Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Data and Applications Security
Guest editors: Lingyu Wang and Basit Shafiq
Article type: Research Article
Authors: Lu, Haibinga; * | Hong, Yuanb | Yang, Yanjiangc | Duan, Liand | Badar, Naziae
Affiliations: [a] Santa Clara University, Santa Clara, CA, USA. E-mail: hlu@scu.edu | [b] University at Albany – SUNY, Albany, NY, USA. E-mail: hong@albany.edu | [c] Institute for Infocomm Research, Singapore. E-mail: yyang@i2r.a-star.edu.sg | [d] New Jersey Institute of Technology, Newark, NJ, USA. E-mail: lian.duan@njit.edu | [e] Rutgers University, Newark, NJ, USA. E-mail: nbadar@scarletmail.rutgers.edu
Correspondence: [*] Corresponding author. E-mail: hlu@scu.edu.
Abstract: Role mining is to define a role set to implement the role-based access control (RBAC) system and regarded as one of the most important and costliest implementation phases. While various role mining models have been proposed, we find that user experience/perception – one ultimate goal for any information system – is surprisingly ignored by the existing works. One advantage of RBAC is to support multiple role assignments and allow a user to activate the necessary role to perform the tasks at each session. However, frequent role activating and deactivating can be a tendinous thing from the user perspective. A user-friendly RBAC system is expected to assign few roles to every user. So in this paper we propose to incorporate to the role mining process a user-role assignment constraint that mandates the maximum number of roles each user can have. Under this rationale, we formulate user-oriented role mining as the user role mining problem, where all users have the same maximal role assignments, the personalized role mining problem, where users can have different maximal role assignments, and the approximate versions of the two problems, which tolerate a certain amount of deviation from the complete reconstruction. The extra constraint on the maximal role assignments poses a great challenge to role mining, which in general is already a hard problem. We examine some typical existing role mining methods to see their applicability to our problems. In light of their insufficiency, we present a new algorithm, which is based on a novel dynamic candidate role generation strategy, tailored to our problems. Experiments on benchmark data sets demonstrate the effectiveness of our proposed algorithm.
Keywords: Role-based access control, role mining, user-oriented, optimization, heuristic algorithm
DOI: 10.3233/JCS-140519
Journal: Journal of Computer Security, vol. 23, no. 1, pp. 107-129, 2015
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl