Mining business-relevant RBAC states through decomposition

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Role-based access control is widely accepted as a best practice to effectively limit system access to authorized users only. To enhance benefits, the role definition process must count on business requirements. Role mining represents an essential tool for role engineers, but most of the existing techniques cannot elicit roles with an associated clear business meaning. To this end, we propose a methodology where the dataset is decomposed into smaller subsets that are homogeneous from a business perspective. We introduce the entrustability index that provides, for a given partition, the expected uncertainty in locating homogeneous set of users and permissions that are manageable with the same role. Therefore, by choosing the decomposition with the highest entrustability value, we most likely identify roles with a clear business meaning. The proposed methodology is rooted on information theory, and experiments on real enterprise data support its effectiveness. © IFIP International Federation for Information Processing 2010.
Original languageEnglish (US)
Title of host publicationIFIP Advances in Information and Communication Technology
PublisherSpringer New York LLCbarbara.b.bertram@gsk.com
Pages19-30
Number of pages12
ISBN (Print)9783642152566
DOIs
StatePublished - Jan 1 2010
Externally publishedYes

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Mining business-relevant RBAC states through decomposition'. Together they form a unique fingerprint.

Cite this