Abstract
Role-based access control (RBAC) is the most popular access control model currently adopted in several contexts to define security management. Constraints play a crucial role since they can drive the selection of the best representation of the organization's security policies when migrating towards an RBAC system. In this paper, we examine different types of constraints addressing both theoretical aspects and practical considerations. On one side, we define the constrained role mining problem for each constraint type, showing its complexity. On the other hand, we present efficient heuristics adapted to each class of constraints, all derived from the specialization of a general approach for role mining. We show that our techniques improve over previous proposals, offering a complete set of experimentations obtained after the application of the heuristics to standard real-world datasets.
Highlights
The possibility of automatizing the process of selecting appropriate roles to define the organization of complex information systems has been one of the reasons for the success of role engineering
As introduced in the seminal paper in 1995 [6], role engineering has the goal to output a Role-Based Access Control (RBAC) model where permissions to access restricted resources are not assigned to individuals but to groups of employees sharing the same role in the organization
The contribution is twofold: on one side, we examine the basic types of cardinality constraints and give formal definitions addressing theoretical aspects, defining the associated constrained role mining problems, and analyzing their complexity
Summary
The possibility of automatizing the process of selecting appropriate roles to define the organization of complex information systems has been one of the reasons for the success of role engineering. Blundo et al.: Managing Constraints in RBAC that can be selected after the role mining process For such reasons, different kinds of constraints have been considered, such as role-usage cardinality constraint [16], where a restriction is posed on the maximum number of roles that can be assigned to any user, or considering the maximum number of permissions associated to a role [2], [18]. Separation of duty constraints (SoD) or statically mutually exclusive roles (SMER) have been considered in the definition of the RBAC2 model [31] In this case, one user can be assigned to at most one role in a mutually exclusive set. The contribution is twofold: on one side, we examine the basic types of cardinality constraints and give formal definitions addressing theoretical aspects, defining the associated constrained role mining problems, and analyzing their complexity.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
