TY - GEN
T1 - A formal framework to elicit roles with business meaning in RBAC systems
AU - Colantonio, Alessandro
AU - Di Pietro, Roberto
AU - Ocello, Alberto
AU - Verde, Nino Vincenzo
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2009/11/30
Y1 - 2009/11/30
N2 - The role-based access con trol (RBAC) model has proven to be cost effective to reduce the complexity and costs of access permission management. To maximize the advantages offered by RBAC, the role engineering discipline has been introduced. A viable approach is to explore current applications and systems to find de facto roles embedded in existing user permissions, leading to what is usually referred to as role mining. However, a key problem that has not yet been adequately addressed by existing role mining approaches is how to propose roles that have business meaning. In order to do this, we provide a new formal framework that also enjoys practical relevance. In particular, the proposed framework leverages business information - such as business processes and organization structure - to implement role mining algorithms. Our key observation is that a role is likely to be meaningful from a business perspective when it involves activities within the same business process or organizational units within the same branch. To measure the " spreading" of a role among business processes or organization structure, we resort to centrality indices. Such indices are used in our cost-driven approach during the role mining process. Finally, we illustrate the application of the framework through a few examples.
AB - The role-based access con trol (RBAC) model has proven to be cost effective to reduce the complexity and costs of access permission management. To maximize the advantages offered by RBAC, the role engineering discipline has been introduced. A viable approach is to explore current applications and systems to find de facto roles embedded in existing user permissions, leading to what is usually referred to as role mining. However, a key problem that has not yet been adequately addressed by existing role mining approaches is how to propose roles that have business meaning. In order to do this, we provide a new formal framework that also enjoys practical relevance. In particular, the proposed framework leverages business information - such as business processes and organization structure - to implement role mining algorithms. Our key observation is that a role is likely to be meaningful from a business perspective when it involves activities within the same business process or organizational units within the same branch. To measure the " spreading" of a role among business processes or organization structure, we resort to centrality indices. Such indices are used in our cost-driven approach during the role mining process. Finally, we illustrate the application of the framework through a few examples.
UR - https://dl.acm.org/doi/10.1145/1542207.1542223
UR - http://www.scopus.com/inward/record.url?scp=70450265318&partnerID=8YFLogxK
U2 - 10.1145/1542207.1542223
DO - 10.1145/1542207.1542223
M3 - Conference contribution
SN - 9781605585376
SP - 85
EP - 94
BT - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
ER -