The Community for Technology Leaders
Green Image
Issue No. 06 - June (2012 vol. 24)
ISSN: 1041-4347
pp: 1120-1133
Roberto Di Pietro , Università Roma Tre, Roma
Alberto Ocello , Engiweb Security, Roma
Alessandro Colantonio , Bay31 GmbH, Zug
Nino Vincenzo Verde , Università Roma Tre, Roma
ABSTRACT
This paper offers a new role engineering approach to Role-Based Access Control (RBAC), referred to as visual role mining. The key idea is to graphically represent user-permission assignments to enable quick analysis and elicitation of meaningful roles. First, we formally define the problem by introducing a metric for the quality of the visualization. Then, we prove that finding the best representation according to the defined metric is a {\cal NP}-hard problem. In turn, we propose two algorithms: ADVISER and EXTRACT. The former is a heuristic used to best represent the user-permission assignments of a given set of roles. The latter is a fast probabilistic algorithm that, when used in conjunction with ADVISER, allows for a visual elicitation of roles even in absence of predefined roles. Besides being rooted in sound theory, our proposal is supported by extensive simulations run over real data. Results confirm the quality of the proposal and demonstrate its viability in supporting role engineering decisions.
INDEX TERMS
Access controls, data and knowledge visualization, mining methods and algorithms.
CITATION
Roberto Di Pietro, Alberto Ocello, Alessandro Colantonio, Nino Vincenzo Verde, "Visual Role Mining: A Picture Is Worth a Thousand Roles", IEEE Transactions on Knowledge & Data Engineering, vol. 24, no. , pp. 1120-1133, June 2012, doi:10.1109/TKDE.2011.37
96 ms
(Ver )