Handling least privilege problem and role mining in RBAC

Handling least privilege problem and role mining in RBAC

0.00 Avg rating0 Votes
Article ID: iaor201526107
Volume: 30
Issue: 1
Start Page Number: 63
End Page Number: 86
Publication Date: Jul 2015
Journal: Journal of Combinatorial Optimization
Authors: , , ,
Keywords: security
Abstract:

For a given role‐based access control (RBAC) configuration, user‐role assignment satisfying least privilege principle (specified as LPUAP) is one of the most important problems to be solved in information security. LPUAP has been proved to be NP‐hard. This paper gives several efficient greedy algorithms for handling this problem. Experiment results show that the output of our algorithms is almost optimal while the running time is greatly reduced. In another case where a RBAC configuration is to be set up, minimizing the descriptive set of roles (specified as Basic‐RMP) and minimizing the administrative assignments for roles (specified as Edge‐RMP) can greatly decrease the management costs. Both role mining problems (i.e., Basic‐RMP and Edge‐RMP) have also been proved to be NP‐hard. This paper converts Basic‐RMP to set cover problem and Edge‐RMP to weighted set cover problem, and two algorithms respectively named GA Basic equ1 algorithm for Basic‐RMP and GA Edge equ2 algorithm for Edge‐RMP, are designed. Experiment results show that the average similarity rate between role sets produced by GA Basic equ3 algorithm and the original ones used in generating the dataset is above 90 %. However, in the process of converting role mining into Set Cover Problem, the number of candidate role set is very large. In order to reduce the complexity of the GA Basic equ4 algorithm, this paper presents a new polynomial‐time algorithm with a performance nearly the same as that of GA Basic equ5 algorithm.

Reviews

Required fields are marked *. Your email address will not be published.