Data di Pubblicazione:
2023
Citazione:
Role mining under User-Distribution cardinality constraint / C. Blundo, S. Cimato. - In: JOURNAL OF INFORMATION SECURITY AND APPLICATIONS. - ISSN 2214-2126. - 78:(2023), pp. 103611.1-103611.13. [10.1016/j.jisa.2023.103611]
Abstract:
Role-based access control (RBAC) defines the methods complex organizations use to assign their users permis-
sions for accessing restricted resources. RBAC assigns users to roles, where roles determine the resources each
user can access. The definition of roles, especially when there is a large number of users and many resources
to handle, can be a very difficult and time consuming task. The class of tools and methodologies to elicit roles
starting from existing user-permission assignments are referred to as role mining. Sometimes, to let the RBAC
model be directly deployable in organizations, role mining can also take into account various constraints, like car-
dinality and separation of duty. Typically, these constraints are enforced to ease roles’ management and their use
is justified as role administration becomes convenient. In this paper, we focus on the User-Distribution cardinality
constraint which places a restriction the number of users that can be assigned to a given role. In this scenario, we
present a simple heuristic that improves over the state-of-the-art. Furthermore, to address a more realistic situation,
we provide the User-Distribution model with the additional constraint that avoids the generation of roles sharing
identical set of permissions. Similarly, within this context, we describe a heuristic enabling the computation of a
solution in the new model. Additionally, we assess both heuristics’ performances using real-world datasets.
Tipologia IRIS:
01 - Articolo su periodico
Keywords:
Access control; Constrained role mining; Heuristics; RBAC
Elenco autori:
C. Blundo, S. Cimato
Link alla scheda completa:
Link al Full Text: