Open AccessA class of probabilistic models for role engineering
Author(s) -
Mario Frank,
David Basin,
Joachim M. Buhmann
Publication year - 2008
Publication title -
citeseer x (the pennsylvania state university)
Language(s) - English
Resource type - Conference proceedings
DOI - 10.1145/1455770.1455809
Subject(s) - permission , role based access control , computer science , probabilistic logic , class (philosophy) , domain (mathematical analysis) , access control , limiting , theoretical computer science , task (project management) , data mining , machine learning , artificial intelligence , computer security , engineering , mechanical engineering , mathematical analysis , mathematics , political science , law , systems engineering
Role Engineering is a security-critical task for systems using role-based access control (RBAC). Different role-mining approaches have been proposed that attempt to automatically infer appropriate roles from existing user-permission assignments. However, these approaches are mainly combinatorial and lack an underlying probabilistic model of the domain. We present the first probabilistic model for RBAC. Our model defines a general framework for expressing user permission assignments and can be specialized to different domains by limiting its degrees of freedom with appropriate constraints. For one practically important instance of this framework, we show how roles can be inferred from data using a state-of-the-art machine-learning algorithm. Experiments on both randomly generated and real-world data provide evidence that our approach not only creates meaningful roles but also identifies erroneous user-permission assignments in given data.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom