Evolving Role Definitions Through Permission Invocation Patterns

Evolving Role Definitions Through Permission Invocation Patterns
WEN ZHANG

Citation
WEN ZHANG. "Evolving Role Definitions Through Permission Invocation Patterns". Talk or presentation, 9, October, 2013.

Abstract
In role-based access control (RBAC), roles are traditionally defined as sets of permissions. Roles specified by administrators may be inaccurate, however, such that data mining methods have been proposed to learn roles from actual permission utilization. These methods minimize variation from an information theoretic perspective, but they neglect the expert knowledge of administrators. In this paper, we propose a strategy to enable a controlled evolution of RBAC based on utilization. To accomplish this goal, we extend a subset enumeration framework to search candidate roles for an RBAC model that addresses an objective function which balances administrator beliefs and permission utilization. The rate of role evolution is controlled by an administrator specified parameter.

Electronic downloads

Zhang_SACMAT_EBAM_BAM.pdf · application/pdf · 492 kbytes

Citation formats

HTML

WEN ZHANG. <a
href="http://www.truststc.org/pubs/913.html"
><i>Evolving Role Definitions Through Permission
Invocation Patterns</i></a>, Talk or
presentation,  9, October, 2013.

Plain text

WEN ZHANG. "Evolving Role Definitions Through
Permission Invocation Patterns". Talk or presentation, 
9, October, 2013.

BibTeX

@presentation{ZHANG13_EvolvingRoleDefinitionsThroughPermissionInvocationPatterns,
    author = {WEN ZHANG},
    title = {Evolving Role Definitions Through Permission
              Invocation Patterns},
    day = {9},
    month = {October},
    year = {2013},
    abstract = {In role-based access control (RBAC), roles are
              traditionally defined as sets of permissions.
              Roles specified by administrators may be
              inaccurate, however, such that data mining methods
              have been proposed to learn roles from actual
              permission utilization. These methods minimize
              variation from an information theoretic
              perspective, but they neglect the expert knowledge
              of administrators. In this paper, we propose a
              strategy to enable a controlled evolution of RBAC
              based on utilization. To accomplish this goal, we
              extend a subset enumeration framework to search
              candidate roles for an RBAC model that addresses
              an objective function which balances administrator
              beliefs and permission utilization. The rate of
              role evolution is controlled by an administrator
              specified parameter.},
    URL = {http://www.truststc.org/pubs/913.html}
}

Posted by Carolyn Winter on 13 Nov 2013.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.