Skip to main content
SpringerLink
Log in

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

  • Conference paper
  • First Online:
Information Systems Security and Privacy (ICISSP 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 576))

Included in the following conference series:

Abstract

Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports.

  2. 2.

    http://dl.acm.org/.

  3. 3.

    http://www.dblp.org/search/index.php.

  4. 4.

    http://www.computer.org/.

  5. 5.

    http://scholar.google.com/.

  6. 6.

    http://www.efqm.org/.

References

  1. Agrawal, R., Imieliński, T., Swami, A.: Mining association rules between sets of items in large databases. In: SIGMOD Record. vol. 22, pp. 207–216. ACM (1993)

    Google Scholar 

  2. Basel Comittee on Banking Supervisions: Basel III: Int. framework for liquidity risk measurement, standards and monitoring (2010)

    Google Scholar 

  3. Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of the 2010 Symposium on Applied Computing (SAC). ACM (2010)

    Google Scholar 

  4. Blundo, C., Cimato, S.: Constrained role mining. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 289–304. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Chu, V.W., Wong, R.K., Chi, C.H.: Over-fitting and error detection for online role mining. Int. J. Web Serv. Res. 9(4), 1–23 (2012)

    Article  Google Scholar 

  6. Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proceedings of the 2008 Symposium on Applied Computing (SAC). ACM (2008)

    Google Scholar 

  7. Colantonio, A., Di Pietro, R., Ocello, A.: Leveraging lattices to improve role mining. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) Proceedings of The Ifip Tc 11 23rd International Information Security Conference, vol. 278, pp. 333–347. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: A probabilistic bound on the basic role mining problem and its applications. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 376–386. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  9. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Taming role mining complexity in rbac. Comput. Secur. 29(5), 548–564 (2010)

    Article  Google Scholar 

  10. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Visual role mining: a picture is worth a thousand roles. IEEE Trans. Knowl. Data Eng. 24(6), 1120–1133 (2012)

    Article  Google Scholar 

  11. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th Symposium on Access Control Models and Technologies (SACMAT). ACM (2008)

    Google Scholar 

  12. Eucharista, A., Haribaskar, K.: Visual elicitation of roles: using a hybrid approach. Orient. J. Comput. Sci. Technol. 6(1), 103–110 (2013)

    Google Scholar 

  13. European Union: General data protection regulation (2012)

    Google Scholar 

  14. Frank, M., Basin, D., Buhmann, J.M.: A class of probabilistic models for role engineering. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS). ACM (2008)

    Google Scholar 

  15. Frank, M., Buhman, J.M., Basin, D.: Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 15:1–15:28 (2013)

    Article  Google Scholar 

  16. Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: A probabilistic approach to hybrid role mining. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pp. 101–111. ACM (2009)

    Google Scholar 

  17. Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: Multi-assignment clustering for boolean data. J. Mach. Learn. Res. 13(1), 459–489 (2012)

    MATH  MathSciNet  Google Scholar 

  18. Fuchs, L., Kunz, M., Pernul, G.: Role model optimization for secure role-based identity management. In: Proceedings of the 22nd European Conference on Information Systems (ECIS) (2014)

    Google Scholar 

  19. Fuchs, L., Meier, S.: The role mining process model - underlining the need for a comprehensive research perspective. In: Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES). IEEE (2011)

    Google Scholar 

  20. Fuchs, L., Müller, C.: Automating periodic role-checks: a tool-based approach. In: Business Services: Konzepte, Technologien, Anwendungen: 9. Int. Tagung Wirtschaftsinformatik (WI), vol. 246. OCG, Wien (2009)

    Google Scholar 

  21. Fuchs, L., Pernul, G., Sandhu, R.: Roles in information security-a survey and classification of the research area. Comput. Secur. 30(8), 748–769 (2011)

    Article  Google Scholar 

  22. Gal-Oz, N., Gonen, Y., Yahalom, R., Gudes, E., Rozenberg, B., Shmueli, E.: Mining roles from web application usage patterns. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 125–137. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Giblin, C., Graf, M., Karjoth, G., Wespi, A., Molloy, I., Lobo, J., Calo, S.B.: Towards an integrated approach to role engineering. In: SafeConfig, pp. 63–70. ACM (2010)

    Google Scholar 

  24. Guo, Q., Vaidya, J., Atluri, V.: The role hierarchy mining problem: discovery of optimal role hierarchies. In: Proceedings of the 24th Computer Security Applications Conference (ACSAC). IEEE (2008)

    Google Scholar 

  25. Han, D.J., Zhuo, H.K., Xia, L.T., Li, L.: Permission and role automatic assigning of user in role-based access control. J. Central South Univ. 19, 1049–1056 (2012)

    Article  Google Scholar 

  26. Hingankar, M., Sural, S.: Towards role mining with restricted user-role assignment. In: 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless VITAE) (2011)

    Google Scholar 

  27. Huang, C., Sun, J.I., Wang, X.Y., Si, Y.J.: Minimal role mining method for web service composition. J. Zhejiang Univ. SCIENCE C 11(5), 328–339 (2010)

    Article  Google Scholar 

  28. Huang, H., Shang, F., Zhang, J.: Approximation algorithms for minimizing the number of roles and administrative assignments in rbac. In: Proceedings of the 36th Annual Computer Software and Applications Conference Workshops (COMPSAC). IEEE (2012)

    Google Scholar 

  29. Jafari, M., Chinaei, A., Barker, K., Fathian, M.: Role mining in access history logs. J. Inf. Assur. Secur. 38 (2009)

    Google Scholar 

  30. John, J.C., Sural, S., Atluri, V., Vaidya, J.S.: Role mining under role-usage cardinality constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 150–161. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  31. Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  32. Levy, Y., Ellis, T.J.: A systems approach to conduct an effective literature review in support of information systems research. Informing Sci. J. 9, 181–212 (2006)

    Google Scholar 

  33. Li, R., Wang, W., Ma, X., Gu, X., Wen, K.: Mining roles using attributes of permissions. Int. J. Innovative Comput. Inf. Control 8(11), 7909–7924 (2012)

    Google Scholar 

  34. Lu, H., Hong, Y., Yang, Y., Duan, L., Badar, N.: Towards user-oriented RBAC model. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 81–96. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  35. Lu, H., Vaidya, J., Atluri, V.: Optimal boolean matrix decomposition: application to role engineering. In: Proceedings of the 24th IEEE International Conference on Data Engineering (ICDE). IEEE (2008)

    Google Scholar 

  36. Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. IEEE Trans. Dependable Secure Comput. (TDSC) 9(5), 655–669 (2012)

    Google Scholar 

  37. Ma, X., Li, R., Lu, Z.: Role mining based on weights. In: Proceedings of the 15th Symposium on Access Control Models and Technologies (SACMAT). ACM (2010)

    Google Scholar 

  38. Ma, X., Li, R., Lu, Z., Wang, W.: Mining constraints in role-based access control. Math. Comput. Model. 55(1), 87–96 (2012)

    Article  Google Scholar 

  39. Ma, X., Tian, Y., Zhao, L., Li, R.: Mining role based on ranks. Int. J. Res. Surv. ICIC Express Lett. Part B Appl. 4(2), 319–326 (2013)

    Google Scholar 

  40. Mandala, S., Vukovic, M., Laredo, J., Ruan, Y., Hernandez, M.: Hybrid role mining for security service solution. In: Proceedings of the 9th International Conference on Services Computing (SCC). IEEE (2012)

    Google Scholar 

  41. Mitra, B., Sural, S., Atluri, V., Vaidya, J.: Toward mining of temporal roles. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 65–80. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  42. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th Symposium on Access Control Models and Technologies (SACMAT). ACM (2008)

    Google Scholar 

  43. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. In: ACM Transactions on Information and System Security (TISSEC). ACM (2010)

    Google Scholar 

  44. Molloy, I., Park, Y., Chari, S.: Generative models for access control policies: applications to role mining over logs with attribution. In: Proceedings of the 17th Symposium on Access Control Models and Technologies (SACMAT). ACM (2012)

    Google Scholar 

  45. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  46. Schlegelmilch, J., Steffens, U.: Role mining with orca. In: Proceedings of the 10th Symposium on Access Control Models and Technologies (SACMAT). ACM (2005)

    Google Scholar 

  47. SOX: Sarbanes-oxley act of 2002, pp. 107–204, 116 stat 745 (July 2002)

    Google Scholar 

  48. Takabi, H., Joshi, J.B.: Stateminer: An efficient similarity-based approach for optimal mining of role hierarchy. In: Proceedings of the 15th Symposium on Access Control Models and Technologies (SACMAT). ACM (2010)

    Google Scholar 

  49. Uzun, E., Atluri, V., Lu, H., Vaidya, J.: An optimization model for the extended role mining problem. In: Li, Y. (ed.) DBSec. LNCS, vol. 6818, pp. 76–89. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  50. Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2010)

    Article  Google Scholar 

  51. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proceedings of the 12th Symposium on Access Control models and Technologies (SACMAT). ACM (2007)

    Google Scholar 

  52. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: a formal perspective. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 27 (2010)

    Article  Google Scholar 

  53. Vaidya, J., Atluri, V., Warner, J.: Roleminer: mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS). ACM (2006)

    Google Scholar 

  54. Wang, J., Zeng, C., He, C., Hong, L., Zhou, L., Wong, R.K., Tian, J.: Context-aware role mining for mobile service recommendation. In: Proceedings of the 27th Annual Symposium on Applied Computing (SAC). ACM (2012)

    Google Scholar 

  55. Wong, R.K., Chu, V.W., Hao, T., Wang, J.: Context-aware service recommendation for moving connected devices. In: Proceedings of the International Conference on Connected Vehicles and Expo (ICCVE) (2012)

    Google Scholar 

  56. Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th Symposium on Access Control Models and Technologies (SACMAT). ACM (2012)

    Google Scholar 

  57. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from rbac policies. In: Proceedings of the 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT). IEEE (2013)

    Google Scholar 

  58. Xu, Z., Stoller, S.D.: Mining parameterized role-based policies. In: Proceedings of the 3d ACM Conference on Data and Application Security and Privacy (CODASPY). ACM (2013)

    Google Scholar 

  59. Ye, W., Li, R., Li, H.: Role mining using boolean matrix decomposition with hierarchy. In: Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2013)

    Google Scholar 

  60. Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of the 12th Symposium on Access Control Models and Technologies (SACMAT). ACM (2007)

    Google Scholar 

  61. Zhang, D., Ramamohanarao, K., Ebringer, T., Yann, T.: Permission set mining: Discovering practical and useful roles. In: Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC). IEEE (2008)

    Google Scholar 

  62. Zhang, W., Chen, Y., Gunter, C., Liebovitz, D., Malin, B.: Evolving role definitions through permission invocation patterns. In: Proceedings of the 18th Symposium on Access Control Models and Technologies (SACMAT). ACM (2013)

    Google Scholar 

  63. Zhang, X., Han, W., Fang, Z., Yin, Y., Mustafa, H.: Role mining algorithm evaluation and improvement in large volume android applications. In: Proceedings of the 1st International Workshop on Security in Embedded Systems and Smartphones (SESP). ACM (2013)

    Google Scholar 

  64. Zhu, H., Zhou, M.: Roles in information systems: a survey. IEEE Trans. Syst. Man Cybern. (SMC) 38(3), 377–396 (2008)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

The research leading to these results was supported by the “Bavarian State Ministry of Education, Science and the Arts” as part of the FORSEC research association. This work would not have been possible without our student Christian Wawarta.

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Regensburg, Regensburg, Germany

    Michael Kunz & Günther Pernul

  2. Nexis Gmbh, Regensburg, Germany

    Ludwig Fuchs & Michael Netter

Authors
  1. Michael Kunz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ludwig Fuchs
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Netter
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Kunz .

Editor information

Editors and Affiliations

  1. MODESTE/ESEO, Angers, France

    Olivier Camp

  2. SBA Research, Wien, Austria

    Edgar Weippl

  3. Supélec, Cesson, France

    Christophe Bidan

  4. Université de Montréal, Montreal, Québec, Canada

    Esma Aïmeur

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kunz, M., Fuchs, L., Netter, M., Pernul, G. (2015). How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27668-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27667-0

  • Online ISBN: 978-3-319-27668-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation