Mining Business-Relevant RBAC States through Decomposition
نویسندگان
چکیده
Role-based access control is widely accepted as a best practice to effectively limit system access to authorized users only. To enhance benefits, the role definition process must count on business requirements. Role mining represents an essential tool for role engineers, but most of the existing techniques cannot elicit roles with an associated clear business meaning. To this end, we propose a methodology where the dataset is decomposed into smaller subsets that are homogeneous from a business perspective. We introduce the entrustability index that provides, for a given partition, the expected uncertainty in locating homogeneous set of users and permissions that are manageable with the same role. Therefore, by choosing the decomposition with the highest entrustability value, we most likely identify roles with a clear business meaning. The proposed methodology is rooted on information theory, and experiments on real enterprise data support its effectiveness.
منابع مشابه
Role mining using answer set programming
With the increasing adoption of role-based access control (RBAC) in business security, role mining technology has been widely applied to aid the process of migrating a non-RBAC system to an RBAC system. However, because it is hard to deal with a variety of constraint conflicts at the same time, none of existing role mining algorithms can simultaneously satisfy various constraints that usually d...
متن کاملA Case Study on the Suitability of Process Mining to Produce Current-State RBAC Models
Role-based access control (RBAC) is commonly used to implement authorization procedures in Process-aware information systems (PAIS). Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control ow mining, some techniques focus on the discovery of organizational information fr...
متن کاملBridging the gap between role mining and role engineering via migration guides
In the context of role-based access control (RBAC), mining approaches, such as role mining or organizational mining, can be applied to derive permissions and roles from a system’s configuration or from log files. In this way, mining techniques document the current state of a system and produce current-state RBAC models. However, such current-state RBAC models most often follow from structures t...
متن کاملAutomatic Migration to Role-Based Access Control
Molloy, Ian M. Ph.D., Purdue University, August 2010. Automatic Migration to Role Based Access Control. Major Professor: Ninghui Li. The success of role-based access control both within the research community and industry is undeniable. One of the main reasons for RBAC’s adoption is its ability to reduce administration costs, help eliminate errors, and improve the security of a system. Before t...
متن کاملPolicy Mining : a Bottom-Up Approach Toward Network Security Management. (Techniques de rôle mining pour la gestion de politiques de sécurité : application à l'administration de la sécurité réseau)
Today’s corporations rely entirely on their information systems, usually connected to the Internet. Network access control, mainly ensured by firewalls, has become a paramount necessity. Yet, the management of manually configured firewall rules is complex, error prone, and costly for large networks. Using high abstract models such as the Role Based Access Control (RBAC) model has proved to be e...
متن کامل