Affiliation:
1. China University of Geosciences
Abstract
Role-based access control (RBAC) has been adopted widely by reducing the complexity of the management of access control. The least privilege principle is a very important constraint policy of RBAC. A key problem related to this is the notion of goodness/interestingness – when is a role good? Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. In this paper, to address this problem, we map this problem to a formal definition in mathematics – δ-approx least privilege mining (δ-approx LPM). We introduce a method named GABM to enforce LPM based on the generic algorithm. By GABM, the least privilege roles can be found out correctly. Our experiments display the effect of GABM. Finally, we conclude our work.
Publisher
Trans Tech Publications, Ltd.
Reference11 articles.
1. American National Standards Institute, Inc.: American National Stnadard for Inormation Technology-Role Based Access Control (ANSI INCITS359-2004), (2004).
2. E. Celikel, M. Kantarcioglu, B. Thuraisingham, E. Bertino, A risk management approach to RBAC, Risk and Decision Analysis 1 (2) (2009) 21–33.
3. J. Vaidya, V. Atluri, J. Warner, RoleMiner: mining roles using subset enumeration, in: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006, 144–153.
4. M. Kuhlmann, D. Shohat, G. Schimpf, Role mining – revealing business roles for security administration using data mining technology, in: ACM SACMAT, 2003, 179–186.
5. Timothy E. Levin, Cynthia E. Irvine and Thuy D. Nguyen. Least Privilege in Separation Kernels. Communications in Computer and Information Science, 2008, 9: 146-157.
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献