A new role mining framework to elicit business roles and to mitigate enterprise risk

Alessandro Colantonio*, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

28 Scopus citations

Abstract

Role-based access control (RBAC) allows to effectively manage the risk derived from granting access to resources, provided that designed roles are business-driven. Role mining represents an essential tool for role engineers, but existing techniques are not able to elicit roles with an associated clear business meaning. Hence, it is difficult to mitigate risk, to simplify business governance, and to ensure compliance throughout the enterprise. To elicit meaningful roles, we propose a methodology where data to analyze are decomposed into smaller subsets according to the provided business information. We introduce two indices, minability and similarity, that drive the decomposition process by providing the expected complexity to find roles with business meaning. The proposed methodology is rooted on a sound theoretical framework. Moreover, experiments on real enterprise data support its effectiveness.

Original languageEnglish (US)
Pages (from-to)715-731
Number of pages17
JournalDecision Support Systems
Volume50
Issue number4
DOIs
StatePublished - Mar 2011

Keywords

  • Clustering coefficient
  • RBAC
  • Risk management
  • Role engineering
  • Role mining

ASJC Scopus subject areas

  • Management Information Systems
  • Information Systems
  • Developmental and Educational Psychology
  • Arts and Humanities (miscellaneous)
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'A new role mining framework to elicit business roles and to mitigate enterprise risk'. Together they form a unique fingerprint.

Cite this