research-article

Mining roles with noisy data

Authors:

Yuan (Alan) Qi,

Luke DickensAuthors Info & Claims

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

Pages 45 - 54

https://doi.org/10.1145/1809842.1809852

Published: 11 June 2010 Publication History

Abstract

There has been increasing interest in automatic techniques for generating roles for role based access control, a process known as role mining. Most role mining approaches assume the input data is clean, and attempt to optimize the RBAC state. We examine role mining with noisy input data and suggest dividing the problem into two steps: noise removal and candidate role generation. We introduce an approach to use (non-binary) rank reduced matrix factorization to identify noise and experimentally show that it is effective at identifying noise in access control data. User- and permission-attributes can further be used to improve accuracy. Next, we show that our two-step approach is able to find candidate roles that are close to the roles mined from noise-less data. This method performs better than the approach of mining noisy data directly and offering the administrator increased control in the noise removal and candidate role generation phases. We note that our approach is applicable outside role engineering and may be used to identify errors or predict missing values in any access control matrix.

References

[1]

L. Bauer, S. Garriss, and M. K. Reiter. Detecting and resolving policy misconfigurations in access-control systems. In SACMAT'08, pages 185--194, 2008.

Digital Library

[2]

A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. Mining stable roles in RBAC. In IFIP Advances in Information and Communication Technology, 2009.

[3]

A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. Fast exact and heuristic methods for role minimization problems. In SACMAT'08, pages 1--10, 2008.

Digital Library

[4]

M. Frank, D. A. Basin, and J. M. Buhmann. A class of probabilistic models for role engineering. In CCS'08, pages 299--310, 2008.

Digital Library

[5]

M. Frank, A. P. Streich, D. Basin, and J. M. Buhmann. A probabilistic approach to hybrid role mining. In CCS'09, pages 101--111, 2009.

Digital Library

[6]

C. Kemp, J. B. Tenenbaum, T. L. Griffiths, T. Yamada, and N. Ueda. Learning systems of concepts with an infinite relational model. In National Conference on Artificial Intelligence, 2006.

Digital Library

[7]

M. Koyutrk, A. Grama, and N. Ramakrishnan. u Nonorthogonal decomposition of binary matrices for bounded-error data compression and analysis. ACM Trans. Math. Softw., 32(1):33--69, 2006.

Digital Library

[8]

H. W. Kuhn. The hungarian method for the assignment problem. Naval Research Logistics Quarterly, 2(83-97), 1955.

[9]

D. Lee and H. Seung. Learning the parts of objects by non-negative matrix factorization. Nature, 401(6755):788--791, Oct 1999.

[10]

H. Lu, J. Vaidya, and V. Atluri. Optimal boolean matrix decomposition: Application to role engineering. In ICDE'08, pages 297--306, 2008.

Digital Library

[11]

I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. B. Calo, and J. Lobo. Mining roles with semantic meanings. In SACMAT'08, pages 21--30, 2008.

Digital Library

[12]

I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo. Evaluating role mining algorithms. In SACMAT, 2009.

Digital Library

[13]

Q. Ni, J. Lobo, S. Calo, P. Rohatgi, and E. Bertino. Automating role-based provisioning by learning from examples. In SACMAT'09, pages 75--84, 2009.

Digital Library

[14]

A. I. Schein, L. K. Saul, and L. H. Ungar. A generalized linear model for principal component analysis of binary data. In International Workshop on Artificial Intelligence and Statistics, 2003.

[15]

M. N. Schmidt, O. Winther, and L. K. Hansen. Bayesian non-negative matrix factorization. In Independent Component Analysis and Signal Separation, International Conference on, volume 5441 of LNCS, pages 540--547. Springer, 2009.

Digital Library

[16]

J. Schwartz, A. Steger, and A. Weißl. Fast algorithms for weighted bipartite matching. Experimental and Efficient Algorithms, pages 476--487, 2005.

Digital Library

[17]

A. P. Singh and G. J. Gordon. Relational learning via collective matrix factorization. In KDD'08, 2008.

Digital Library

[18]

A. P. Singh and G. J. Gordon. A unified view of matrix factorization models. In ECML/PKDD (2), pages 358--373, 2008.

[19]

A. P. Streich, M. Frank, D. Basin, and J. M. Buhmann. Multi-assignment clustering for boolean data. In ICML '09, pages 969--976, 2009.

Digital Library

[20]

J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: Finding a minimal descriptive set of roles. In SACMAT'07, pages 175--184, 2007.

Digital Library

[21]

J. Vaidya, V. Atluri, Q. Guo, and N. Adam. Migrating to optimal RBAC with minimal perturbation. In SACMAT'08, pages 11--20, 2008.

Digital Library

[22]

M. E. Wall, A. Rechtsteiner, and L. M. Rocha. Singular value decomposition and principal component analysis, chapter 5, pages 91--109. Kluwer, 2003.

Cited By

Iyer PMasoumzadeh ARanise SCarbone RTakabi D(2023)Towards Automated Learning of Access Control Policies Enforced by Web ApplicationsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3594743(163-168)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3594743
Iyer PMasoumzadeh ADietrich SChowdhury OTakabi D(2022)Effective Evaluation of Relationship-Based Access Control Policy MiningProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535022(127-138)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535022
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Show More Cited By

Index Terms

Mining roles with noisy data
1. Information systems
  1. Information systems applications
    1. Data mining
2. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

A Survey of Role Mining

Role-Based Access Control (RBAC) is the most widely used model for advanced access control deployed in diverse enterprises of all sizes. RBAC critically depends on defining roles, which are a functional intermediate between users and permissions. Thus, ...
Mining Roles with Multiple Objectives

With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. ...
On the definition of role mining
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

There have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

June 2010

212 pages

ISBN:9781450300490

DOI:10.1145/1809842

General Chair:
James Joshi
University of Pittsburgh, USA
,
Program Chair:
Barbara Carminati
University of Insubria, Italy

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT'10

Sponsor:

SIGSAC

SACMAT'10: 15th ACM Symposium on Access Control Models and Technologies

June 9 - 11, 2010

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
603
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Iyer PMasoumzadeh ARanise SCarbone RTakabi D(2023)Towards Automated Learning of Access Control Policies Enforced by Web ApplicationsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3594743(163-168)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3594743
Iyer PMasoumzadeh ADietrich SChowdhury OTakabi D(2022)Effective Evaluation of Relationship-Based Access Control Policy MiningProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535022(127-138)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535022
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Abolfathi MRaghebi ZJafarian HBanaei-Kashani FMohan CSung A(2021)A Scalable Role Mining Approach for Large OrganizationsProceedings of the 2021 ACM Workshop on Security and Privacy Analytics10.1145/3445970.3451154(45-54)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3445970.3451154
Iyer PMasoumzadeh ALobo JStoller SLiu P(2020)Active Learning of Relationship-Based Access Control PoliciesProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395614(155-166)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395614
Jia JGuan JWang L(2020)Role Mining: Survey and Suggestion on Role Mining in Access ControlMobile Internet Security10.1007/978-981-15-9609-4_4(34-50)Online publication date: 2-Nov-2020
https://doi.org/10.1007/978-981-15-9609-4_4
Iyer PMasoumzadeh AKerschbaum FMashatan ANiu JLee A(2019)Generalized Mining of Relationship-Based Access Control Policies in Evolving SystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325419(135-140)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325419
Bui TStoller SLi J(2019)Mining Relationship-Based Access Control Policies from Incomplete and Noisy DataFoundations and Practice of Security10.1007/978-3-030-18419-3_18(267-284)Online publication date: 14-Apr-2019
https://doi.org/10.1007/978-3-030-18419-3_18
Iyer PMasoumzadeh ABertino ELin DLobo J(2018)Mining Positive and Negative Attribute-Based Access Control Policy RulesProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3205988(161-172)Online publication date: 7-Jun-2018
https://dl.acm.org/doi/10.1145/3205977.3205988
Kalaskar ABarkade V(2018)FP-Growth Policy Mining for Access Control Policies2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA)10.1109/ICCUBEA.2018.8697508(1-4)Online publication date: Aug-2018
https://doi.org/10.1109/ICCUBEA.2018.8697508
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents