Mining roles with semantic meanings


With the growing adoption of role-based access control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. Researchers have proposed to use data mining techniques to discover roles to complement the costly top-down approaches for RBAC system construction. A key problem that has not been adequately addressed by existing role mining approaches is how to discover roles with semantic meanings. In this paper, we study the problem in two settings with different information availability. When the only information is user-permission relation, we propose to discover roles whose semantic meaning is based on formal concept lattices. We argue that the theory of formal concept analysis provides a solid theoretical foundation for mining roles from userpermission relation. When user-attribute information is also available, we propose to create roles that can be explained by expressions of user-attributes. Since an expression of attributes describes a real-world concept, the corresponding role represents a real-world concept as well. Furthermore, the algorithms we proposed balance the semantic guarantee of roles with system complexity. Our experimental results demonstrate the effectiveness of our approaches.

DOI: 10.1145/1377836.1377840

Extracted Key Phrases

5 Figures and Tables

Citations per Year

135 Citations

Semantic Scholar estimates that this publication has 135 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Molloy2008MiningRW, title={Mining roles with semantic meanings}, author={Ian Molloy and Hong Chen and Tiancheng Li and Qihua Wang and Ninghui Li and Elisa Bertino and Seraphin B. Calo and Jorge Lobo}, booktitle={SACMAT}, year={2008} }