Role mining with missing values

S. Vavilis, A.I. Egner, M. Petkovic, N. Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

7 Citations (Scopus)

Abstract

Over the years several organizations are migrating to Role-Based Access Control (RBAC) as a practical solution to regulate access to sensitive information. Role mining has been proposed to automatically extract RBAC policies from the current set of permissions assigned to users. Existing role mining approaches usually require that this set of permissions is retrievable and complete. Such an assumption, however, cannot be met in practice as permissions can be hard-coded in the applications or distributed over several subsystems. In those cases, permissions can be obtained from activity logs recording the actions performed by users. This, however, can provide an incomplete representation of the permissions within the system. Thus, existing role mining solutions are not directly applicable. In this work, we study the problem of role mining with incomplete knowledge. In particular, we investigate approaches for two instances of the role mining problem with missing values. Moreover, we study metrics to properly evaluate the obtained RBAC policies. We validate the investigated approaches using both synthetic and real data.
Original languageEnglish
Title of host publication2016 11th International Conference on Availability, Reliability and Security (ARES), 31 August - 2 September 2016, Salzburg, Austria
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages167-176
ISBN (Electronic)978-1-5090-0990-9
ISBN (Print)978-1-5090-0991-6
DOIs
Publication statusPublished - 2016

Keywords

  • Role Mining
  • RBAC
  • incomplete knowledge
  • metrics

Fingerprint

Dive into the research topics of 'Role mining with missing values'. Together they form a unique fingerprint.

Cite this