TY - GEN
T1 - A cost-driven approach to role engineering
AU - Colantonio, Alessandro
AU - Di Pietro, Roberto
AU - Ocello, Alberto
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2008/12/1
Y1 - 2008/12/1
N2 - In recent years role-based access control (RBAC) has been spreading within organizations. However, companies still have considerable difficulty migrating to this model, due to the complexity involved in identifying a set of roles fitting the real needs of the company. All the various role engineering methods proposed thus far lack a metric for measuring the "quality" of candidate roles produced. This paper proposes a new approach guided by a cost-based metric, where "cost" represents the effort to administer the resulting RBAC. Further, we propose RBAM (Role-Based Association-rule Mining), an algorithm leveraging the cost metric to find candidate role-sets with the lowest possible administration cost. For a specific parameter set, RBAM behaves as already existing role mining algorithms and is, worst case, NP-complete. Yet, we will provide several examples showing the sensibility of assumptions made by the algorithm. Further, application of the algorithm to real data will highlight the improvements over current solutions. Finally, we comment on the direction of future research. Copyright 2008 ACM.
AB - In recent years role-based access control (RBAC) has been spreading within organizations. However, companies still have considerable difficulty migrating to this model, due to the complexity involved in identifying a set of roles fitting the real needs of the company. All the various role engineering methods proposed thus far lack a metric for measuring the "quality" of candidate roles produced. This paper proposes a new approach guided by a cost-based metric, where "cost" represents the effort to administer the resulting RBAC. Further, we propose RBAM (Role-Based Association-rule Mining), an algorithm leveraging the cost metric to find candidate role-sets with the lowest possible administration cost. For a specific parameter set, RBAM behaves as already existing role mining algorithms and is, worst case, NP-complete. Yet, we will provide several examples showing the sensibility of assumptions made by the algorithm. Further, application of the algorithm to real data will highlight the improvements over current solutions. Finally, we comment on the direction of future research. Copyright 2008 ACM.
UR - https://dl.acm.org/doi/10.1145/1363686.1364198
UR - http://www.scopus.com/inward/record.url?scp=48249141905&partnerID=8YFLogxK
U2 - 10.1145/1363686.1364198
DO - 10.1145/1363686.1364198
M3 - Conference contribution
SN - 9781595937537
SP - 2129
EP - 2136
BT - Proceedings of the ACM Symposium on Applied Computing
ER -