http://iet.metastore.ingenta.com
1887

Migrating from RBAC to temporal RBAC

Migrating from RBAC to temporal RBAC

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.

References

    1. 1)
      • R.S. Sandhu , E.J. Coyne , H.L. Feinstein .
        1. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., et al: ‘Role-based access control models’, IEEE Comput., 1996, 29, (2), pp. 3847.
        . IEEE Comput. , 2 , 38 - 47
    2. 2)
      • E.J. Coyne .
        2. Coyne, E.J.: ‘Role engineering’. Proc. of 1st ACM Workshop on Role-Based Access Control, 1995, pp. 1516.
        . Proc. of 1st ACM Workshop on Role-Based Access Control , 15 - 16
    3. 3)
      • M. Narouei , H. Takabi .
        3. Narouei, M., Takabi, H.: ‘Towards an automatic top-down role engineering approach using natural language processing techniques’. Proc. of 20th ACM Symp. on Access Control Models and Technologies, 2015, pp. 157160.
        . Proc. of 20th ACM Symp. on Access Control Models and Technologies , 157 - 160
    4. 4)
      • G. Neumann , M. Strembeck .
        4. Neumann, G., Strembeck, M.: ‘A scenario-driven role engineering process for functional RBAC roles’. Proc. of 7th ACM Symp. on Access Control Models and Technologies, 2002, pp. 3342.
        . Proc. of 7th ACM Symp. on Access Control Models and Technologies , 33 - 42
    5. 5)
      • H. Roeckle , G. Schimpf , R. Weidinger .
        5. Roeckle, H., Schimpf, G., Weidinger, R.: ‘Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization’. Proc. of 5th ACM Workshop on Role-Based Access Control, 2000, pp. 103110.
        . Proc. of 5th ACM Workshop on Role-Based Access Control , 103 - 110
    6. 6)
      • M. Strembeck .
        6. Strembeck, M.: ‘Scenario-driven role engineering’, IEEE Secur. Privacy, 2010, 8, (1), pp. 2835.
        . IEEE Secur. Privacy , 1 , 28 - 35
    7. 7)
      • M. Frank , J.M. Buhmann , D. Basin .
        7. Frank, M., Buhmann, J.M., Basin, D.: ‘Role mining with probabilistic models’, ACM Trans. Inf. Syst. Secur., 2013, 15, (4), pp. 128.
        . ACM Trans. Inf. Syst. Secur. , 4 , 1 - 28
    8. 8)
      • I. Molloy , H. Chen , T. Li .
        8. Molloy, I., Chen, H., Li, T., et al: ‘Mining roles with multiple objectives’, ACM Trans. Inf. Syst. Secur., 2010, 13, (4), pp. 36:136:35.
        . ACM Trans. Inf. Syst. Secur. , 4 , 36:1 - 36:35
    9. 9)
      • J. Vaidya , V. Atluri , Q. Guo .
        9. Vaidya, J., Atluri, V., Guo, Q.: ‘The role mining problem: a formal perspective’, ACM Trans. Inf. Syst. Secur., 2010, 13, (3), pp. 27:127:31.
        . ACM Trans. Inf. Syst. Secur. , 3 , 27:1 - 27:31
    10. 10)
      • C. Blundo , S. Cimato .
        10. Blundo, C., Cimato, S.: ‘A simple role mining algorithm’. Proc. of 25th ACM Symp. on Applied Computing, 2010, pp. 19581962.
        . Proc. of 25th ACM Symp. on Applied Computing , 1958 - 1962
    11. 11)
      • J. Vaidya , V. Atluri , Q. Guo .
        11. Vaidya, J., Atluri, V., Guo, Q., et al: ‘Edge-RMP: Minimizing administrative assignments for role-based access control’, J. Comput. Secur., 2009, 17, (2), pp. 211235.
        . J. Comput. Secur. , 2 , 211 - 235
    12. 12)
      • H. Lu , Y. Hong , Y. Yang .
        12. Lu, H., Hong, Y., Yang, Y., et al: ‘Towards user-oriented RBAC model’, J. Comput. Secur., 2015, 23, (1), pp. 107129.
        . J. Comput. Secur. , 1 , 107 - 129
    13. 13)
      • D. Zhang , K. Ramamohanarao , T. Ebringer .
        13. Zhang, D., Ramamohanarao, K., Ebringer, T.: ‘Role engineering using graph optimisation’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2007, pp. 139144.
        . Proc. of 14th ACM Symp. on Access Control Models and Technologies , 139 - 144
    14. 14)
      • P. Harika , M. Nagajyothi , J.C. John .
        14. Harika, P., Nagajyothi, M., John, J.C., et al: ‘Meeting cardinality constraints in role mining’, IEEE Trans. Dependable Secur. Comput., 2015, 12, (1), pp. 7184.
        . IEEE Trans. Dependable Secur. Comput. , 1 , 71 - 84
    15. 15)
      • J. Hu , K.M. Khan , Y. Bai .
        15. Hu, J., Khan, K.M., Bai, Y., et al: ‘Constraint-enhanced role engineering via answer set programming’. Proc. of 7th ACM Symp. on Information, Computer and Communications Security, 2012, pp. 7374.
        . Proc. of 7th ACM Symp. on Information, Computer and Communications Security , 73 - 74
    16. 16)
      • P. Sarana , A. Roy , S. Sural .
        16. Sarana, P., Roy, A., Sural, S., et al: ‘Role mining in the presence of separation of duty constraints’. Proc. of 11th Int. Conf. on Information Systems Security, 2015, pp. 98117.
        . Proc. of 11th Int. Conf. on Information Systems Security , 98 - 117
    17. 17)
      • C. Blundo , S. Cimato .
        17. Blundo, C., Cimato, S.: ‘Constrained role mining’. Proc. of 8th Int. Workshop on Security and Trust Management, 2012, pp. 289304.
        . Proc. of 8th Int. Workshop on Security and Trust Management , 289 - 304
    18. 18)
      • J. Vaidya , V. Atluri , J. Warner .
        18. Vaidya, J., Atluri, V., Warner, J., et al: ‘Role engineering via prioritized subset enumeration’, IEEE Trans. Dependable Secur. Comput., 2010, 7, (3), pp. 300314.
        . IEEE Trans. Dependable Secur. Comput. , 3 , 300 - 314
    19. 19)
      • W. Zhang , Y. Chen , C. Gunter .
        19. Zhang, W., Chen, Y., Gunter, C., et al: ‘Evolving role definitions through permission invocation patterns’. Proc. of 18th ACM Symp. on Access Control Models and Technologies, 2013, pp. 3748.
        . Proc. of 18th ACM Symp. on Access Control Models and Technologies , 37 - 48
    20. 20)
      • A. Ene , W. Horne , N. Milosavljevic .
        20. Ene, A., Horne, W., Milosavljevic, N., et al: ‘Fast exact and heuristic methods for role minimization problems’. Proc. of 13th ACM Symp. on Access Control Models and Technologies, 2008, pp. 110.
        . Proc. of 13th ACM Symp. on Access Control Models and Technologies , 1 - 10
    21. 21)
      • H. Huang , F. Shang , J. Liu .
        21. Huang, H., Shang, F., Liu, J., et al: ‘Handling least privilege problem and role mining in RBAC’, J. Comb. Optim., 2013, 30, (1), pp. 6386.
        . J. Comb. Optim. , 1 , 63 - 86
    22. 22)
      • H. Lu , J. Vaidya , V. Atluri .
        22. Lu, H., Vaidya, J., Atluri, V.: ‘Optimal Boolean matrix decomposition: application to role engineering’. Proc. of 24th IEEE Int. Conf. on Data Engineering, 2008, pp. 297306.
        . Proc. of 24th IEEE Int. Conf. on Data Engineering , 297 - 306
    23. 23)
      • H. Lu , J. Vaidya , V. Atluri .
        23. Lu, H., Vaidya, J., Atluri, V.: ‘An optimization framework for role mining’, J. Comput. Secur., 2014, 22, (1), pp. 131.
        . J. Comput. Secur. , 1 , 1 - 31
    24. 24)
      • B. Mitra , S. Sural , J. Vaidya .
        24. Mitra, B., Sural, S., Vaidya, J., et al: ‘A survey of role mining’, ACM Comput. Surv. (CSUR), 2016, 48, (4), p. 50.
        . ACM Comput. Surv. (CSUR) , 4 , 50
    25. 25)
      • E. Bertino , P.A. Bonatti , E. Ferrari .
        25. Bertino, E., Bonatti, P.A., Ferrari, E.: ‘TRBAC: a temporal role-based access control model’, ACM Trans. Inf. Syst. Secur., 2001, 4, (3), pp. 191233.
        . ACM Trans. Inf. Syst. Secur. , 3 , 191 - 233
    26. 26)
      • B. Mitra , S. Sural , V. Atluri .
        26. Mitra, B., Sural, S., Atluri, V., et al: ‘Toward mining of temporal roles’. Proc. of 27th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy, 2013, pp. 6580.
        . Proc. of 27th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy , 65 - 80
    27. 27)
      • B. Mitra , S. Sural , V. Atluri .
        27. Mitra, B., Sural, S., Atluri, V., et al: ‘The generalized temporal role mining problem’, J. Comput. Secur., 2015, 23, (1), pp. 3158.
        . J. Comput. Secur. , 1 , 31 - 58
    28. 28)
      • B. Mitra , S. Sural , J. Vaidya .
        28. Mitra, B., Sural, S., Vaidya, J., et al: ‘Mining temporal roles using many-valued concepts’, Comput. Secur., 2016, 60, pp. 7994.
        . Comput. Secur. , 79 - 94
    29. 29)
      • I. Molloy , N. Li , T. Li .
        29. Molloy, I., Li, N., Li, T., et al: ‘Evaluating role mining algorithms’. Proc. of 14th ACM Symp. on Access Control Models and Technologies, 2009, pp. 95104.
        . Proc. of 14th ACM Symp. on Access Control Models and Technologies , 95 - 104
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2016.0258
Loading

Related content

content/journals/10.1049/iet-ifs.2016.0258
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address