Mining stable roles in RBAC

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

In this paper we address the problem of generating a candidate role-set for an RBAC configuration that enjoys the following two key features: it minimizes the administration cost; and, it is a stable candidate role-set. To achieve these goals, we implement a three steps methodology: first, we associate a weight to roles; second, we identify and remove the user-permission assignments that cannot belong to a role that have a weight exceeding a given threshold; third, we restrict the problem of finding a candidate role-set for the given system configuration using only the user-permission assignments that have not been removed in the second step-that is, user-permission assignments that belong to roles with a weight exceeding the given threshold. We formally show-proof of our results are rooted in graph theory-that this methodology achieves the intended goals. Finally, we discuss practical applications of our approach to the role mining problem. © IFIP International Federation for Information Processing 2009.
Original languageEnglish (US)
Title of host publicationIFIP Advances in Information and Communication Technology
PublisherSpringer New York LLCbarbara.b.bertram@gsk.com
Pages259-269
Number of pages11
ISBN (Print)9783642012433
DOIs
StatePublished - Jan 1 2009
Externally publishedYes

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Mining stable roles in RBAC'. Together they form a unique fingerprint.

Cite this