ABSTRACT
Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role based access control. A key problem related to this is the notion of goodness/interestingness -- when is a role good/interesting? In this paper, we define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions. The main contribution of this paper is to formally define RMP, and analyze its theoretical bounds. In addition to the above basic RMP, we introduce two different variations of the RMP, called the δ-approx RMP and the Minimal Noise RMP that have pragmatic implications. We reduce the known "set basis problem" to RMP to show that RMP is an NP-complete problem. An important contribution of this paper is also to show the relation of the role mining problem to several problems already identified in the data mining and data analysis literature. By showing that the RMP is in essence reducible to these known problems, we can directly borrow the existing implementation solutions and guide further research in this direction.
- C. Damm, K. H. Kim, and F. Roush. On covering and rank problems for boolean matrices and their applications. In Computing and Combinatorics: 5th Annual International Conference, COCOON '99,volume 1627 of Lecture Notes in Computer Science, pages 123--133. Springer-Verlag, 1999. Google ScholarDigital Library
- E. J. Coyne. Role-engineering. In 1st ACM Workshop on Role-Based Access Control, 1995. Google ScholarDigital Library
- D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. TISSEC, 2001. Google ScholarDigital Library
- M. P. Gallagher, A. O'Connor, and B. Kropp. The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology, March 2002.Google Scholar
- M. R. Garey and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness, chapter 3. W. H. Freeman, 1979. Google ScholarDigital Library
- F. Geerts, B. Goethals, and T. Mielikainen. Tiling databases. In Discovery Science, Lecture Notes in Computer Science, pages 278--289. Springer-Verlag, 2004.Google ScholarCross Ref
- J. Han, J. Pei, and Y. Yin. Mining frequent patterns without candidate generation. In W. Chen, J. Naughton, and P. A. Bernstein, editors, 2000 ACM SIGMOD Intl. Conference on Management of Data, pages 1--12. ACM Press, 05 2000. Google ScholarDigital Library
- D. S. Hochbaum. Approximating clique and biclique problems. J. Algorithms, 29(1):174--200, 1998. Google ScholarDigital Library
- A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Observations on the role life-cycle in the context of enterprise security management. In 7th ACM Symposium on Access Control Models and Technologies, June 2002. Google ScholarDigital Library
- M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In Symposium on Access Control Models and Technologies (SACMAT). ACM, June 2003. Google ScholarDigital Library
- G. Markowsky. Ordering d-classes and computing schein rank is hard. Semi-group Forum, 44:373--375, 1992.Google ScholarCross Ref
- T. Mielikäinen. Intersecting data to closed sets with constraints. In B. Goethals and M. J. Zaki, editors, FIMI, volume 90 of CEUR Workshop Proceedings. CEUR-WS.org, 2003.Google Scholar
- P. Miettinen. The discrete basis problem, master's thesis. Master's thesis, University of Helsinki, 2006.Google Scholar
- P. Miettinen, T. Mielikainen, A. Gionis, G. Das, and H. Mannila. The discrete basis problem. In Knowledge Discovery in Databases: PKDD 2006, Lecture Notes in Artificial Intelligence, pages 335--346, 2006. Google ScholarDigital Library
- N. Mishra, D. Ron, and R. Swaminathan. On finding large conjunctive clusters. In Learning Theory and Kernel Machines: 16th Annual Conference on Learning Theory and 7th Kernel Workshop, COLT/Kernel 2003, volume 2777 of Lecture Notes in Computer Science, pages 448--462. Springer, 2003.Google ScholarCross Ref
- F. Pan, G. Cong, A. K. H. Tung, J. Yang, and M. J. Zaki. Carpenter: finding closed patterns in long biological datasets. In KDD, pages 637--642, 2003. Google ScholarDigital Library
- R. Peeters. The maximum edge biclique problem is np-complete. Discrete Appl. Math., 131(3):651--654, 2003. Google ScholarDigital Library
- R. S. Sandhu et al. Role-based Access Control Models. IEEE Computer, pages 38--47, February 1996. Google ScholarDigital Library
- A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a european bank: A case study and discussion. In Proceedings of ACM Symposium on Access Control Models and Technologies, pages 3--9, May 2001. Google ScholarDigital Library
- J. Schlegelmilch and U. Steffens. Role mining with orca. In Symposium on Access Control Models and Technologies (SACMAT). ACM, June 2005. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and J. Warner. Roleminer: mining roles using subset enumeration. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 144--153, 2006. Google ScholarDigital Library
Index Terms
- The role mining problem: finding a minimal descriptive set of roles
Recommendations
Evaluating role mining algorithms
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologiesWhile many role mining algorithms have been proposed in recent years, there lacks a comprehensive study to compare these algorithms. These role mining algorithms have been evaluated when they were proposed, but the evaluations were using different ...
On the definition of role mining
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologiesThere have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for ...
Role mining with ORCA
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesWith continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need ...
Comments