access icon free Migrating from RBAC to temporal RBAC

The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

Inspec keywords: authorisation; data mining

Other keywords: temporal RBAC; temporal role mining; role-based access control; TRBAC; migration process

Subjects: Knowledge engineering techniques; Data security

References

    1. 1)
      • 6. Strembeck, M.: ‘Scenario-driven role engineering’, IEEE Secur. Privacy, 2010, 8, (1), pp. 2835.
    2. 2)
      • 1. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., et al: ‘Role-based access control models’, IEEE Comput., 1996, 29, (2), pp. 3847.
    3. 3)
      • 17. Blundo, C., Cimato, S.: ‘Constrained role mining’. Proc. of 8th Int. Workshop on Security and Trust Management, 2012, pp. 289304.
    4. 4)
      • 25. Bertino, E., Bonatti, P.A., Ferrari, E.: ‘TRBAC: a temporal role-based access control model’, ACM Trans. Inf. Syst. Secur., 2001, 4, (3), pp. 191233.
    5. 5)
      • 19. Zhang, W., Chen, Y., Gunter, C., et al: ‘Evolving role definitions through permission invocation patterns’. Proc. of 18th ACM Symp. on Access Control Models and Technologies, 2013, pp. 3748.
    6. 6)
      • 29. Molloy, I., Li, N., Li, T., et al: ‘Evaluating role mining algorithms’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2009, pp. 95104.
    7. 7)
      • 22. Lu, H., Vaidya, J., Atluri, V.: ‘Optimal Boolean matrix decomposition: application to role engineering’. Proc. of 24th IEEE Int. Conf. on Data Engineering, 2008, pp. 297306.
    8. 8)
      • 14. Harika, P., Nagajyothi, M., John, J.C., et al: ‘Meeting cardinality constraints in role mining’, IEEE Trans. Dependable Secur. Comput., 2015, 12, (1), pp. 7184.
    9. 9)
      • 15. Hu, J., Khan, K.M., Bai, Y., et al: ‘Constraint-enhanced role engineering via answer set programming’. Proc. of 7th ACM Symp. on Information, Computer and Communications Security, 2012, pp. 7374.
    10. 10)
      • 16. Sarana, P., Roy, A., Sural, S., et al: ‘Role mining in the presence of separation of duty constraints’. Proc. of 11th Int. Conf. on Information Systems Security, 2015, pp. 98117.
    11. 11)
      • 11. Vaidya, J., Atluri, V., Guo, Q., et al: ‘Edge-RMP: Minimizing administrative assignments for role-based access control’, J. Comput. Secur., 2009, 17, (2), pp. 211235.
    12. 12)
      • 24. Mitra, B., Sural, S., Vaidya, J., et al: ‘A survey of role mining’, ACM Comput. Surv. (CSUR), 2016, 48, (4), p. 50.
    13. 13)
      • 20. Ene, A., Horne, W., Milosavljevic, N., et al: ‘Fast exact and heuristic methods for role minimization problems’. Proc. of 13th ACM Symp. on Access Control Models and Technologies, 2008, pp. 110.
    14. 14)
      • 2. Coyne, E.J.: ‘Role engineering’. Proc. of 1st ACM Workshop on Role-Based Access Control, 1995, pp. 1516.
    15. 15)
      • 7. Frank, M., Buhmann, J.M., Basin, D.: ‘Role mining with probabilistic models’, ACM Trans. Inf. Syst. Secur., 2013, 15, (4), pp. 128.
    16. 16)
      • 27. Mitra, B., Sural, S., Atluri, V., et al: ‘The generalized temporal role mining problem’, J. Comput. Secur., 2015, 23, (1), pp. 3158.
    17. 17)
      • 21. Huang, H., Shang, F., Liu, J., et al: ‘Handling least privilege problem and role mining in RBAC’, J. Comb. Optim., 2013, 30, (1), pp. 6386.
    18. 18)
      • 18. Vaidya, J., Atluri, V., Warner, J., et al: ‘Role engineering via prioritized subset enumeration’, IEEE Trans. Dependable Secur. Comput., 2010, 7, (3), pp. 300314.
    19. 19)
      • 12. Lu, H., Hong, Y., Yang, Y., et al: ‘Towards user-oriented RBAC model’, J. Comput. Secur., 2015, 23, (1), pp. 107129.
    20. 20)
      • 9. Vaidya, J., Atluri, V., Guo, Q.: ‘The role mining problem: a formal perspective’, ACM Trans. Inf. Syst. Secur., 2010, 13, (3), pp. 27:127:31.
    21. 21)
      • 3. Narouei, M., Takabi, H.: ‘Towards an automatic top-down role engineering approach using natural language processing techniques’. Proc. of 20th ACM Symp. on Access Control Models and Technologies, 2015, pp. 157160.
    22. 22)
      • 13. Zhang, D., Ramamohanarao, K., Ebringer, T.: ‘Role engineering using graph optimisation’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2007, pp. 139144.
    23. 23)
      • 5. Roeckle, H., Schimpf, G., Weidinger, R.: ‘Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization’. Proc. of 5th ACM Workshop on Role-Based Access Control, 2000, pp. 103110.
    24. 24)
      • 23. Lu, H., Vaidya, J., Atluri, V.: ‘An optimization framework for role mining’, J. Comput. Secur., 2014, 22, (1), pp. 131.
    25. 25)
      • 4. Neumann, G., Strembeck, M.: ‘A scenario-driven role engineering process for functional RBAC roles’. Proc. of 7th ACM Symp. on Access Control Models and Technologies, 2002, pp. 3342.
    26. 26)
      • 8. Molloy, I., Chen, H., Li, T., et al: ‘Mining roles with multiple objectives’, ACM Trans. Inf. Syst. Secur., 2010, 13, (4), pp. 36:136:35.
    27. 27)
      • 10. Blundo, C., Cimato, S.: ‘A simple role mining algorithm’. Proc. of 25th ACM Symp. on Applied Computing, 2010, pp. 19581962.
    28. 28)
      • 26. Mitra, B., Sural, S., Atluri, V., et al: ‘Toward mining of temporal roles’. Proc. of 27th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy, 2013, pp. 6580.
    29. 29)
      • 28. Mitra, B., Sural, S., Vaidya, J., et al: ‘Mining temporal roles using many-valued concepts’, Comput. Secur., 2016, 60, pp. 7994.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2016.0258
Loading

Related content

content/journals/10.1049/iet-ifs.2016.0258
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading