Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
Finding permission bugs in smart contracts with role mining
ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and AnalysisPages 716–727https://doi.org/10.1145/3533767.3534372Smart contracts deployed on permissionless blockchains, such as Ethereum, are accessible to any user in a trustless environment. Therefore, most smart contract applications implement access control policies to protect their valuable assets from ...
- research-articleJune 2022
The Secrecy Resilience of Access Control Policies and Its Application to Role Mining
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and TechnologiesPages 115–126https://doi.org/10.1145/3532105.3535030We propose a notion that we call the secrecy resilience of an access control policy that, to our knowledge, has not been explored in prior work. We seek to capture with this notion the property inherent to an access control policy that measures its ...
- research-articleJune 2022Best Paper
Generalized Noise Role Mining
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and TechnologiesPages 91–102https://doi.org/10.1145/3532105.3535024Role mining seeks to compute a set of roles R, a user-role authorization relation UA and a permission-role authorization relation PA, given a user-permission authorization relation UPA, and is therefore a core problem in the specification of role-based ...
- research-articleApril 2021
A Scalable Role Mining Approach for Large Organizations
IWSPA '21: Proceedings of the 2021 ACM Workshop on Security and Privacy AnalyticsPages 45–54https://doi.org/10.1145/3445970.3451154Role-based access control (RBAC) model has gained significant attention in cybersecurity in recent years. RBAC restricts system access only to authorized users based on the roles and regulations within an organization. The flexibility and usability of ...
- research-articleJune 2020
Informed Privilege-Complexity Trade-Offs in RBAC Configuration
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and TechnologiesPages 119–130https://doi.org/10.1145/3381991.3395597Role-Based Access Control (RBAC) has the potential both to simplify administration and improve an organization's security. But for non-trivial configurations, there is a conflict between defining fine-grained roles which adhere to the principle of least ...
-
- research-articleJuly 2018
Genetic algorithms for role mining in critical infrastructure data spaces
GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference CompanionPages 1688–1695https://doi.org/10.1145/3205651.3208283In the paper, a Role Mining problem, which is the cornerstone for creating Role-Based Access Control (RBAC) systems, is transferred to the domain of data spaces. RBAC is the most widespread model of access control in different multi-user information ...
- research-articleSeptember 2017
A Survey on Access Control Mechanisms in E-commerce Environments
BCI '17: Proceedings of the 8th Balkan Conference in InformaticsArticle No.: 16, Pages 1–6https://doi.org/10.1145/3136273.3136288With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. Access Control (AC) represents the process of mediating every request to services and data, ...
- surveyFebruary 2016
A Survey of Role Mining
ACM Computing Surveys (CSUR), Volume 48, Issue 4Article No.: 50, Pages 1–37https://doi.org/10.1145/2871148Role-Based Access Control (RBAC) is the most widely used model for advanced access control deployed in diverse enterprises of all sizes. RBAC critically depends on defining roles, which are a functional intermediate between users and permissions. Thus, ...
- articleAugust 2015
Role mining based on cardinality constraints
Concurrency and Computation: Practice & Experience (CCOMP), Volume 27, Issue 12Pages 3126–3144https://doi.org/10.1002/cpe.3456Role mining was recently proposed to automatically find roles among user-permission assignments using data mining technologies. However, the current studies about role mining mainly focus on how to find roles, without considering the constraints that are ...
- research-articleJune 2015
Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach
SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and TechnologiesPages 211–220https://doi.org/10.1145/2752952.2752975Role Based Access Control (RBAC) is the most widely used advanced access control model deployed in a variety of organizations. To deploy an RBAC system, one needs to first identify a complete set of roles, including permission role assignments and role ...
- keynoteNovember 2014
Detecting Roles and Anomalies in Hospital Access Audit Logs
SafeConfig '14: Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and AutomationPage 1https://doi.org/10.1145/2665936.2668879There is significant risk in denying access to a healthcare provider who seeks to examine a patient's medical record. For this reason, hospital access control systems are generally based on optimistic security in which providers are given broad ...
- research-articleJuly 2014
User-driven system-mediated collaborative information retrieval
SIGIR '14: Proceedings of the 37th international ACM SIGIR conference on Research & development in information retrievalPages 485–494https://doi.org/10.1145/2600428.2609598Most of the previous approaches surrounding collaborative information retrieval (CIR) provide either a user-based mediation, in which the system only supports users' collaborative activities, or a system-based mediation, in which the system plays an ...
- ArticleDecember 2013
Towards Policy Engineering for Attribute-Based Access Control
INTRUST 2013: Proceedings of the 5th International Conference on Trusted Systems - Volume 8292Pages 85–102https://doi.org/10.1007/978-3-319-03491-1_6Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to ...
- ArticleJuly 2013
Role Mining Using Boolean Matrix Decomposition with Hierarchy
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and CommunicationsPages 805–812https://doi.org/10.1109/TrustCom.2013.98With the increasing adoption of role-based access control (RBAC) in business security, how to apply role mining technology to aid the process of migrating a non-RBAC system to a RBAC system has become an important problem. Numerous approaches have been ...
- demonstrationJune 2013
RMiner: a tool set for role mining
SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologiesPages 193–196https://doi.org/10.1145/2462410.2462431Recently, there are many approaches proposed for mining roles using automated technologies. However, it lacks a tool set that can be used to aid the application of role mining approaches and update role states. In this demonstration, we introduce a tool ...
- research-articleJune 2013
Evolving role definitions through permission invocation patterns
SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologiesPages 37–48https://doi.org/10.1145/2462410.2462422In role-based access control (RBAC), roles are traditionally defined as sets of permissions. Roles specified by administrators may be inaccurate, however, such that data mining methods have been proposed to learn roles from actual permission ...
- research-articleFebruary 2013
Mining parameterized role-based policies
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyPages 255–266https://doi.org/10.1145/2435349.2435384Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a ...
- ArticleJuly 2012
Approximation Algorithms for Minimizing the Number of Roles and Administrative Assignments in RBAC
COMPSACW '12: Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference WorkshopsPages 427–432https://doi.org/10.1109/COMPSACW.2012.81In role based access control (RBAC), minimizing the descriptive set of roles (specified as Basic-RMP) and minimizing the administrative assignments for roles (specified as Edge-RMP) can greatly decrease the management costs. Both role mining problems ...
- research-articleJune 2012
Algorithms for mining meaningful roles
SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and TechnologiesPages 57–66https://doi.org/10.1145/2295136.2295146Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a ...
- research-articleJune 2012
Generative models for access control policies: applications to role mining over logs with attribution
SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and TechnologiesPages 45–56https://doi.org/10.1145/2295136.2295145We consider a fundamentally new approach to role and policy mining: finding RBAC models which reflect the observed usage of entitlements and the attributes of users. Such policies are interpretable, i.e., there is a natural explanation of why a role is ...
