Mining purpose-based authorization strategies in database system

Abstract

With the development of computer and communication technology, access control of the resources in databases has become an issue focused by both consumers and enterprises. Moreover, the new concept of purpose-based authorization strategies is widely used instead of the traditional one of rolebased strategies. The way of acquiring the optimal authorization strategies is an important problem. In this paper, an approach of mining authorization strategies based on purpose in database system is proposed. For obtaining the optimal authorization strategies of the resources in databases for supporting various purposes, an algorithm of clustering purposes is designed, which is based on the inclusion relationship among resources required by the purposes. The resultant purpose hierarchy is used for guiding the initial authorization strategies. The approach provides valuable insights into the authorization strategies of database system and delivers a validation and reinforcement of initial strategies, which is helpful to the database administration. The approach can be used not only in database system, but also in any access control system such as enterprise MIS or web service composing system. Theories and experiments show that this mining approach is more effective and efficient. © Springer-Verlag Berlin Heidelberg 2007.