Role mining using answer set programming

With the increasing adoption of role-based access control (RBAC) in business security, role mining technology has been widely applied to aid the process of migrating a non-RBAC system to an RBAC system. However, because it is hard to deal with a variety of constraint conflicts at the same time, none...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Future generation computer systems Ročník 55; s. 336 - 343
Hlavní autori: Ye, Wei, Li, Ruixuan, Gu, Xiwu, Li, Yuhua, Wen, Kunmei
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 01.02.2016
Predmet:
Answer set programming
Constraint
RBAC
Role mining
Role mining
RBAC
Constraint
Answer set programming
ISSN:0167-739X, 1872-7115
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:With the increasing adoption of role-based access control (RBAC) in business security, role mining technology has been widely applied to aid the process of migrating a non-RBAC system to an RBAC system. However, because it is hard to deal with a variety of constraint conflicts at the same time, none of existing role mining algorithms can simultaneously satisfy various constraints that usually describe organizations’ security and business requirements. To extend the ability of role mining technology, this paper proposes a novel role mining approach using answer set programming (ASP) that complies with constraints and meets various optimization objectives, named constrained role miner (CRM). Essentially, the idea is that ASP is an approach to declarative problem solving. Thus, either to discover RBAC configurations or to deal with conflicts between constraints, ASP programs do not need to specify how answers are computed. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results. •We propose a novel role mining approach using ASP.•This novel role mining approach can comply with various kinds of constraints.•This novel role mining approach meets multi-objective optimization at the same time.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2014.10.018