Please use this identifier to cite or link to this item: http://hdl.handle.net/2307/3996
Title: Role mining techniques to improve RBAC administration
Authors: Colantonio, Alessandro
Advisor: Di Pietro, Roberto
Issue Date: 10-May-2011
Publisher: Università degli studi Roma Tre
Abstract: Access control is currently one of the most important topics in ICT security. The main areas of research related to access control concern the identification of methodologies and models to ef-ficiently administer user entitlements. With the ever-increasing number of users and IT systems, organizations have to manage large numbers users’ permissions in an efficient manner. Role-based access control (RBAC) is the most widespread access control model. Yet, companies still find it difficult to adopt RBAC because of the complexity of identifying a suitable set of roles. Roles must accurately reflect functions and responsibilities of users in the organization. When hundreds or thousands of users have individual access permissions, adopting the best approach to engineer roles saves time and money, and protects data and systems. Among all role engi-neering approaches, searching legacy access control systems to find de facto roles embedded in existing permissions is attracting an increasing interest. Data mining techniques can be used to automatically propose candidate roles, leading to a class of tools and methodologies referred to as role mining. This thesis is devoted to role mining techniques that help security analysts and administrators maximize the benefits of adopting RBAC. To this aim, we consider the role mining problem from several viewpoints. First, we propose a cost-driven approach to identify candidate roles. This approach measures and evaluates cost advantages during the entire role-set definition pro-cess. This allows to easily integrate existing bottom-up approaches to role engineering with top-down information. Second, we provide a new formal framework to optimize role mining algo-rithms. Applying this framework to real data sets consistently reduces running time and often improves output quality. Another key problem that has not previously been adequately ad-dressed is how to automatically propose roles that have business meaning. To do this, we pro-vide a formal framework that leverages business information, such as business processes and organization structure, to implement role mining algorithms. Furthermore, we address the prob-lem of reducing the role mining complexity in RBAC systems by removing “noise” from data; i.e., permissions exceptionally or accidentally granted or denied. We propose a new methodolo-gy to elicit stable candidate roles, by contextually simplifying the role selection task. Finally, we address the problem of effectively managing the risk associated with granting access to re-sources. We propose a new divide-and-conquer approach to role mining that facilitates attrib-uting business meaning to automatically elicited roles and reduces the problem complexity. Each of the above results is rooted on a sound theoretical framework and supported by exten-sive experiments on real data.
URI: http://hdl.handle.net/2307/3996
Access Rights: info:eu-repo/semantics/openAccess
Appears in Collections:Dipartimento di Matematica e Fisica
T - Tesi di dottorato

Show full item record Recommend this item

Page view(s)

119
Last Week
0
Last month
0
checked on Nov 22, 2024

Download(s)

53
checked on Nov 22, 2024

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.