Mining parameterized role-based policies

Zhongyuan Xu; Scott D. Stoller

doi:10.1145/2435349.2435384

Mining parameterized role-based policies

Zhongyuan Xu
, Scott D. Stoller

Computer Science

Stony Brook University

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Scopus citations

Abstract

Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) frame- work in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and re- ports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.

Original language	English
Title of host publication	CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
Pages	255-265
Number of pages	11
DOIs	https://doi.org/10.1145/2435349.2435384
State	Published - 2013
Event	3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013 - San Antonio, TX, United States Duration: Feb 18 2013 → Feb 20 2013

Publication series

Name	CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Conference

Conference	3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
Country/Territory	United States
City	San Antonio, TX
Period	02/18/13 → 02/20/13

Keywords

Role mining
Role-based access control

Access to Document

10.1145/2435349.2435384

Cite this

@inproceedings{76698e69c1ec41208bf1330e73d2f392,

title = "Mining parameterized role-based policies",

abstract = "Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) frame- work in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and re- ports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.",

keywords = "Role mining, Role-based access control",

author = "Zhongyuan Xu and Stoller, \{Scott D.\}",

year = "2013",

doi = "10.1145/2435349.2435384",

language = "English",

isbn = "9781450318907",

series = "CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy",

pages = "255--265",

booktitle = "CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy",

note = "3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013 ; Conference date: 18-02-2013 Through 20-02-2013",

}

Xu, Z & Stoller, SD 2013, Mining parameterized role-based policies. in CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 255-265, 3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013, San Antonio, TX, United States, 02/18/13. https://doi.org/10.1145/2435349.2435384

Mining parameterized role-based policies. / Xu, Zhongyuan; Stoller, Scott D.
CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. 2013. p. 255-265 (CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mining parameterized role-based policies

AU - Xu, Zhongyuan

AU - Stoller, Scott D.

PY - 2013

Y1 - 2013

N2 - Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) frame- work in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and re- ports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.

AB - Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) frame- work in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and re- ports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.

KW - Role mining

KW - Role-based access control

UR - https://www.scopus.com/pages/publications/84874821031

U2 - 10.1145/2435349.2435384

DO - 10.1145/2435349.2435384

M3 - Conference contribution

SN - 9781450318907

T3 - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

SP - 255

EP - 265

BT - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

T2 - 3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013

Y2 - 18 February 2013 through 20 February 2013

ER -

Mining parameterized role-based policies

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this