Permission and role automatic assigning of user in role-based access control

Dao-jun Han , Han-kui Zhuo , Lan-ting Xia , Lei Li

Journal of Central South University ›› 2012, Vol. 19 ›› Issue (4) : 1049 -1056.

PDF
Journal of Central South University ›› 2012, Vol. 19 ›› Issue (4) : 1049 -1056. DOI: 10.1007/s11771-012-1108-0
Article

Permission and role automatic assigning of user in role-based access control

Author information +
History +
PDF

Abstract

Role mining and setup affect the usage of role-based access control (RBAC). Traditionally, user’s role and permission assigning are manipulated by security administrator of system. However, the cost is expensive and the operating process is complex. A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems. The relation among sets of permissions, roles and users was explored by generating mappings, and the relation between sets of users and attributes was analyzed by means of the concept lattice model, generating a critical mapping between the attribute and permission sets, and making the meaning of the role natural and operational. Thus, a role is determined by permission set and user’s attributes. The generated mappings were used to automatically assign permissions and roles to new users. Experimental results show that the proposed algorithm is effective and efficient.

Keywords

role-based access control / role / permission assignment / concept lattice

Cite this article

Download citation ▾
Dao-jun Han, Han-kui Zhuo, Lan-ting Xia, Lei Li. Permission and role automatic assigning of user in role-based access control. Journal of Central South University, 2012, 19(4): 1049-1056 DOI:10.1007/s11771-012-1108-0

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

SandhuR., CoyneE. J.. Role based access control models [J]. IEEE Computer, 1996, 29(2): 38-47

[2]

FOCARDI R, GORRIERI R. Access control: Policies, models, and mechanisms [C]// Proceedings of Foundations of Security Analysis and Design. Bertinoro, Italy, 2000: 137–196.
[3]

ParkJ. H., SandhuR.. The UCONABC usage control model [J]. ACM Transactions on Information and System Security, 2004, 7(1): 128-174

[4]

ZHANG X, LI Y, NALLA D. An attribute-based access matrix model [C]// Proceedings of the 2005 ACM Symposium on Applied Computing. Santa Fe, USA, 2005: 359–363.
[5]

LiX.-f., FengD.-g., ChenC.-w., FangZ.-he.. Model for attribute based access control [J]. Journal on Communications, 2008, 29(4): 90-98
[6]

THOMAS R K, SANDHU R S. Task-based authentication controls (TABC): A family of models for active and enterprise-oriented authentication management [C]// Proceedings of the IFIP WG11.3 Workshop on Database Security. Lake Tahoe, California, 1997: 11–13.
[7]

BarkerS., SergotM. J., WijesekeraD.. Status-based access control [J]. ACM Transactions on Information and System Security, 2008, 12(1): 1-47

[8]

YangQ.-w., HongF., YangM.-xiang.. Security analysis on administrative model of role-based access control [J]. Journal of Software, 2006, 17(8): 1804-1810

[9]

SASTURKAR A, YANG Ping, STOLLER S D. Policy analysis for administrative role based access control [C]// Proceedings of the 19th IEEE Workshop on Computer Security Foundations. Venice, Italy, 2006: 183–196.
[10]

LiuQ., JiangY.-f., RaoD.-ning.. Safety analysis of ARBAC policy based on graphplan [J]. Chinese Journal of Computers, 2009, 32(5): 910-921

[11]

COYNE E J. Role-engineering [C]. Proceedings of 1st ACM Workshop on Role-Based Access Control. Maryland, USA, 1995.
[12]

ZHANG D, RAMAMOHANRAO K, EBRINGER T. Role engineering using graph optimisation [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Autipolis, France, 2007: 139–144.
[13]

MOLLOY I, LI N, LI T, MAO Z, WANG Q, LOBO J. Evaluating role mining algorithms [C]// Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT). Stresa, Italy, 2009: 95–104.
[14]

SCHLEGELMILCH J, STEENS U. Role mining with orca [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). ACM, Stockholm, Sweden, 2005.
[15]

VAIDYA J, ATLURI V, WARNER J. Roleminer: Mining roles using subset enumeration [C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006: 144–153.
[16]

ANSI, ANSI INCITS 359-2004 for Role Based Access Control, 2004.
[17]

FERRAIOLO D F, GILBERT D M, LYNCH N. An examination of federal and commercial access control policy needs [C]// Proceedings of NIST-NCSC National Computer Security Conference. Baltimore, USA, 1993: 107–116.
[18]

MichalskiR. S., RosenfeldA., DuricZ., MaloofM., ZhangQ.MichalskiR. S., BratkoI., KubatM.. Application of machine learning in computer vision [C]. Machine Learning and Data Mining: Methods and Applications, 1997LondonJohn Wiley & Sons83-113
[19]

GanterB., WilleR.Formal concept analysis: Mathematical foundations [M], 1999BerlinSpringer-Verlag1-5

[20]

WangG.-y., YaoY.-y., YuHong.. A survey on rough set theory and applications [J]. Chinese Journal of Computers, 2009, 32(7): 1229-1246

[21]

VAIDYA J, ATLURI V, GUO Qi. The role mining problem: Finding a minimal descriptive set of roles [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Antipolis, France, 2007: 175–184.
[22]

ENE A, HORNE W, MILOSAVLJEVIC N, RAO P, SCHREIBER R, TARJAN R. Fast exact and heuristic methods for role minimization problems [C]// In The ACM Symposium on Access Control Models and Technologies. Colorado, USA, 2008.
[23]

ColantonioA., di PietroR., OcelloA., Vincenzo VerdeN.. Taming role mining complexity in RBAC [J]. Computers & Security, 2010, 29: 548-564

[24]

FRANK M, BUHMANN J M, BASIN D. On the definition of role mining [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 35–44.
[25]

TAKABI H, JAMES B. D. JOSHI. StateMiner: An efficient similarity-based approach for optimal mining of role hierarchy [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 55–64.
[26]

HU Jin-wei, ZHANG Yan, LI Rui-xuan, LU Zheng-ding. Role updating for assignments [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, USA, 2010: 89–98.
[27]

ZHANG Da-na, RAMAMOHANARAO K, VERSTEEG S. Graph based strategies to role engineering [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Oak Ridge, Tennessee, USA, 2010.
[28]

GoncalvesG., Poniszewska-MarandaA.. Role engineering: From design to evolution of security schemes [J]. The Journal of Systems and Software, 2008, 81: 1306-1326

[29]

LU H, VAIDYA J, ATLURI V. Optimal boolean matrix decomposition: Application to role engineering [C]// ICDE’ 08. Washington, DC, USA. IEEE Computer Society. 2008: 297–306.
[30]

MOLLOY I, CHEN H, LI T, WANG Q, LI N, BERTINO E, CALO S, LOBO J. Mining roles with semantic meanings [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Colorado, USA, 2008: 21–30.
[31]

FRANK M, BASIN D, BUHMANN J M. A class of probabilistic models for role engineering [C]// Proceedings of 15th ACM conference on Computers and Communications Security. Alexandria, Virginia, USA. 2008: 299–309.
[32]

COLANTONIO A, DI PIETRO R, OCELLO A, VERDE N V. A formal framework to elicit roles with business meaning in RBAC systems [C]// Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. Stresa, Italy, 2009: 85–94.
[33]

MA Xiao-pu, LI Rui-xuan, LU Zheng-ding. Role mining based on weights [C]// Proceedings of Symposium on Access Control Models and Technologies (SACMAT). Pittsburgh, Pennsylvania, USA. 2010: 65–74.
[34]

VaidyaJ., AtluriV., WarnerJ.. Role engineering via prioritized subset enumeration [J]. IEEE Transactions on Dependable and Secure Computing, 2010, 7(3): 300-314

AI Summary AI Mindmap
PDF

140

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/