Mining temporal roles using many-valued concepts

Barsha Mitra, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Research output: Contribution to journalArticlepeer-review

14 Scopus citations

Abstract

Many of today's access control policies are associated with temporal restrictions. Under temporal role-based access control (TRBAC), roles have an associated temporal component, which allows them to better encapsulate such temporal access control policies. However, given their complexity, TRBAC systems can only be well managed if the set of roles is correctly defined. The process of deriving an optimal set of such roles is known as temporal role mining. In this paper, we formally define the temporal role mining problem (TRMP) in the form of a matrix decomposition problem, by introducing a new operator that multiplies a set with a Boolean value and redefining existing matrix multiplication operations in terms of it. We also define a new metric for temporal role mining, called cumulative overhead of temporal roles and permissions (CO-TRAP), which takes into consideration the administrative effort required for managing the resulting TRBAC system. Since TRMP as well as minimization of CO-TRAP are NP-complete problems, we propose two greedy algorithms based on many-valued concepts. Experimental evaluation on a number of real-world datasets shows that the proposed approach is both efficient and effective.

Original languageEnglish (US)
Pages (from-to)79-94
Number of pages16
JournalComputers and Security
Volume60
DOIs
StatePublished - Jul 1 2016

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Keywords

  • Access control
  • Many-valued concept
  • Matrix decomposition
  • TRBAC
  • Temporal role mining

Fingerprint Dive into the research topics of 'Mining temporal roles using many-valued concepts'. Together they form a unique fingerprint.

Cite this