Abstract
Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, R., Imieliński, T., Swami, A.: Mining association rules between sets of items in large databases. In: SIGMOD Record. vol. 22, pp. 207–216. ACM (1993)
Basel Comittee on Banking Supervisions: Basel III: Int. framework for liquidity risk measurement, standards and monitoring (2010)
Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of the 2010 Symposium on Applied Computing (SAC). ACM (2010)
Blundo, C., Cimato, S.: Constrained role mining. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 289–304. Springer, Heidelberg (2013)
Chu, V.W., Wong, R.K., Chi, C.H.: Over-fitting and error detection for online role mining. Int. J. Web Serv. Res. 9(4), 1–23 (2012)
Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proceedings of the 2008 Symposium on Applied Computing (SAC). ACM (2008)
Colantonio, A., Di Pietro, R., Ocello, A.: Leveraging lattices to improve role mining. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) Proceedings of The Ifip Tc 11 23rd International Information Security Conference, vol. 278, pp. 333–347. Springer, Heidelberg (2008)
Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: A probabilistic bound on the basic role mining problem and its applications. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 376–386. Springer, Heidelberg (2009)
Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Taming role mining complexity in rbac. Comput. Secur. 29(5), 548–564 (2010)
Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Visual role mining: a picture is worth a thousand roles. IEEE Trans. Knowl. Data Eng. 24(6), 1120–1133 (2012)
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th Symposium on Access Control Models and Technologies (SACMAT). ACM (2008)
Eucharista, A., Haribaskar, K.: Visual elicitation of roles: using a hybrid approach. Orient. J. Comput. Sci. Technol. 6(1), 103–110 (2013)
European Union: General data protection regulation (2012)
Frank, M., Basin, D., Buhmann, J.M.: A class of probabilistic models for role engineering. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS). ACM (2008)
Frank, M., Buhman, J.M., Basin, D.: Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 15:1–15:28 (2013)
Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: A probabilistic approach to hybrid role mining. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pp. 101–111. ACM (2009)
Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: Multi-assignment clustering for boolean data. J. Mach. Learn. Res. 13(1), 459–489 (2012)
Fuchs, L., Kunz, M., Pernul, G.: Role model optimization for secure role-based identity management. In: Proceedings of the 22nd European Conference on Information Systems (ECIS) (2014)
Fuchs, L., Meier, S.: The role mining process model - underlining the need for a comprehensive research perspective. In: Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES). IEEE (2011)
Fuchs, L., Müller, C.: Automating periodic role-checks: a tool-based approach. In: Business Services: Konzepte, Technologien, Anwendungen: 9. Int. Tagung Wirtschaftsinformatik (WI), vol. 246. OCG, Wien (2009)
Fuchs, L., Pernul, G., Sandhu, R.: Roles in information security-a survey and classification of the research area. Comput. Secur. 30(8), 748–769 (2011)
Gal-Oz, N., Gonen, Y., Yahalom, R., Gudes, E., Rozenberg, B., Shmueli, E.: Mining roles from web application usage patterns. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 125–137. Springer, Heidelberg (2011)
Giblin, C., Graf, M., Karjoth, G., Wespi, A., Molloy, I., Lobo, J., Calo, S.B.: Towards an integrated approach to role engineering. In: SafeConfig, pp. 63–70. ACM (2010)
Guo, Q., Vaidya, J., Atluri, V.: The role hierarchy mining problem: discovery of optimal role hierarchies. In: Proceedings of the 24th Computer Security Applications Conference (ACSAC). IEEE (2008)
Han, D.J., Zhuo, H.K., Xia, L.T., Li, L.: Permission and role automatic assigning of user in role-based access control. J. Central South Univ. 19, 1049–1056 (2012)
Hingankar, M., Sural, S.: Towards role mining with restricted user-role assignment. In: 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless VITAE) (2011)
Huang, C., Sun, J.I., Wang, X.Y., Si, Y.J.: Minimal role mining method for web service composition. J. Zhejiang Univ. SCIENCE C 11(5), 328–339 (2010)
Huang, H., Shang, F., Zhang, J.: Approximation algorithms for minimizing the number of roles and administrative assignments in rbac. In: Proceedings of the 36th Annual Computer Software and Applications Conference Workshops (COMPSAC). IEEE (2012)
Jafari, M., Chinaei, A., Barker, K., Fathian, M.: Role mining in access history logs. J. Inf. Assur. Secur. 38 (2009)
John, J.C., Sural, S., Atluri, V., Vaidya, J.S.: Role mining under role-usage cardinality constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 150–161. Springer, Heidelberg (2012)
Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 171–185. Springer, Heidelberg (2010)
Levy, Y., Ellis, T.J.: A systems approach to conduct an effective literature review in support of information systems research. Informing Sci. J. 9, 181–212 (2006)
Li, R., Wang, W., Ma, X., Gu, X., Wen, K.: Mining roles using attributes of permissions. Int. J. Innovative Comput. Inf. Control 8(11), 7909–7924 (2012)
Lu, H., Hong, Y., Yang, Y., Duan, L., Badar, N.: Towards user-oriented RBAC model. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 81–96. Springer, Heidelberg (2013)
Lu, H., Vaidya, J., Atluri, V.: Optimal boolean matrix decomposition: application to role engineering. In: Proceedings of the 24th IEEE International Conference on Data Engineering (ICDE). IEEE (2008)
Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. IEEE Trans. Dependable Secure Comput. (TDSC) 9(5), 655–669 (2012)
Ma, X., Li, R., Lu, Z.: Role mining based on weights. In: Proceedings of the 15th Symposium on Access Control Models and Technologies (SACMAT). ACM (2010)
Ma, X., Li, R., Lu, Z., Wang, W.: Mining constraints in role-based access control. Math. Comput. Model. 55(1), 87–96 (2012)
Ma, X., Tian, Y., Zhao, L., Li, R.: Mining role based on ranks. Int. J. Res. Surv. ICIC Express Lett. Part B Appl. 4(2), 319–326 (2013)
Mandala, S., Vukovic, M., Laredo, J., Ruan, Y., Hernandez, M.: Hybrid role mining for security service solution. In: Proceedings of the 9th International Conference on Services Computing (SCC). IEEE (2012)
Mitra, B., Sural, S., Atluri, V., Vaidya, J.: Toward mining of temporal roles. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 65–80. Springer, Heidelberg (2013)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th Symposium on Access Control Models and Technologies (SACMAT). ACM (2008)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. In: ACM Transactions on Information and System Security (TISSEC). ACM (2010)
Molloy, I., Park, Y., Chari, S.: Generative models for access control policies: applications to role mining over logs with attribution. In: Proceedings of the 17th Symposium on Access Control Models and Technologies (SACMAT). ACM (2012)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Schlegelmilch, J., Steffens, U.: Role mining with orca. In: Proceedings of the 10th Symposium on Access Control Models and Technologies (SACMAT). ACM (2005)
SOX: Sarbanes-oxley act of 2002, pp. 107–204, 116 stat 745 (July 2002)
Takabi, H., Joshi, J.B.: Stateminer: An efficient similarity-based approach for optimal mining of role hierarchy. In: Proceedings of the 15th Symposium on Access Control Models and Technologies (SACMAT). ACM (2010)
Uzun, E., Atluri, V., Lu, H., Vaidya, J.: An optimization model for the extended role mining problem. In: Li, Y. (ed.) DBSec. LNCS, vol. 6818, pp. 76–89. Springer, Heidelberg (2011)
Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2010)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proceedings of the 12th Symposium on Access Control models and Technologies (SACMAT). ACM (2007)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: a formal perspective. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 27 (2010)
Vaidya, J., Atluri, V., Warner, J.: Roleminer: mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS). ACM (2006)
Wang, J., Zeng, C., He, C., Hong, L., Zhou, L., Wong, R.K., Tian, J.: Context-aware role mining for mobile service recommendation. In: Proceedings of the 27th Annual Symposium on Applied Computing (SAC). ACM (2012)
Wong, R.K., Chu, V.W., Hao, T., Wang, J.: Context-aware service recommendation for moving connected devices. In: Proceedings of the International Conference on Connected Vehicles and Expo (ICCVE) (2012)
Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th Symposium on Access Control Models and Technologies (SACMAT). ACM (2012)
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from rbac policies. In: Proceedings of the 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT). IEEE (2013)
Xu, Z., Stoller, S.D.: Mining parameterized role-based policies. In: Proceedings of the 3d ACM Conference on Data and Application Security and Privacy (CODASPY). ACM (2013)
Ye, W., Li, R., Li, H.: Role mining using boolean matrix decomposition with hierarchy. In: Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2013)
Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of the 12th Symposium on Access Control Models and Technologies (SACMAT). ACM (2007)
Zhang, D., Ramamohanarao, K., Ebringer, T., Yann, T.: Permission set mining: Discovering practical and useful roles. In: Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC). IEEE (2008)
Zhang, W., Chen, Y., Gunter, C., Liebovitz, D., Malin, B.: Evolving role definitions through permission invocation patterns. In: Proceedings of the 18th Symposium on Access Control Models and Technologies (SACMAT). ACM (2013)
Zhang, X., Han, W., Fang, Z., Yin, Y., Mustafa, H.: Role mining algorithm evaluation and improvement in large volume android applications. In: Proceedings of the 1st International Workshop on Security in Embedded Systems and Smartphones (SESP). ACM (2013)
Zhu, H., Zhou, M.: Roles in information systems: a survey. IEEE Trans. Syst. Man Cybern. (SMC) 38(3), 377–396 (2008)
Acknowledgements
The research leading to these results was supported by the “Bavarian State Ministry of Education, Science and the Arts” as part of the FORSEC research association. This work would not have been possible without our student Christian Wawarta.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kunz, M., Fuchs, L., Netter, M., Pernul, G. (2015). How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-27668-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)