research-article

Migrating from RBAC to temporal RBAC

Authors:

Jaideep Vaidya,

Vijayalakshmi AtluriAuthors Info & Claims

IET Information Security, Volume 11, Issue 5

Pages 294 - 300

https://doi.org/10.1049/iet-ifs.2016.0258

Published: 01 September 2017 Publication History

Abstract

The last two decades have witnessed an emergence of role‐based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non‐temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

7 References

[1]

Sandhu, R.S., Coyne, E.J., Feinstein, H.L. et al: ‘Role‐based access control models’, IEEE Comput., 1996, 29, (2), pp. 38–47

[2]

Coyne, E.J.: ‘Role engineering’. Proc. of 1st ACM Workshop on Role‐Based Access Control, 1995, pp. 15–16

[3]

Narouei, M., Takabi, H.: ‘Towards an automatic top‐down role engineering approach using natural language processing techniques’. Proc. of 20th ACM Symp. on Access Control Models and Technologies, 2015, pp. 157–160

[4]

Neumann, G., Strembeck, M.: ‘A scenario‐driven role engineering process for functional RBAC roles’. Proc. of 7th ACM Symp. on Access Control Models and Technologies, 2002, pp. 33–42

[5]

Roeckle, H., Schimpf, G., Weidinger, R.: ‘Process‐oriented approach for role‐finding to implement role‐based security administration in a large industrial organization’. Proc. of 5th ACM Workshop on Role‐Based Access Control, 2000, pp. 103–110

[6]

Strembeck, M.: ‘Scenario‐driven role engineering’, IEEE Secur. Privacy, 2010, 8, (1), pp. 28–35

[7]

Frank, M., Buhmann, J.M., Basin, D.: ‘Role mining with probabilistic models’, ACM Trans. Inf. Syst. Secur., 2013, 15, (4), pp. 1–28

[8]

Molloy, I., Chen, H., Li, T. et al: ‘Mining roles with multiple objectives’, ACM Trans. Inf. Syst. Secur., 2010, 13, (4), pp. 36:1–36:35

[9]

Vaidya, J., Atluri, V., Guo, Q.: ‘The role mining problem: a formal perspective’, ACM Trans. Inf. Syst. Secur., 2010, 13, (3), pp. 27:1–27:31

[10]

Blundo, C., Cimato, S.: ‘A simple role mining algorithm’. Proc. of 25th ACM Symp. on Applied Computing, 2010, pp. 1958–1962

[11]

Vaidya, J., Atluri, V., Guo, Q. et al: ‘Edge‐RMP: Minimizing administrative assignments for role‐based access control’, J. Comput. Secur., 2009, 17, (2), pp. 211–235

[12]

Lu, H., Hong, Y., Yang, Y. et al: ‘Towards user‐oriented RBAC model’, J. Comput. Secur., 2015, 23, (1), pp. 107–129

[13]

Zhang, D., Ramamohanarao, K., Ebringer, T.: ‘Role engineering using graph optimisation’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2007, pp. 139–144

[14]

Harika, P., Nagajyothi, M., John, J.C. et al: ‘Meeting cardinality constraints in role mining’, IEEE Trans. Dependable Secur. Comput., 2015, 12, (1), pp. 71–84

[15]

Hu, J., Khan, K.M., Bai, Y. et al: ‘Constraint‐enhanced role engineering via answer set programming’. Proc. of 7th ACM Symp. on Information, Computer and Communications Security, 2012, pp. 73–74

[16]

Sarana, P., Roy, A., Sural, S. et al: ‘Role mining in the presence of separation of duty constraints’. Proc. of 11th Int. Conf. on Information Systems Security, 2015, pp. 98–117

[17]

Blundo, C., Cimato, S.: ‘Constrained role mining’. Proc. of 8th Int. Workshop on Security and Trust Management, 2012, pp. 289–304

[18]

Vaidya, J., Atluri, V., Warner, J. et al: ‘Role engineering via prioritized subset enumeration’, IEEE Trans. Dependable Secur. Comput., 2010, 7, (3), pp. 300–314

[19]

Zhang, W., Chen, Y., Gunter, C. et al: ‘Evolving role definitions through permission invocation patterns’. Proc. of 18th ACM Symp. on Access Control Models and Technologies, 2013, pp. 37–48

[20]

Ene, A., Horne, W., Milosavljevic, N. et al: ‘Fast exact and heuristic methods for role minimization problems’. Proc. of 13th ACM Symp. on Access Control Models and Technologies, 2008, pp. 1–10

[21]

Huang, H., Shang, F., Liu, J. et al: ‘Handling least privilege problem and role mining in RBAC’, J. Comb. Optim., 2013, 30, (1), pp. 63–86

[22]

Lu, H., Vaidya, J., Atluri, V.: ‘Optimal Boolean matrix decomposition: application to role engineering’. Proc. of 24th IEEE Int. Conf. on Data Engineering, 2008, pp. 297–306

[23]

Lu, H., Vaidya, J., Atluri, V.: ‘An optimization framework for role mining’, J. Comput. Secur., 2014, 22, (1), pp. 1–31

[24]

Mitra, B., Sural, S., Vaidya, J. et al: ‘A survey of role mining’, ACM Comput. Surv. (CSUR), 2016, 48, (4), p. 50

[25]

Bertino, E., Bonatti, P.A., Ferrari, E.: ‘TRBAC: a temporal role‐based access control model’, ACM Trans. Inf. Syst. Secur., 2001, 4, (3), pp. 191–233

[26]

Mitra, B., Sural, S., Atluri, V. et al: ‘Toward mining of temporal roles’. Proc. of 27th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy, 2013, pp. 65–80

[27]

Mitra, B., Sural, S., Atluri, V. et al: ‘The generalized temporal role mining problem’, J. Comput. Secur., 2015, 23, (1), pp. 31–58

[28]

Mitra, B., Sural, S., Vaidya, J. et al: ‘Mining temporal roles using many‐valued concepts’, Comput. Secur., 2016, 60, pp. 79–94

[29]

Molloy, I., Li, N., Li, T. et al: ‘Evaluating role mining algorithms’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2009, pp. 95–104

Cited By

Kang HLiu GWang QZhang QNiu JLuo N(2023)An improved minimal noise role mining algorithm based on role interpretabilityComputers and Security10.1016/j.cose.2023.103100127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103100
Pandit AChatterjee KSingh A(2023)Secure fine grained access control for telecare medical communication systemTelecommunications Systems10.1007/s11235-023-01033-184:1(1-21)Online publication date: 29-Jun-2023
https://dl.acm.org/doi/10.1007/s11235-023-01033-1
Lu JXin YZhang ZPeng HHan J(2018)Supporting user authorization queries in RBAC systems by role–permission reassignmentFuture Generation Computer Systems10.1016/j.future.2018.01.01088:C(707-717)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1016/j.future.2018.01.010

Recommendations

DW-RBAC: A formal security model of delegation and revocation in workflow systems

One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current ...
A delegation model for extended RBAC

In the field of access control, delegation is an important aspect that is considered part of the administration mechanism. Thus, a comprehensive access control model must provide a flexible administration model to manage delegation and revocation. ...
Deploying ABAC policies using RBAC systems

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not ...

Comments

Information & Contributors

Information

Published In

cover image IET Information Security

IET Information Security Volume 11, Issue 5

September 2017

78 pages

EISSN:1751-8717

DOI:10.1049/ise2.v11.5

Issue’s Table of Contents

© 2020 The Institution of Engineering and Technology.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 September 2017

Author Tags

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kang HLiu GWang QZhang QNiu JLuo N(2023)An improved minimal noise role mining algorithm based on role interpretabilityComputers and Security10.1016/j.cose.2023.103100127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103100
Pandit AChatterjee KSingh A(2023)Secure fine grained access control for telecare medical communication systemTelecommunications Systems10.1007/s11235-023-01033-184:1(1-21)Online publication date: 29-Jun-2023
https://dl.acm.org/doi/10.1007/s11235-023-01033-1
Lu JXin YZhang ZPeng HHan J(2018)Supporting user authorization queries in RBAC systems by role–permission reassignmentFuture Generation Computer Systems10.1016/j.future.2018.01.01088:C(707-717)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1016/j.future.2018.01.010

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents