Migrating from RBAC to temporal RBAC

Barsha Mitra; Shamik Sural; Jaideep Vaidya; Vijayalakshmi Atluri

doi:10.1049/iet-ifs.2016.0258

Migrating from RBAC to temporal RBAC

Barsha Mitra, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Rutgers Business School, Management & Information Systems

Research output: Contribution to journal › Article

12 Scopus citations

Abstract

The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

Original language	English (US)
Pages (from-to)	294-300
Number of pages	7
Journal	IET Information Security
Volume	11
Issue number	5
DOIs	https://doi.org/10.1049/iet-ifs.2016.0258
State	Published - Sep 1 2017

All Science Journal Classification (ASJC) codes

Software
Information Systems
Computer Networks and Communications

Access to Document

10.1049/iet-ifs.2016.0258

Fingerprint Dive into the research topics of 'Migrating from RBAC to temporal RBAC'. Together they form a unique fingerprint.

Cite this

Mitra, B., Sural, S., Vaidya, J., & Atluri, V. (2017). Migrating from RBAC to temporal RBAC. IET Information Security, 11(5), 294-300. https://doi.org/10.1049/iet-ifs.2016.0258

@article{f4f02deaf0314c5a83cb5aad2b1cd8c5,

title = "Migrating from RBAC to temporal RBAC",

abstract = "The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.",

author = "Barsha Mitra and Shamik Sural and Jaideep Vaidya and Vijayalakshmi Atluri",

year = "2017",

month = sep,

day = "1",

doi = "10.1049/iet-ifs.2016.0258",

language = "English (US)",

volume = "11",

pages = "294--300",

journal = "IET Information Security",

issn = "1751-8709",

publisher = "Institution of Engineering and Technology",

number = "5",

}

TY - JOUR

T1 - Migrating from RBAC to temporal RBAC

AU - Mitra, Barsha

AU - Sural, Shamik

AU - Vaidya, Jaideep

AU - Atluri, Vijayalakshmi

PY - 2017/9/1

Y1 - 2017/9/1

N2 - The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

AB - The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

UR - http://www.scopus.com/inward/record.url?scp=85027489569&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85027489569&partnerID=8YFLogxK

U2 - 10.1049/iet-ifs.2016.0258

DO - 10.1049/iet-ifs.2016.0258

M3 - Article

AN - SCOPUS:85027489569

VL - 11

SP - 294

EP - 300

JO - IET Information Security

JF - IET Information Security

SN - 1751-8709

IS - 5

ER -