Role Mining Heuristics for Permission-Role-Usage Cardinality Constraints
Autor: | Stelvio Cimato, Luisa Siniscalchi, Carlo Blundo |
---|---|
Rok vydání: | 2021 |
Předmět: |
Theoretical computer science
RBAC General Computer Science Computer science access control heuristics 02 engineering and technology Permission constrained role mining 020204 information systems 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Cardinality (SQL statements) Heuristics |
Zdroj: | Blundo, C, Cimato, S & Siniscalchi, L 2022, ' Role Mining Heuristics for Permission-Role-Usage Cardinality Constraints ', Computer Journal, vol. 65, no. 6, pp. 1386-1411 . https://doi.org/10.1093/comjnl/bxaa186 |
ISSN: | 1460-2067 0010-4620 |
DOI: | 10.1093/comjnl/bxaa186 |
Popis: | Role-based access control (RBAC) has become a de facto standard to control access to restricted resources in complex systems and is widely deployed in many commercially available applications, including operating systems, databases and other softwares. The migration process towards RBAC, starting from the current access configuration, relies on the design of role mining techniques, whose aim is to define suitable roles that implement the given access policies. Some constraints can be used to transform the roles automatically output by the mining procedures and effectively capture the organization’s status under analysis. Such constraints can limit the final configuration characteristics, such as the number of roles assigned to a user, or the number of permissions included in a role, and produce a resulting role set that is effectively usable in real-world situations. In this paper, we consider two constraints: the number of permissions a role can include and the number of roles assigned to any user. In particular, we present two heuristics that produce roles compliant with both constraints and evaluate their performances using both real-world and synthetic datasets. |
Databáze: | OpenAIRE |
Externí odkaz: |