Enabling Workforce Optimization in Constrained Attribute-Based Access Control Systems
Autor: | Arindam Roy, Vijay Atluri, Shamik Sural, Jaideep Vaidya, Arun Majumdar |
---|---|
Rok vydání: | 2021 |
Předmět: |
ComputingMilieux_THECOMPUTINGPROFESSION
Operations research business.industry Separation of duties Computer science Access control Human capital Article Computer Science Applications Human-Computer Interaction Work (electrical) Workforce Computer Science (miscellaneous) Key (cryptography) Information system business Set (psychology) Information Systems |
Zdroj: | IEEE Trans Emerg Top Comput |
ISSN: | 2376-4562 |
DOI: | 10.1109/tetc.2019.2944787 |
Popis: | Effective utilization of human capital is one of the key requirements for any successful business endeavor, with reorganization necessary if there are nonproductive employees or employees that are retiring. However, while reorganizing tasks for newer employees, it should be ensured that the employees have the requisite capabilities of handling the assigned tasks. Furthermore, security constraints forbid any arbitrary assignment of tasks to employees and also enforce major dependencies on other employees who have access to the same tasks. Since Attribute Based Access Control (ABAC) is poised to emerge as the de facto model for specifying access control policies in commercial information systems, we consider organizational policies and constraints to be modeled with ABAC. Given the increasing size and scale of organizations, both in terms of employees and resources that need to be managed, it is crucial that computational solutions are developed to automate the process of employee to task assignment. In this work, we define the Employee Replacement Problem (ERP) which answers the question of whether a given set of employees can be replaced by a smaller set of employees, while ensuring that the desired security constraints are not violated. We prove that the problem is NP-hard and use CNF-SAT to obtain a solution. An extensive experimental evaluation is carried out on diverse data sets to validate the efficiency of the proposed solution. |
Databáze: | OpenAIRE |
Externí odkaz: |