Sciweavers

CCS
2008
ACM

A class of probabilistic models for role engineering

14 years 1 months ago
A class of probabilistic models for role engineering
Role Engineering is a security-critical task for systems using role-based access control (RBAC). Different role-mining approaches have been proposed that attempt to automatically infer appropriate roles from existing user-permission assignments. However, these approaches are mainly combinatorial and lack an underlying probabilistic model of the domain. We present the first probabilistic model for RBAC. Our model defines a general framework for expressing user permission assignments and can be specialized to different domains by limiting its degrees of freedom with appropriate constraints. For one practically important instance of this framework, we show how roles can be inferred from data using a state-of-the-art machine-learning algorithm. Experiments on both randomly generated and real-world data provide evidence that our approach not only creates meaningful roles but also identifies erroneous user-permission assignments in given data. Categories and Subject Descriptors: K.6 [Manage...
Mario Frank, David A. Basin, Joachim M. Buhmann
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Mario Frank, David A. Basin, Joachim M. Buhmann
Comments (0)