Team for Research in
Ubiquitous Secure Technology

Evolving Role Definitions Through Permission Invocation Patterns
WEN ZHANG

Citation
WEN ZHANG. "Evolving Role Definitions Through Permission Invocation Patterns". Talk or presentation, 9, October, 2013.

Abstract
In role-based access control (RBAC), roles are traditionally defined as sets of permissions. Roles specified by administrators may be inaccurate, however, such that data mining methods have been proposed to learn roles from actual permission utilization. These methods minimize variation from an information theoretic perspective, but they neglect the expert knowledge of administrators. In this paper, we propose a strategy to enable a controlled evolution of RBAC based on utilization. To accomplish this goal, we extend a subset enumeration framework to search candidate roles for an RBAC model that addresses an objective function which balances administrator beliefs and permission utilization. The rate of role evolution is controlled by an administrator specified parameter.

Electronic downloads

Citation formats  
  • HTML
    WEN ZHANG. <a
    href="http://www.truststc.org/pubs/913.html"
    ><i>Evolving Role Definitions Through Permission
    Invocation Patterns</i></a>, Talk or
    presentation,  9, October, 2013.
  • Plain text
    WEN ZHANG. "Evolving Role Definitions Through
    Permission Invocation Patterns". Talk or presentation, 
    9, October, 2013.
  • BibTeX
    @presentation{ZHANG13_EvolvingRoleDefinitionsThroughPermissionInvocationPatterns,
        author = {WEN ZHANG},
        title = {Evolving Role Definitions Through Permission
                  Invocation Patterns},
        day = {9},
        month = {October},
        year = {2013},
        abstract = {In role-based access control (RBAC), roles are
                  traditionally defined as sets of permissions.
                  Roles specified by administrators may be
                  inaccurate, however, such that data mining methods
                  have been proposed to learn roles from actual
                  permission utilization. These methods minimize
                  variation from an information theoretic
                  perspective, but they neglect the expert knowledge
                  of administrators. In this paper, we propose a
                  strategy to enable a controlled evolution of RBAC
                  based on utilization. To accomplish this goal, we
                  extend a subset enumeration framework to search
                  candidate roles for an RBAC model that addresses
                  an objective function which balances administrator
                  beliefs and permission utilization. The rate of
                  role evolution is controlled by an administrator
                  specified parameter.},
        URL = {http://www.truststc.org/pubs/913.html}
    }
    

Posted by Carolyn Winter on 13 Nov 2013.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.