ABSTRACT
Role engineering is one of the fundamental phases for migrating existing enterprises to Role Based Access Control. In organisations with a large number of users and permissions, this task can be time consuming and costly if a top down approach is used. Existing bottom up approaches are not sufficient in producing a comprehensive set of roles for hierarchical Role Based Access Control. In this research, we propose a predominately bottom up approach that uses Graph Optimisation to identify appropriate role hierarchies. Additional partial role specifications can be incorporated to produce a hybrid approach. Using rules that reduce administration requirements, roles and their hierarchies are automatically extracted from large numbers of permission assignments. The results of the Graph Optimisation approach are hierarchical Role Based Access Control infrastructures that offer improved access control administration for the system.
- E. J. Coyne. Role engineering. In RBAC '95: Proceedings of the first ACM Workshop on Role-based access control, pages 4--5, New York, NY, USA, 1995. ACM Press. Google ScholarDigital Library
- E. B. Fernandez and J. C. Hawkins. Determining role rights from use cases. In RBAC '97: Proceedings of the second ACM workshop on Role-based access control, pages 121--125, New York, NY, USA, 1997. ACM Press. Google ScholarDigital Library
- D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224--274, 2001. Google ScholarDigital Library
- A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Observations on the role life-cycle in the context of enterprise security management. In SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies, pages 43--51, New York, NY, USA, 2002. ACM Press. Google ScholarDigital Library
- M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies, pages 179--186, New York, NY, USA, 2003. ACM Press. Google ScholarDigital Library
- G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In SACMAT'02: Proceedings of the seventh ACM symposium on Access control models and technologies, pages 33--42, New York, NY, USA, 2002. ACM Press. Google ScholarDigital Library
- H. Roeckle, G. Schimpf, and R. Weidinger. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In RBAC'00: Proceedings of the fifth ACM workshop on Role-based access control, pages 103--110, New York, NY, USA, 2000. ACM Press. Google ScholarDigital Library
- G. Saunders, M. Hitchens, and V. Varadharajan. Role-based access control and the access control matrix. SIGOPS Operating Systems Review, 35(4):6--20, 2001. Google ScholarDigital Library
- J. Schlegelmilch and U. Steffens. Role mining with ORCA. In SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies, pages 168--176, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and J. Warner. Roleminer: Mining roles using subset enumeration. In CCS '06: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, 2006. ACM Press. Google ScholarDigital Library
Index Terms
- Role engineering using graph optimisation
Recommendations
Role mining with ORCA
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesWith continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need ...
Role Engineering via Prioritized Subset Enumeration
Today, role-based access control (RBAC) has become a well-accepted paradigm for implementing access control because of its convenience and ease of administration. However, in order to realize the full benefits of the RBAC paradigm, one must first define ...
A role-based infrastructure management system: design and implementation: Research Articles
Computer SecurityOver the last decade there has been a tremendous advance in the theory and practice of role-based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than ...
Comments