Affiliation:
1. China University of Geosciences
Abstract
Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. A key problem is how to find such sets of roles which have the least permissions. However there are too few formalized descriptions and definitions on this problem. In order to provide a material object for researching the least privilege principle, we define the least privilege mining problem (LPMP) and its two variations: δ-approx LPMP and MinNoise LPMP. By showing formalized descriptions, we clarify clearly the methods of discovering least permissions. Correspondingly, we give two simple algorithms to implement the methods.
Publisher
Trans Tech Publications, Ltd.
Subject
Mechanical Engineering,Mechanics of Materials,General Materials Science
Reference9 articles.
1. American National Standards Institute, Inc.: American National Stnadard for Inormation Technology-Role Based Access Control (ANSI INCITS359-2004), (2004).
2. F.B. Schneider. Least privilege and more [computer security]. IEEE Security & Privacy, 2003, 1(5): 55-59.
3. Timothy E. Levin, Cynthia E. Irvine and Thuy D. Nguyen. Least Privilege in Separation Kernels. Communications in Computer and Information Science, 2008, 9: 146-157.
4. Jaideep Vaidya, Vijayalakshmi Atlur, Qi Guo. The role mining problem: finding a minimal descriptive set of roles. Proceedings of the 12th ACM symposium on Access control models and technologies, 2007, pp.175-184.
5. R. Simon, and M. Zurko. Separation of duty in role-based environments. In Proceedings of 10th IEEE Computer Security Foundations Workshop, 1997, pp.183-194.