research-article

The role mining problem: A formal perspective

Authors:

Jaideep Vaidya,

Vijayalakshmi Atluri,

Qi GuoAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 3

Article No.: 27, Pages 1 - 31

https://doi.org/10.1145/1805974.1805983

Published: 30 July 2010 Publication History

Abstract

Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role-based access control. A key problem related to this is the notion of goodness/interestingness—when is a role good/interesting? In this article, we define the Role Mining Problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions. The main contribution of this article is to formally define RMP and analyze its theoretical bounds. In addition to the above basic RMP, we introduce two different variations of the RMP, called the δ-Approx RMP and the minimal-noise RMP that have pragmatic implications. We reduce the known “Set Basis Problem” to RMP to show that RMP is an NP-complete problem. An important contribution of this article is also to show the relation of the RMP to several problems already identified in the data mining and data analysis literature. By showing that the RMP is in essence reducible to these known problems, we can directly borrow the existing implementation solutions and guide further research in this direction. We also develop a heuristic solution based on the previously proposed FastMiner algorithm, which is very accurate and efficient.

References

[1]

Brooks, K. 1999. Migrating to role-based access control. In Proceedings of the 4th Workshop on Role-Based Access Control. ACM, New York, 71--81.

Digital Library

[2]

Coyne, E. J. 1996. Role engineering. In Proceedings of the 1st Workshop on Role-Based Access Control. ACM, New York, 4.

Digital Library

[3]

Damm, C., Kim, K. H., and Roush, F. 1999. On covering and rank problems for Boolean matrices and their applications. In Proceedings of the 5th Annual International Conference on Computing and Combinatorics. Springer-Verlag, Berlin, 123--133.

Digital Library

[4]

Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., and Jan, R. T. 2008. Fast exact and heuristic methods for role minimization problems. In Proceedings of the Symposium on Access Control Models and Technologies. ACM, New York.

Digital Library

[5]

Epstein, P. and Sandhu, R. 2001. Engineering of role/permission assignments. In Proceedings of the 17th Annual Computer Security Applications Conference. IEEE, Los Alamitos, CA, 127--136.

Digital Library

[6]

Fernandez, E. B. and Hawkins, J. C. 1997. Determining role rights from use cases. In Proceedings of the 2nd Workshop on Role-Based Access Control. ACM, New York, 121--125.

Digital Library

[7]

Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed nist standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3, 224--274.

Digital Library

[8]

Gallagher, M. P., O'Connor, A. C., and Kropp, B. 2002. The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology.

[9]

Garey, M. R. and Johnson, D. S. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, New York.

Digital Library

[10]

Geerts, F., Goethals, B., and Mielikainen, T. 2004. Tiling databases. In Discovery Science. Springer-Verlag, Berlin, 278--289.

[11]

Han, J., Pei, J., and Yin, Y. 2000. Mining frequent patterns without candidate generation. In Proceedings of the International Conference on Management of Data. ACM, New York, 1--12.

Digital Library

[12]

Hochbaum, D. S. 1998. Approximating clique and biclique problems. J. Algorithms 29, 1, 174--200.

Digital Library

[13]

Kern, A., Kuhlmann, M., Schaad, A., and Moffett, J. 2002. Observations on the role lifecycle in the context of enterprise security management. In Proceedings of the 7th Symposium on Access Control Models and Technologies. ACM, New York, 43--51.

Digital Library

[14]

Kuhlmann, M., Shohat, D., and Schimpf, G. 2003. Role mining—revealing business roles for security administration using data mining technology. In Proceedings of the 8th Symposium on Access Control Models and Technologies. ACM, New York, 179--186.

Digital Library

[15]

Lu, H., Vaidya, J., and Atluri, V. 2008. Optimal Boolean matrix decomposition: Application to role engineering. In Proceedings of the 24th International Conference on Data Engineering. IEEE, Los Alamitos, CA, 297--306.

Digital Library

[16]

Markowsky, G. 1992. Ordering d-classes and computing schein rank is hard. Semi-Group Forum 44, 373--375.

[17]

Mielikäinen, T. 2003. Intersecting data to closed sets with constraints. In Proceedings of the Workshop on Frequent Itemset Mining Implementations. CEUR, The Netherlands.

[18]

Miettinen, P. 2006. The discrete basis problem, master's thesis. M.S. thesis, University of Helsinki.

[19]

Miettinen, P., Mielikainen, T., Gionis, A., Das, G., and Mannila, H. 2006. The discrete basis problem. In Proceedings of the 10th European Conference on Principles and Knowledge Discovery in Databases. Springer, Berlin, 335--346.

Digital Library

[20]

Mishra, N., Ron, D., and Swaminathan, R. 2003. On finding large conjunctive clusters. In Learning Theory and Kernel Machines: Proceedings of the 16th Annual Conference on Learning Theory and 7th Kernel Workshop (COLT/Kernel'03). Springer, Berlin, 448--462.

[21]

Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., and Lobo, J. 2008. Mining roles with semantic meanings. In Proceedings of the 13th Symposium on Access Control Models and Technologies. ACM, New York, 21--30.

Digital Library

[22]

Neumann, G. and Strembeck, M. 2002. A scenario-driven role engineering process for functional rbac roles. In Proceedings of the 7th Symposium on Access Control Models and Technologies. ACM, New York, 33--42.

Digital Library

[23]

Pan, F., Cong, G., Tung, A. K. H., Yang, J., and Zaki, M. J. 2003. Carpenter: Finding closed patterns in long biological datasets. In Proceedings of the 9th International Conference on Knowledge Discovery and Data Mining. ACM, New York, 637--642.

Digital Library

[24]

Peeters, R. 2003. The maximum edge biclique problem is np-complete. Discrete Appl. Math. 131, 3, 651--654.

Digital Library

[25]

Roeckle, H., Schimpf, G., and Weidinger, R. 2000. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proceedings of the 5th Workshop on Role-based Access Control. ACM, New York, 103--110.

Digital Library

[26]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Computer 29, 2, 38--47.

Digital Library

[27]

Schaad, A., Moffett, J., and Jacob, J. 2001. The role-based access control system of a European bank: a case study and discussion. In Proceedings of the 6th Symposium on Access Control Models and Technologies. ACM, New York, 3--9.

Digital Library

[28]

Schlegelmilch, J. and Steffens, U. 2005. Role mining with orca. In Proceedings of the 10th Symposium on Access Control Models and Technologies. ACM, New York, 168--176.

Digital Library

[29]

Shin, D., Ahn, G.-J., Cho, S., and Jin, S. 2003. On modeling system-centric information for role engineering. In Proceedings of the 8th Symposium on Access Control Models and Technologies. ACM, New York, 169--178.

Digital Library

[30]

Thomsen, D., O'Brien, R., and Bogle, J. 1998. Role-based access control framework for network enterprises. In Proceedings of the 14th Annual Computer Security Applications Conference. IEEE, Los Alamitos, CA, 50--58.

Digital Library

[31]

Vaidya, J., Atluri, V., and Warner, J. 2006. Roleminer: Finding roles using subset enumeration. In Proceedings of the 13th Conference on Computer and Communications Security. ACM, New York.

Digital Library

Cited By

Blundo CCimato S(2023)Role mining under User-Distribution cardinality constraintJournal of Information Security and Applications10.1016/j.jisa.2023.10361178:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103611
Kang HLiu GWang QZhang QNiu JLuo N(2023)An improved minimal noise role mining algorithm based on role interpretabilityComputers and Security10.1016/j.cose.2023.103100127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103100
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Show More Cited By

Index Terms

The role mining problem: A formal perspective
1. Information systems
  1. Information systems applications
    1. Data mining
2. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Evaluating role mining algorithms
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

While many role mining algorithms have been proposed in recent years, there lacks a comprehensive study to compare these algorithms. These role mining algorithms have been evaluated when they were proposed, but the evaluations were using different ...
On the definition of role mining
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

There have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for ...
Role mining with ORCA
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 13, Issue 3

July 2010

253 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1805974

Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 July 2010

Accepted: 01 February 2009

Received: 01 January 2008

Published in TISSEC Volume 13, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
713
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Blundo CCimato S(2023)Role mining under User-Distribution cardinality constraintJournal of Information Security and Applications10.1016/j.jisa.2023.10361178:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103611
Kang HLiu GWang QZhang QNiu JLuo N(2023)An improved minimal noise role mining algorithm based on role interpretabilityComputers and Security10.1016/j.cose.2023.103100127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103100
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Karimi LAldairi MJoshi JAbdelhakim M(2022)An Automatic Attribute-Based Access Control Policy Extraction From Access LogsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305433119:4(2304-2317)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3054331
Blundo CCimato SSiniscalchi L(2022)Heuristics for constrained role mining in the post-processing frameworkJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03648-114:8(9925-9937)Online publication date: 25-Jan-2022
https://doi.org/10.1007/s12652-021-03648-1
Blundo CCimato SSiniscalchi L(2021)Role Mining Heuristics for Permission-Role-Usage Cardinality ConstraintsThe Computer Journal10.1093/comjnl/bxaa18665:6(1386-1411)Online publication date: 13-Feb-2021
https://doi.org/10.1093/comjnl/bxaa186
Talegaon SKrishnan R(2021)A Formal Specification of Access Control in Android with URI PermissionsInformation Systems Frontiers10.1007/s10796-020-10066-923:4(849-866)Online publication date: 1-Aug-2021
https://dl.acm.org/doi/10.1007/s10796-020-10066-9
Liu ADu XWang N(2020)Access Control Role Evolution Mechanism for Open Computing EnvironmentElectronics10.3390/electronics90305179:3(517)Online publication date: 21-Mar-2020
https://doi.org/10.3390/electronics9030517
Currey JMcKinstry RDadgar AGritter MLobo JStoller SLiu P(2020)Informed Privilege-Complexity Trade-Offs in RBAC ConfigurationProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395597(119-130)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395597
Talegaon SKrishnan R(2020)Role-Based Access Control Models for Android2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA50397.2020.00033(179-188)Online publication date: Oct-2020
https://doi.org/10.1109/TPS-ISA50397.2020.00033
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents