Strategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)

Work on Role Based Access Control (RBAC) has emerged as the principle type of access control model in theory and practice. RBAC has frequently been criticized for the difficulty of setting up an initial role structure and for inflexibility in rapidly changing application. This paper offers a new role engineering approach to RoleBased Access Control (RBAC), referred to as visual role mining. The key idea is to graphically represent userpermission assignments to enable quick analysis and elicitation of meaningful roles. In turn, we propose an idea of merging two algorithms in a hybrid fashion: ADVISER and EXTRACT. The former role structure is a heuristic used to represent the user-permission assignments of a given set of roles. The proposed hybrid approach is a fast probabilistic algorithm that, when used in conjunction with ADVISER, allows for a visual elicitation of roles even in absence of predefined roles. Results confirm the quality of the proposal and demonstrate its viability in supporting role engineering decisions. Keywords— Role Based Access control, Visualization, Role engineering, Role Mining.