TY - GEN
T1 - Towards automated assistance for mined roles analysis in role mining applications
AU - Hachana, Safaà
AU - Cuppens, Frédéric
AU - Cuppens-Boulahia, Nora
AU - Garcia-Alfaro, Joaquin
PY - 2012/1/1
Y1 - 2012/1/1
N2 - The use of role engineering has grown in importance with the expansion of highly abstracted access control frameworks in organizations. In particular, the use of role mining techniques for the discovery of roles from previously deployed authorizations has facilitated the configuration of such frameworks. However, the literature lacks from a clear basis for appraising and leveraging the learning outcomes of the role mining process. In this paper, we provide such a formal basis. We compare sets of roles by projecting roles from one set into the other set. This approach allows to measure how comparable the two configurations of roles are, and to interpret each role. We formally define the problem of comparing sets of roles, and prove that the problem is NP-complete. Then, we propose an algorithm to map the inherent relation among the sets based on algebraic expressions. We demonstrate the correctness and completeness of our solution, and investigate some further issues that may benefit from our approach, such as detection of unhandled perturbations or source misconfiguration.
AB - The use of role engineering has grown in importance with the expansion of highly abstracted access control frameworks in organizations. In particular, the use of role mining techniques for the discovery of roles from previously deployed authorizations has facilitated the configuration of such frameworks. However, the literature lacks from a clear basis for appraising and leveraging the learning outcomes of the role mining process. In this paper, we provide such a formal basis. We compare sets of roles by projecting roles from one set into the other set. This approach allows to measure how comparable the two configurations of roles are, and to interpret each role. We formally define the problem of comparing sets of roles, and prove that the problem is NP-complete. Then, we propose an algorithm to map the inherent relation among the sets based on algebraic expressions. We demonstrate the correctness and completeness of our solution, and investigate some further issues that may benefit from our approach, such as detection of unhandled perturbations or source misconfiguration.
KW - Access Control
KW - Boolean Logic
KW - IT Security
KW - Role Mining
UR - https://www.scopus.com/pages/publications/84869437418
U2 - 10.1109/ARES.2012.61
DO - 10.1109/ARES.2012.61
M3 - Conference contribution
AN - SCOPUS:84869437418
SN - 9780769547756
T3 - Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
SP - 123
EP - 132
BT - Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
PB - IEEE Computer Society
T2 - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Y2 - 20 August 2012 through 24 August 2012
ER -