access-control systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Ninghui Li , Tiancheng Li , Ziqing Mao , Qihua Wang , Jorge Lobo, Evaluating role mining algorithms, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Qun Ni , Jorge Lobo , Seraphin Calo , Pankaj Rohatgi , Elisa Bertino, Automating role-based provisioning by learning from examples, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello , Nino Vincenzo Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Andreas P. Streich , Mario Frank , David Basin , Joachim M. Buhmann, Multi-assignment clustering for Boolean data, Proceedings of the 26th Annual International Conference on Machine Learning, p.969-976, June 14-18, 2009, Montreal, Quebec, Canada
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Haibing Lu, Edge-RMP: Minimizing administrative assignments for role-based access control, Journal of Computer Security, v.17 n.2, p.211-235, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Management, Security


Keywords:
data mining, enterprise systems management, identity management, migration, provisioning, role engineering, role-based access control, security administration, security data models, security management, single point of administration and control

Collaborative Colleagues:
Martin Kuhlmann: colleagues
Dalia Shohat: colleagues
Gerhard Schimpf: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player