Role Based Access Control (RBAC) models have been adopted in many organizations as the standard way to implement security policies and assign access to restricted resources to roles and roles to users. To capture the business relationships within the organization and efficiently migrate towards RBAC, several role mining techniques have been defined. Constraints on the resulting roles and assignments to users can be imposed to filter out inconsistent situations produced by the automatic algorithm and to better capture the status of the organization. In this paper we are interested in constraints on the number of permissions that can be included in a role and on the number of persons a role can be assigned to. We analyze the problem and propose a couple of heuristics. The heuristics have been applied to standard datasets to validate their performance.
PRUCC-RM: Permission-Role-Usage Cardinality Constrained Role Mining
Carlo Blundo;Stelvio Cimato;Luisa Siniscalchi
2017-01-01
Abstract
Role Based Access Control (RBAC) models have been adopted in many organizations as the standard way to implement security policies and assign access to restricted resources to roles and roles to users. To capture the business relationships within the organization and efficiently migrate towards RBAC, several role mining techniques have been defined. Constraints on the resulting roles and assignments to users can be imposed to filter out inconsistent situations produced by the automatic algorithm and to better capture the status of the organization. In this paper we are interested in constraints on the number of permissions that can be included in a role and on the number of persons a role can be assigned to. We analyze the problem and propose a couple of heuristics. The heuristics have been applied to standard datasets to validate their performance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.