TY - JOUR
T1 - Migrating from RBAC to temporal RBAC
AU - Mitra, Barsha
AU - Sural, Shamik
AU - Vaidya, Jaideep
AU - Atluri, Vijayalakshmi
N1 - Publisher Copyright:
© The Institution of Engineering and Technology 2016.
PY - 2017/9/1
Y1 - 2017/9/1
N2 - The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.
AB - The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.
UR - http://www.scopus.com/inward/record.url?scp=85027489569&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85027489569&partnerID=8YFLogxK
U2 - 10.1049/iet-ifs.2016.0258
DO - 10.1049/iet-ifs.2016.0258
M3 - Article
AN - SCOPUS:85027489569
SN - 1751-8709
VL - 11
SP - 294
EP - 300
JO - IET Information Security
JF - IET Information Security
IS - 5
ER -