Please use this identifier to cite or link to this item: http://hdl.handle.net/2307/3996
DC FieldValueLanguage
dc.contributor.advisorDi Pietro, Roberto-
dc.contributor.authorColantonio, Alessandro-
dc.date.accessioned2015-03-12T11:16:49Z-
dc.date.available2015-03-12T11:16:49Z-
dc.date.issued2011-05-10-
dc.identifier.urihttp://hdl.handle.net/2307/3996-
dc.description.abstractAccess control is currently one of the most important topics in ICT security. The main areas of research related to access control concern the identification of methodologies and models to ef-ficiently administer user entitlements. With the ever-increasing number of users and IT systems, organizations have to manage large numbers users’ permissions in an efficient manner. Role-based access control (RBAC) is the most widespread access control model. Yet, companies still find it difficult to adopt RBAC because of the complexity of identifying a suitable set of roles. Roles must accurately reflect functions and responsibilities of users in the organization. When hundreds or thousands of users have individual access permissions, adopting the best approach to engineer roles saves time and money, and protects data and systems. Among all role engi-neering approaches, searching legacy access control systems to find de facto roles embedded in existing permissions is attracting an increasing interest. Data mining techniques can be used to automatically propose candidate roles, leading to a class of tools and methodologies referred to as role mining. This thesis is devoted to role mining techniques that help security analysts and administrators maximize the benefits of adopting RBAC. To this aim, we consider the role mining problem from several viewpoints. First, we propose a cost-driven approach to identify candidate roles. This approach measures and evaluates cost advantages during the entire role-set definition pro-cess. This allows to easily integrate existing bottom-up approaches to role engineering with top-down information. Second, we provide a new formal framework to optimize role mining algo-rithms. Applying this framework to real data sets consistently reduces running time and often improves output quality. Another key problem that has not previously been adequately ad-dressed is how to automatically propose roles that have business meaning. To do this, we pro-vide a formal framework that leverages business information, such as business processes and organization structure, to implement role mining algorithms. Furthermore, we address the prob-lem of reducing the role mining complexity in RBAC systems by removing “noise” from data; i.e., permissions exceptionally or accidentally granted or denied. We propose a new methodolo-gy to elicit stable candidate roles, by contextually simplifying the role selection task. Finally, we address the problem of effectively managing the risk associated with granting access to re-sources. We propose a new divide-and-conquer approach to role mining that facilitates attrib-uting business meaning to automatically elicited roles and reduces the problem complexity. Each of the above results is rooted on a sound theoretical framework and supported by exten-sive experiments on real data.it_IT
dc.language.isoenit_IT
dc.publisherUniversità degli studi Roma Treit_IT
dc.titleRole mining techniques to improve RBAC administrationit_IT
dc.typeDoctoral Thesisit_IT
dc.subject.miurSettori Disciplinari MIUR::Scienze matematiche e informatiche::INFORMATICAit_IT
dc.subject.isicruiCategorie ISI-CRUI::Scienze matematiche e informatiche::Computer Science & Engineeringit_IT
dc.subject.anagraferoma3Scienze matematiche e informaticheit_IT
dc.rights.accessrightsinfo:eu-repo/semantics/openAccess-
dc.description.romatrecurrentDipartimento di Matematica*
item.grantfulltextrestricted-
item.languageiso639-1other-
item.fulltextWith Fulltext-
Appears in Collections:Dipartimento di Matematica e Fisica
T - Tesi di dottorato
Show simple item record Recommend this item

Page view(s)

119
Last Week
0
Last month
0
checked on Nov 22, 2024

Download(s)

53
checked on Nov 22, 2024

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.