TY - GEN
T1 - An optimization model for the extended role mining problem
AU - Uzun, Emre
AU - Atluri, Vijayalakshmi
AU - Lu, Haibing
AU - Vaidya, Jaideep
PY - 2011
Y1 - 2011
N2 - The primary purpose of Role Mining is to effectively determine the roles in an enterprise using the permissions that have already been assigned to the users. If this permission assignment is viewed as a 0-1 matrix, then Role Mining aims to decompose this matrix into two matrices which represent user-role and role-permission assignments. This decomposition is known as Boolean Matrix Decomposition (BMD). In this paper, we use an Extended BMD (EBMD) to consider separation of duty constraints (SOD) and exceptions, that are common to any security system, in the role mining process. Essentially, in EBMD, we introduce negative assignments. An additional benefit of allowing negative assignments in roles is that, a less number of roles can be used to reconstruct the same given user-permission assignments. We introduce Extended Role Mining Problem and its variants and present their optimization models. We also propose a heuristic algorithm that is capable of utilizing these models to find good decompositions.
AB - The primary purpose of Role Mining is to effectively determine the roles in an enterprise using the permissions that have already been assigned to the users. If this permission assignment is viewed as a 0-1 matrix, then Role Mining aims to decompose this matrix into two matrices which represent user-role and role-permission assignments. This decomposition is known as Boolean Matrix Decomposition (BMD). In this paper, we use an Extended BMD (EBMD) to consider separation of duty constraints (SOD) and exceptions, that are common to any security system, in the role mining process. Essentially, in EBMD, we introduce negative assignments. An additional benefit of allowing negative assignments in roles is that, a less number of roles can be used to reconstruct the same given user-permission assignments. We introduce Extended Role Mining Problem and its variants and present their optimization models. We also propose a heuristic algorithm that is capable of utilizing these models to find good decompositions.
UR - https://www.scopus.com/pages/publications/79960264392
UR - https://www.scopus.com/pages/publications/79960264392#tab=citedBy
U2 - 10.1007/978-3-642-22348-8_8
DO - 10.1007/978-3-642-22348-8_8
M3 - Conference contribution
AN - SCOPUS:79960264392
SN - 9783642223471
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 76
EP - 89
BT - Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings
T2 - 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011
Y2 - 11 July 2011 through 13 July 2011
ER -