Mining parameterized role-based policies

Zhongyuan Xu, S. Stoller
{"title":"Mining parameterized role-based policies","authors":"Zhongyuan Xu, S. Stoller","doi":"10.1145/2435349.2435384","DOIUrl":null,"url":null,"abstract":"Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) framework in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and reports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the third ACM conference on Data and application security and privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2435349.2435384","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19

Abstract

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) framework in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and reports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.
挖掘基于参数化角色的策略
基于角色的访问控制(RBAC)与低级访问控制策略表示(如访问控制列表(acl))相比具有显著的优势。然而,大型组织从acl迁移到RBAC所需的努力可能是采用RBAC的一个重大障碍。角色挖掘算法部分地自动化了从ACL策略和可能的其他信息构建RBAC策略的过程。这些算法可以显著降低迁移到RBAC的成本。本文定义了一个参数化RBAC (PRBAC)框架,其中用户和权限具有作为角色隐含参数的属性,可用于角色定义。通过允许更简洁的策略,参数化显著增强了RBAC的可伸缩性。本文提出了挖掘此类策略的算法,并报告了案例研究中评估算法的结果。据我们所知,这些是PRBAC框架的第一个策略挖掘算法。对三个小但不平凡的案例研究的评估证明了我们的算法的有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信