Role Mining in Enterprise Access Control Systems

Research Areas: Assured Identity and Privacy,

Principal Investigator: Ninghui Li; Elisa Bertino

Role-based access control (RBAC) has established itself as a well-accepted model for access control in many organizations and enterprises. The process of building an RBAC system is referred to as role engineering. According to a NIST report, the process of role engineering is the costliest part of migrating to an RBAC implementation. The problem of role mining, which applies data mining technique to construct RBAC systems from user-permission relations so as to minimize human effects, has raised significant interests in the research community. This project aims at developing new role mining techniques to construct RBAC systems that are optimized with respect to some objective measure of “goodness”, such as the structural complexity of systems. Also, by taking user attributes into account, we try to construct RBAC systems through role mining such that roles in the systems have semantic meanings. This overcomes a major weakness of existing role mining approaches, whose constructed roles do not have meanings. Last but not least, we study the problem of building RBAC systems whose cost of future updates is minimum.

Personnel

  • Seraphin Calo
  • Jorge Lobo
  • Hong Chen
  • Tiancheng Li
  • Ziqing Mao
  • Ian Molloy
  • Qihua Wang

Keywords: role engineering, role based access control, mining