TY - GEN
T1 - The role mining problem
T2 - SACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
AU - Vaidya, Jaideep
AU - Atluri, Vijayalakshmi
AU - Guo, Qi
PY - 2007
Y1 - 2007
N2 - Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role based access control. A key problem related to this is the notion of goodness/interestingness - when is a role good/interesting? In this paper, we define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions. The main contribution of this paper is to formally define RMP, and analyze its theoretical bounds. In addition to the above basic RMP, we introduce two different variations of the RMP, called the -approx RMP and the Minimal Noise RMP that have pragmatic implications. We reduce the known "set basis problem" to RMP to show that RMP is an NP-complete problem. An important contribution of this paper is also to show the relation of the role mining problem to several problems already identified in the data mining and data analysis literature. By showing that the RMP is in essence reducible to these known problems, we can directly borrow the existing implementation solutions and guide further research in this direction.
AB - Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role based access control. A key problem related to this is the notion of goodness/interestingness - when is a role good/interesting? In this paper, we define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions. The main contribution of this paper is to formally define RMP, and analyze its theoretical bounds. In addition to the above basic RMP, we introduce two different variations of the RMP, called the -approx RMP and the Minimal Noise RMP that have pragmatic implications. We reduce the known "set basis problem" to RMP to show that RMP is an NP-complete problem. An important contribution of this paper is also to show the relation of the role mining problem to several problems already identified in the data mining and data analysis literature. By showing that the RMP is in essence reducible to these known problems, we can directly borrow the existing implementation solutions and guide further research in this direction.
KW - RBAC
KW - Role engineering
KW - Role mining
UR - http://www.scopus.com/inward/record.url?scp=34548052480&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548052480&partnerID=8YFLogxK
U2 - 10.1145/1266840.1266870
DO - 10.1145/1266840.1266870
M3 - Conference contribution
AN - SCOPUS:34548052480
SN - 1595937455
SN - 9781595937452
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 175
EP - 184
BT - SACMAT'07
Y2 - 20 June 2007 through 22 June 2007
ER -