Mining Roles Based on User Dynamic Operation Logs

Xiaopu      Ma; Qinglei      Qi; Li      Zhao; Fei      Ning; He      Li

doi:10.2174/2666255816666230901145310

Abstract

Background: If we rely solely on whether to assign permissions together to determine roles, the roles we generate may not necessarily reflect the needs of the system. Therefore, the role generation process can be done based on user-to-permission dynamic relationships, such as user dynamic operation logs, thus providing the motivation for this work.

Methods: In our paper, we introduce a special generalization process and a frequent set-based analysis method to generate roles based on the particular data type of user dynamic operation logs so that the time factor of permissions used is considered before the process of role generation to generate the roles such also as auth_perms(r) = {p₁, p₂, p₃}.

Results: Our algorithm is less time consuming and generates less roles than traditional algorithm. Furthermore, the roles generated by the algorithm can better describe the real needs of the system and have better interpretability.

Conclusion: The results show that the algorithm has superior performance and useful role generation compared to traditional algorithm.

Graphical Abstract

[1]
D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn,  and R. Chandramouli, "Proposed NIST standard for role-based access control", ACM Trans. Inf. Syst. Secur., vol. 4, no. 3, pp. 224-274, 2001.
 [http://dx.doi.org/10.1145/501978.501980]
[2]
B.S. Radhika, K.N.V. Narendra,  and R.K. Shyamasundar, "Towards unifying RBAC with information flow control", Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, 2021, Virtuall Event, Spain, pp. 45-54, 2021.
[3]
E.J. Coyne, "Role engineering", Proc. of 1th ACM Workshop on Role-based access control, 2002, California, pp. 43-51, 2002.
[4]
A. Kern, M. Kuhlmann,  and A. Schaad, "Observations on the role life-cycle in the context of enterprise security management", Proceedings of the seventh ACM symposium on Access control models and technologies 2002, California, pp. 43-51, 2002.
 [http://dx.doi.org/10.1145/507711.507718]
[5]
A. Ene, W. Horne,  and N. Milosavljevic, "Fast exact and heuristic methods for role minimization problems", Proceedings of the 13th ACM symposium on Access control models and technologies 2008, NY, USA, pp. 1-10, 2008.
 [http://dx.doi.org/10.1145/1377836.1377838]
[6]
X. Ma, R. Li, Z. Lu, J. Lu,  and M. Dong, "Specifying and enforcing the principle of least privilege in role-based access control", Concurr. Comput., vol. 23, no. 12, pp. 1313-1331, 2011.
 [http://dx.doi.org/10.1002/cpe.1731]
[7]
L.I. Ninghui, M.V. Tripunitara,  and Z. Bizri, "On mutually-exclusive roles and separation of duty", ACM Trans. Inf. Syst. Secur., vol. 10, no. 2, pp. 1-36, 2005.
[8]
J. Currey, R. McKinstry,  and A. Dadgar, "Informed privilege-complexity trade-offs in RBAC configuration", Proceedings of the 25th ACM Symposium on Access Control Models and Technologies 2020, Barcelona, Spain, pp. 119-130, 2020.
 [http://dx.doi.org/10.1145/3381991.3395597]
[9]
W. Lin, M. Xu,  and J. He, "Privacy, security and resilience in mobile healthcare applications", Enterprise Inf. Syst., vol. 7, pp. 1-15, 2021.
[10]
E.B. Fernadez,  and J.C. Hawkins, "Determing role rights from use cases", In: Proc. of 2th ACM Workshop on Role-based Access Control, 1997, pp. 121-125.
[11]
G. Neumann,  and M. Strembeck, "A scenario-driven role engineering process for functional RBAC roles", 7th ACM Symposium on Access Control Models and Technologies 2002, California, USA, pp. 33-42, 2002.
 [http://dx.doi.org/10.1145/507711.507717]
[12]
J. Vaidya, V. Atluri,  and J. Warner, "Roleminer: Mining roles using subset enumeration", 13th ACM conference on Computer and communications security, 2006, October 30–November 3, 2006, Alexandria, VA, USA, California, pp. 144-153, 2006.
[13]
J. Schlegelmilch,  and U. Steffens, "Role mining with orca", Proceedings of the tenth ACM symposium on Access control models and technologies, 2005, Stockholm, Sweden, 2005.
[14]
I. Molloy, H. Chen,  and T. Li, "Mining roles with semantic meanings", Proceedings of the 13th ACM symposium on Access control models and technologies, 2008, Colorado, USA, pp. 21-30, 2008.
 [http://dx.doi.org/10.1145/1377836.1377840]
[15]
D. Zhang, K. Ramamohanarao,  and T. Ebringer, "Role engineering using graph optimization", 12th ACM Symposium on Access Control Models and Technologies.
 2007pp. 139-144 Antipoles, France [http://dx.doi.org/10.1145/1266840.1266862]
[16]
R. Kumar, S. Sural,  and A. Gupta, "Mining RBAC roles under cardinality constraint", International Conference on Information Systems Security 2010, Gandhinagar, India, pp. 171-185, 2010.
 [http://dx.doi.org/10.1007/978-3-642-17714-9_13]
[17]
J.C. John, S. Sural,  and V. Atluri, "Role mining under role-usage cardinality constraint", IFIP International Information Security Conference, 2012, Crete, Greece, pp. 150-161, 2012.
[18]
X. Ma, R. Li, H. Wang,  and H. Li, "Role mining based on permission cardinality constraint and user cardinality constraint", Secur. Commun. Netw., vol. 8, no. 13, pp. 2317-2328, 2015.
 [http://dx.doi.org/10.1002/sec.1177]
[19]
R. Li, H. Li, X. Gu, Y. Li, W. Ye,  and X. Ma, "Role mining based on cardinality constraints", Concurr. Comput., vol. 27, no. 12, pp. 3126-3144, 2015.
 [http://dx.doi.org/10.1002/cpe.3456]
[20]
X. Ma, R. Li,  and Z. Lu, "Role mining based on weights", Proceedings of the 15th ACM symposium on Access control models and technologies, 2010, Jun, 9-11, 2010, Pittsburgh, PA, USA, pp. 65-74, 2010.
[21]
A.L. Mustafa, "Towards cloud-based software for incorporating time and location into access control decisions", Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, 2021, Virtual Event, Spain, pp. 55-57, 2021.
[22]
R. Li, W. Wang,  and X. Ma, "Mining roles using attributes of permissions", Int. J. Innov. Comput., Inf. Control, vol. 8, no. 11, pp. 7909-7924, 2012.
[23]
B. Mitra, S. Sural, V. Atluri,  and J. Vaidya, "Toward mining of temporal roles", In: Data and Applications Security and Privacy XXVII, 2013, pp. 65-80.
 [http://dx.doi.org/10.1007/978-3-642-39256-6_5]
[24]
B. Mitra, S. Sural, V. Atluri,  and J. Vaidya, "The generalized temporal role mining problem", J. Comput. Secur., vol. 23, no. 1, pp. 31-58, 2015.
 [http://dx.doi.org/10.3233/JCS-140512]
[25]
B. Mitra, S. Sural, J. Vaidya,  and V. Atluri, "Migrating from RBAC to temporal RBAC", IET Inf. Secur., vol. 11, no. 5, pp. 294-300, 2017.
 [http://dx.doi.org/10.1049/iet-ifs.2016.0258]
[26]
T. Bui, S.D. Stoller,  and H. Le, "Efficient and Extensible policy mining for relationship-based access control model", Proceedings of the 24th ACM Symposium on Access Control Models and Technologies (SACMAT 2019), 2019, Toronto, Canada, pp. 161-172, 2019.
 [http://dx.doi.org/10.1145/3322431.3325106]

Rights & Permissions Print Cite

Journal Information

For Authors

For Editors

For Reviewers

Explore Articles

Open Access

Open Access Articles

For Visitors

DOI https://dx.doi.org/10.2174/2666255816666230901145310	Print ISSN 2666-2558
Publisher Name Bentham Science Publisher	Online ISSN 2666-2566

Recent Advances in Computer Science and Communications

Mining Roles Based on User Dynamic Operation Logs

Abstract Play Pause

Graphical Abstract

Related Journals

Related Books

Abstract