Role Mining with Probabilistic Models

by   Mario Frank, et al.

Role mining tackles the problem of finding a role-based access control (RBAC) configuration, given an access-control matrix assigning users to access permissions as input. Most role mining approaches work by constructing a large set of candidate roles and use a greedy selection strategy to iteratively pick a small subset such that the differences between the resulting RBAC configuration and the access control matrix are minimized. In this paper, we advocate an alternative approach that recasts role mining as an inference problem rather than a lossy compression problem. Instead of using combinatorial algorithms to minimize the number of roles needed to represent the access-control matrix, we derive probabilistic models to learn the RBAC configuration that most likely underlies the given matrix. Our models are generative in that they reflect the way that permissions are assigned to users in a given RBAC configuration. We additionally model how user-permission assignments that conflict with an RBAC configuration emerge and we investigate the influence of constraints on role hierarchies and on the number of assignments. In experiments with access-control matrices from real-world enterprises, we compare our proposed models with other role mining methods. Our results show that our probabilistic models infer roles that generalize well to new system users for a wide variety of data, while other models' generalization abilities depend on the dataset given.


page 1

page 2

page 3

page 4


A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

Role-Based Access Control (RBAC) is a popular model which maps roles to ...

Towards Better Understanding of User Authorization Query Problem via Multi-variable Complexity Analysis

User authorization queries in the context of role-based access control h...

Role Engine Implementation for a Continuous and Collaborative Multi-Robot System

In situations involving teams of diverse robots, assigning appropriate r...

Toward Deep Learning Based Access Control

A common trait of current access control approaches is the challenging n...

A Survey on Role-Oriented Network Embedding

Recently, Network Embedding (NE) has become one of the most attractive r...

The Next 700 Policy Miners: A Universal Method for Building Policy Miners

A myriad of access control policy languages have been and continue to be...

User Authorization in a System with a Role-Based Access Control on the Basis of the Analytic Hierarchy Process

The problem of optimal authorization of a user in a system with a role-b...

Please sign up or login with your details

Forgot password? Click here to reset