Role Mining with Missing Values

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.32

Sokratis Vavilis, A. Egner, M. Petkovic, Nicola Zannone

{"title":"Role Mining with Missing Values","authors":"Sokratis Vavilis, A. Egner, M. Petkovic, Nicola Zannone","doi":"10.1109/ARES.2016.32","DOIUrl":null,"url":null,"abstract":"Over the years several organizations are migrating to Role-Based Access Control (RBAC) as a practical solution to regulate access to sensitive information. Role mining has been proposed to automatically extract RBAC policies from the current set of permissions assigned to users. Existing role mining approaches usually require that this set of permissions is retrievable and complete. Such an assumption, however, cannot be met in practice as permissions can be hard-coded in the applications or distributed over several subsystems. In those cases, permissions can be obtained from activity logs recording the actions performed by users. This, however, can provide an incomplete representation of the permissions within the system. Thus, existing role mining solutions are not directly applicable. In this work, we study the problem of role mining with incomplete knowledge. In particular, we investigate approaches for two instances of the role mining problem with missing values. Moreover, we study metrics to properly evaluate the obtained RBAC policies. We validate the investigated approaches using both synthetic and real data.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Over the years several organizations are migrating to Role-Based Access Control (RBAC) as a practical solution to regulate access to sensitive information. Role mining has been proposed to automatically extract RBAC policies from the current set of permissions assigned to users. Existing role mining approaches usually require that this set of permissions is retrievable and complete. Such an assumption, however, cannot be met in practice as permissions can be hard-coded in the applications or distributed over several subsystems. In those cases, permissions can be obtained from activity logs recording the actions performed by users. This, however, can provide an incomplete representation of the permissions within the system. Thus, existing role mining solutions are not directly applicable. In this work, we study the problem of role mining with incomplete knowledge. In particular, we investigate approaches for two instances of the role mining problem with missing values. Moreover, we study metrics to properly evaluate the obtained RBAC policies. We validate the investigated approaches using both synthetic and real data.

查看原文本刊更多论文

缺失值的角色挖掘

多年来，一些组织正在迁移到基于角色的访问控制(RBAC)，作为规范对敏感信息访问的实用解决方案。角色挖掘被提议从分配给用户的当前权限集中自动提取RBAC策略。现有的角色挖掘方法通常要求这组权限是可检索的和完整的。然而，这样的假设在实践中是不可能实现的，因为权限可以在应用程序中硬编码或分布在多个子系统上。在这些情况下，可以从记录用户执行的操作的活动日志中获得权限。然而，这可能会提供系统内权限的不完整表示。因此，现有的角色挖掘解决方案并不直接适用。在这项工作中，我们研究了不完全知识的角色挖掘问题。特别地，我们研究了两个具有缺失值的角色挖掘问题的实例的方法。此外，我们还研究了适当评估获得的RBAC策略的指标。我们用合成数据和实际数据验证了所研究的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量