Hybrid Role Mining for Security Service Solution | IEEE Conference Publication | IEEE Xplore

Hybrid Role Mining for Security Service Solution


Abstract:

IT services delivery is a complex ecosystem that engages 100000s of system administrators in service delivery centers globally managing 1000s of IT systems on behalf of c...Show More

Abstract:

IT services delivery is a complex ecosystem that engages 100000s of system administrators in service delivery centers globally managing 1000s of IT systems on behalf of customers. Such large-scale hosting environments require a flexible identity management system to provision necessary access rights, in order to ensure compliance posture of an organization. A popular and effective access control scheme is Role Based Access Control (RBAC). Ideally, a role should correspond to a business function performed within an enterprise. Several role mining algorithms have been proposed which attempt to automate the process of role discovery. In this paper, we represent the user-permission assignments as a bi-partite graph with users/permissions as vertices and user-permission assignments as edges. Given a user-permission bi-partite graph, most role mining algorithms focus on discovering roles that cover all the user-permission assignments. We show that by relaxing the coverage requirement, one can improve the accuracy of role detection. We propose a parameterized definition of a role based on graph theoretical properties, and demonstrate that the role parameters can be controlled to balance the accuracy and coverage of the roles detected. Finally, we propose a heuristic to illustrate the efficacy of our approach and validate it on real and artificial organizational access control data.
Date of Conference: 24-29 June 2012
Date Added to IEEE Xplore: 23 August 2012
ISBN Information:
Conference Location: Honolulu, HI, USA

References

References is not available for this document.