DOI

Over the years several organizations are migrating to Role-Based Access Control (RBAC) as a practical solution to regulate access to sensitive information. Role mining has been proposed to automatically extract RBAC policies from the current set of permissions assigned to users. Existing role mining approaches usually require that this set of permissions is retrievable and complete. Such an assumption, however, cannot be met in practice as permissions can be hard-coded in the applications or distributed over several subsystems. In those cases, permissions can be obtained from activity logs recording the actions performed by users. This, however, can provide an incomplete representation of the permissions within the system. Thus, existing role mining solutions are not directly applicable. In this work, we study the problem of role mining with incomplete knowledge. In particular, we investigate approaches for two instances of the role mining problem with missing values. Moreover, we study metrics to properly evaluate the obtained RBAC policies. We validate the investigated approaches using both synthetic and real data.

Original languageEnglish
Title of host publicationProceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages167-176
Number of pages10
ISBN (Electronic)9781509009909
DOIs
StatePublished - 14 Dec 2016
Event11th International Conference on Availability, Reliability and Security, ARES 2016 - Salzburg, Austria

Conference

Conference11th International Conference on Availability, Reliability and Security, ARES 2016
CountryAustria
CitySalzburg
Period31/08/162/09/16

    Research areas

  • Incomplete knowledge, Metrics, RBAC, Role mining

ID: 32864021