This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Meeting Cardinality Constraints in Role Mining
PrePrint
ISSN: 1545-5971
Role mining is a critical step for organizations that migrate from traditional access control mechanisms to Role Based Access Control (RBAC). Additional constraints may be imposed while generating roles from a given user-permission assignment relation. In this paper we consider two such constraints which are the dual of each other. A role-usage cardinality constraint limits the maximum number of roles any user can have. Its dual, the permission-distribution cardinality constraint, limits the maximum number of roles to which a permission can belong. These two constraints impose mutually contradictory requirements on user to role and role to permission assignments. An attempt to satisfy one of the constraints may result in a violation of the other. We show that the constrained role mining problem is NP-Complete and present heuristic solutions. Two distinct frameworks are presented in this paper. In the first approach, roles are initially mined without taking the constraints into account. The user-role and role-permission assignments are then checked for constraint violation in a post-processing step, and appropriately re-assigned, if necessary. In the second approach, constraints are enforced during the process of role mining. The methods are first applied on problems that consider the two constraints individually, and then with both considered together. Both methods are evaluated over a number of real-world data sets.
Index Terms:
Matrix decomposition,Merging,Organizations,Access control,Corporate acquisitions,Data mining
Citation:
Vijayalakshmi Atluri, Shamik Sural, John C. John, Jaideep Vaidya, Marreddy Nagajyothi, "Meeting Cardinality Constraints in Role Mining," IEEE Transactions on Dependable and Secure Computing, 17 March 2014. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2014.2309117>
Usage of this product signifies your acceptance of the Terms of Use.