Abstract
In this paper we address the problem of generating a candidate role-set for an RBAC configuration that enjoys the following two key features: it minimizes the administration cost; and, it is a stable candidate role-set. To achieve these goals, we implement a three steps methodology: first, we associate a weight to roles; second, we identify and remove the user-permission assignments that cannot belong to a role that have a weight exceeding a given threshold; third, we restrict the problem of finding a candidate role-set for the given system configuration using only the user-permission assignments that have not been removed in the second step-that is, user-permission assignments that belong to roles with a weight exceeding the given threshold. We formally show-proof of our results are rooted in graph theory-that this methodology achieves the intended goals. Finally, we discuss practical applications of our approach to the role mining problem. © IFIP International Federation for Information Processing 2009.
Original language | English (US) |
---|---|
Title of host publication | IFIP Advances in Information and Communication Technology |
Publisher | Springer New York [email protected] |
Pages | 259-269 |
Number of pages | 11 |
ISBN (Print) | 9783642012433 |
DOIs | |
State | Published - Jan 1 2009 |
Externally published | Yes |
ASJC Scopus subject areas
- Information Systems and Management