Abstract

Role mining techniques are frequently used to derive a set of roles representing the current organization of a company following the RBAC model and simplifying the definition and the implementation of security policies. Constraints on the resulting roles can be defined to have valid roles, that can be efficiently managed, limiting for example the number of permissions included in a role or the users a role can be assigned to. Since the associated problems are NP hard, several heuristics have been developed to find sub-optimal solutions adopting the concurrent or the post-processing approach. In the first case, assignment matrices are obtained satisfying the given constraints during the computation, while in the second case, the intermediate solutions are obtained without considering the constraints, that are enforced successively. In this paper we present two heuristics for the Permission Usage and Role Usage Cardinality Constraints in the post-processing approach: we consider constraints limiting the number of permissions that can be included in a role in the first case, and the number of roles that can include a permission in the second case, refining the roles produced by some other technique (not considering any constraint). For both heuristics we analyze their performance after their application to some standard datasets, showing the improved results obtained w.r.t. state of the art solutions.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.