{"title":"Constraint-enhanced role engineering via answer set programming","authors":"Jinwei Hu, K. Khan, Y. Bai, Yan Zhang","doi":"10.1145/2414456.2414499","DOIUrl":null,"url":null,"abstract":"Role engineering (RE) aims to develop and maintain appropriate role-based access control (RBAC) configurations. However, RE with constraints in place is not well-studied. Constraints usually describe organizations' security and business requirements. An inconsistency between configurations and constraints compromises security and availability, as it may authorize otherwise forbidden access and deprive users of due privileges. In this paper, we apply answer set programming (ASP) to discover RBAC configurations that comply with constraints and meet various optimization objectives. We first formulate the need of supporting constraints as a problem independent of and complementary to existing RE problems. We then present a flexible framework for translating the proposed problem to ASP programs. In this way, the problem can be addressed via ASP solvers. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414499","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Role engineering (RE) aims to develop and maintain appropriate role-based access control (RBAC) configurations. However, RE with constraints in place is not well-studied. Constraints usually describe organizations' security and business requirements. An inconsistency between configurations and constraints compromises security and availability, as it may authorize otherwise forbidden access and deprive users of due privileges. In this paper, we apply answer set programming (ASP) to discover RBAC configurations that comply with constraints and meet various optimization objectives. We first formulate the need of supporting constraints as a problem independent of and complementary to existing RE problems. We then present a flexible framework for translating the proposed problem to ASP programs. In this way, the problem can be addressed via ASP solvers. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.