An improved minimal noise role mining algorithm based on role interpretability
References
[1]
R. Agrawal, R. Srikant, Fast Algorithms for Mining Association Rules, Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 1998, pp. 580–592.
[2]
R. Alrahili, Towards employing process mining for role based access control analysis: a systematic literature review, in: Arai K. (Ed.), Proceedings of the Future Technologies Conference (FTC) 2021, Vol. 1, Springer International Publishing, Cham, 2022, pp. 904–927.
[3]
V. Alturi, D.F. Ferraiolo, Role-based access control, in: van Tilborg H.C.A., Jajodia S. (Eds.), Encyclopedia of Cryptography and Security, 2nd ed., Springer, 2011, pp. 1053–1055,.
[4]
S. Anderer, B. Scheuermann, S. Mostaghim, P. Bauerle, M. Beil, RMPlib: a library of benchmarks for the role mining problem, Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery, New York, NY, USA, 2021, pp. 3–13,.
[5]
S. Anderer, F. Schrader, B. Scheuermann, S. Mostaghim, Evolutionary algorithms for the constrained two-level role mining problem, in: Pérez Cáceres L., Verel S. (Eds.), Evolutionary Computation in Combinatorial Optimization, Springer International Publishing, Cham, 2022, pp. 79–94.
[6]
A. Baumgrass, M. Strembeck, S. Rinderle-Ma, Deriving role engineering artifacts from business processes and scenario models, in: Breu R., Crampton J., Lobo J. (Eds.), 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, Innsbruck, Austria, June 15–17, 2011, Proceedings, ACM, 2011, pp. 11–20,.
[7]
R. Belohlavek, J. Outrata, M. Trnecka, Impact of boolean factorization as preprocessing methods for classification of boolean data, Ann. Math. Artif. Intell. 72 (2014) 3–22,.
[8]
A. Colantonio, R. Di Pietro, A. Ocello, N.V. Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery, New York, NY, USA, 2009, pp. 85–94,.
[9]
A. Colantonio, R. Di Pietro, N.V. Verde, A business-driven decomposition methodology for role mining, Comput. Secur. 31 (7) (2012) 844–855,.
[10]
E.J. Coyne, Role engineering, Proceedings of the First ACM Workshop on Role-Based Access Control, Association for Computing Machinery, New York, NY, USA, 1996, pp. 4–es,.
[11]
D. DeSantis, E. Skau, D.P. Truong, B. Alexandrov, Factorization of binary matrices: rank relations, uniqueness and model selection of boolean decomposition, ACM Trans. Knowl. Discov. Data (2022),.
[12]
X. Du, X. Chang, Performance of ai algorithms for mining meaningful roles, 2014 IEEE Congress on Evolutionary Computation (CEC), 2014, pp. 2070–2076,.
[13]
A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, R.E. Tarjan, Fast exact and heuristic methods for role minimization problems, Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery, New York, NY, USA, 2008, pp. 1–10,.
[14]
N. Gal-Oz, Y. Gonen, E. Gudes, Mining meaningful and rare roles from web application usage patterns, Comput. Secur. 82 (2019) 296–313,.
[15]
S. Hachana, N. Cuppens-Bouhlahia, F. Cuppens, Role mining to assist authorization governance: how far have we gone?, Int. J. Secure Softw.Eng. 3 (4) (2012) 45–64.
[16]
J. Jia, J. Guan, L. Wang, Role mining: survey and suggestion on role mining in access control, in: You I., Chen H.-C., Leu F.-Y., Kotenko I. (Eds.), Mobile Internet Security, Springer Singapore, Singapore, 2020, pp. 34–50.
[17]
H.T. Le, L.K. Shar, D. Bianculli, L.C. Briand, C.D. Nguyen, Automated reverse engineering of role-based access control policies of web applications, J. Syst. Softw. 184 (2022) 111109,.
[18]
H. Lu, J. Vaidya, V. Atluri, Y. Hong, Constraint-aware role mining via extended boolean matrix decomposition, IEEE Trans. Dependable Secure Comput. 9 (5) (2012) 655–669,.
[19]
P. Miettinen, The boolean column and column-row matrix decompositions, Data Min. Knowl. Discov. 17 (1) (2008) 39–56,.
[20]
P. Miettinen, T. Mielikäinen, A. Gionis, G. Das, H. Mannila, The discrete basis problem, IEEE Trans. Knowl. Data Eng. 20 (10) (2008) 1348–1362,.
[21]
P. Miettinen, J. Vreeken, MDL4BMF: minimum description length for boolean matrix factorization, ACM Trans. Knowl. Discov. Data 8 (4) (2014),.
[22]
B. Mitra, S. Sural, J. Vaidya, V. Atluri, Migrating from RBAC to temporal RBAC, IET Inf. Secur. 11 (5) (2017) 294–300,.
[23]
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, J. Lobo, Mining roles with multiple objectives, ACM Trans. Inf. Syst. Secur. 13 (4) (2010),.
[24]
G. Neumann, M. Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery, New York, NY, USA, 2002, pp. 33–42,.
[25]
Oracle. Understanding role mining, role consolidation, and entitlements discovery - oracle identity analytics business administrator’s guide. https://www.docs.oracle.com/cd/E27119_01/doc.11113/e23124/businessadministratorsguideprintable32.html.
[26]
A. Rashid, A. Masood, H. Abbas, Incorporating blockchain into role engineering: a reference architecture using ISO/IEC/IEEE 42010 notation, in: Latifi S. (Ed.), 17th International Conference on Information Technology–New Generations (ITNG 2020), Springer International Publishing, Cham, 2020, pp. 183–189.
[27]
S.D. Stoller, T. Bui, Mining hierarchical temporal roles with multiple metrics, J. Comput. Secur. 26 (1) (2018) 121–142,.
[28]
M. Trnecka, M. Trneckova, An incremental algorithm for the role mining problem, Comput. Secur. 94 (2020) 101830,.
[29]
J. Vaidya, V. Atluri, Q. Guo, The role mining problem: a formal perspective, ACM Trans. Inf. Syst. Secur. 13 (3) (2010),.
[30]
J. Vaidya, V. Atluri, Q. Guo, H. Lu, Role mining in the presence of noise, in: Foresti S., Jajodia S. (Eds.), Data and Applications Security and Privacy XXIV, Springer Berlin Heidelberg, Berlin, Heidelberg, 2010, pp. 97–112.
[31]
J. Vaidya, V. Atluri, Q. Guo, H. Lu, Edge-RMP: minimizing administrative assignments for role-based access control, J. Comput. Secur. 17 (2) (2009) 211–235.
[32]
J. Vaidya, V. Atluri, J. Warner, RoleMiner: mining roles using subset enumeration, in: A. Juels, R.N. Wright, S.D.C. di Vimercati (Eds.), Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, October 30, - November 3, 2006, ACM, 2006, pp. 144–153,.
[33]
J. Wang, J. Dong, Y. Tan, Role mining algorithms satisfied the permission cardinality constraint, Int. J. Netw. Secur. 22 (3) (2020) 371–380.
[34]
Z. Xu, Mining meaningful role-based and attribute-based access control policies, Gradworks, 2014, Dissertations & Theses.
[35]
W. Ye, R. Li, X. Gu, Y. Li, K. Wen, Role mining using answer set programming, Future Gener. Comput. Syst. 55 (2016) 336–343,.
Index Terms
- An improved minimal noise role mining algorithm based on role interpretability
Index terms have been assigned to the content through auto-classification.
Recommendations
Role mining based on cardinality constraints
Role mining was recently proposed to automatically find roles among user-permission assignments using data mining technologies. However, the current studies about role mining mainly focus on how to find roles, without considering the constraints that are ...
Role mining with ORCA
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesWith continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need ...
Mining parameterized role-based policies
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyRole-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a ...
Comments
Information & Contributors
Information
Published In
Elsevier Ltd.
Publisher
Elsevier Advanced Technology Publications
United Kingdom
Publication History
Published: 01 April 2023
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025