Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Data and Applications Security
Guest editors: Lingyu Wang and Basit Shafiq
Article type: Research Article
Authors: Mitra, Barshaa | Sural, Shamika; * | Atluri, Vijayalakshmib | Vaidya, Jaideepb
Affiliations: [a] School of Information Technology, IIT Kharagpur, Kharagpur, India. E-mails: [email protected], [email protected] | [b] MSIS Department, Rutgers University, Piscataway, NJ, USA. E-mails: [email protected], [email protected]
Correspondence: [*] Corresponding author. E-mail: [email protected].
Abstract: Role mining, the process of deriving a set of roles from the available user-permission assignments, is considered to be an essential step in successful implementation of Role-Based Access Control (RBAC) systems. Traditional role mining techniques, however, are not equipped to handle temporal extensions of RBAC like the Temporal-RBAC (TRBAC) model. In this paper, we formally define the problem of finding a minimal set of roles from temporal user-permission assignments, such that in the resulting TRBAC system, users acquire either the same or a subset of the permissions originally assigned to them for the complete or partial durations of time as specified in the input. We show that the problem is NP-complete and propose a greedy algorithm for solving it. Our algorithm first derives a set of candidate roles from the temporal user-permission assignments and then selects the least possible number of roles from the candidate role set. The final output consists of a set of roles, a user-to-role assignment relation, a role-to-permission assignment relation and a role enabling base describing the time durations for which each role is enabled. Performance of the proposed approach has been evaluated on a number of synthetic as well as real-world datasets.
Keywords: TRBAC, temporal user-permission assignment, generalized temporal role mining, NP-complete, temporal mismatch, greedy algorithm
DOI: 10.3233/JCS-140512
Journal: Journal of Computer Security, vol. 23, no. 1, pp. 31-58, 2015
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]