In this paper we address the problem of generating a candidate role-set for an RBAC configuration that enjoys the following two key features: it minimizes the administration cost; and, it is a stable candidate role-set. To achieve these goals, we implement a three steps methodology: first, we associate a weight to roles; second, we identify and remove the user-permission assignments that cannot belong to a role that have a weight exceeding a given threshold; third, we restrict the problem of finding a candidate role-set for the given system configuration using only the user-permission assignments that have not been removed in the second step-that is, user-permission assignments that belong to roles with a weight exceeding the given threshold. We formally show-proof of our results are rooted in graph theory-that this methodology achieves the intended goals. Finally, we discuss practical applications of our approach to the role mining problem. © IFIP International Federation for Information Processing 2009.
CITATION STYLE
Colantonio, A., Di Pietro, R., Ocello, A., & Verde, N. V. (2009). Mining stable roles in RBAC. In IFIP Advances in Information and Communication Technology (Vol. 297, pp. 259–269). Springer New York LLC. https://doi.org/10.1007/978-3-642-01244-0_23
Mendeley helps you to discover research relevant for your work.