A cost-driven approach to role engineering

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello

Research output: Chapter in Book/Report/Conference proceedingConference contribution

68 Scopus citations

Abstract

In recent years role-based access control (RBAC) has been spreading within organizations. However, companies still have considerable difficulty migrating to this model, due to the complexity involved in identifying a set of roles fitting the real needs of the company. All the various role engineering methods proposed thus far lack a metric for measuring the "quality" of candidate roles produced. This paper proposes a new approach guided by a cost-based metric, where "cost" represents the effort to administer the resulting RBAC. Further, we propose RBAM (Role-Based Association-rule Mining), an algorithm leveraging the cost metric to find candidate role-sets with the lowest possible administration cost. For a specific parameter set, RBAM behaves as already existing role mining algorithms and is, worst case, NP-complete. Yet, we will provide several examples showing the sensibility of assumptions made by the algorithm. Further, application of the algorithm to real data will highlight the improvements over current solutions. Finally, we comment on the direction of future research. Copyright 2008 ACM.
Original languageEnglish (US)
Title of host publicationProceedings of the ACM Symposium on Applied Computing
Pages2129-2136
Number of pages8
DOIs
StatePublished - Dec 1 2008
Externally publishedYes

Fingerprint

Dive into the research topics of 'A cost-driven approach to role engineering'. Together they form a unique fingerprint.

Cite this