2012 Seventh International Conference on Availability, Reliability and Security (2012)
Prague, TBD, Czech Republic Czech Republic
Aug. 20, 2012 to Aug. 24, 2012
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2012.61
The use of role engineering has grown in importance with the expansion of highly abstracted access control frameworks in organizations. In particular, the use of role mining techniques for the discovery of roles from previously deployed authorizations has facilitated the configuration of such frameworks. However, the literature lacks from a clear basis for appraising and leveraging the learning outcomes of the role mining process. In this paper, we provide such a formal basis. We compare sets of roles by projecting roles from one set into the other set. This approach allows to measure how comparable the two configurations of roles are, and to interpret each role. We formally define the problem of comparing sets of roles, and prove that the problem is NP-complete. Then, we propose an algorithm to map the inherent relation among the sets based on algebraic expressions. We demonstrate the correctness and completeness of our solution, and investigate some further issues that may benefit from our approach, such as detection of unhandled perturbations or source misconfiguration.
Boolean Logic, Access Control, Role Mining, IT Security
S. Hachana, F. Cuppens, N. Cuppens-Boulahia and J. Garcia-Alfaro, "Towards Automated Assistance for Mined Roles Analysis in Role Mining Applications," 2012 Seventh International Conference on Availability, Reliability and Security(ARES), Prague, TBD, Czech Republic Czech Republic, 2012, pp. 123-132.