Towards User-Oriented RBAC Model

Abstract : Role mining recently has attracted much attention from the role-based access control (RBAC) research community as it provides a machine-operated means of discovering roles from existing permission assignments. While there is a rich body of literature on role mining, we find that user experience/perception - one ultimate goal for any information system - is surprisingly ignored by the existing works. This work is the first to study role mining from the end-user perspective. Specifically, based on the observation that end-users prefer simple role assignments, we propose to incorporate to the role mining process a user-role assignment sparseness constraint that mandates the maximum number of roles each user can have. Under this rationale, we formulate user-oriented role mining as two specific problems: one is user-oriented exact role mining problem (RMP), which is obliged to completely reconstruct the given permission assignments, and the other is user-oriented approximate RMP, which tolerates a certain amount of deviation from the complete reconstruction. The extra sparseness constraint poses a great challenge to role mining, which in general is already a hard problem. We examine some typical existing role mining methods to see their applicability to our problems. In light of their insufficiency, we present a new algorithm, which is based on a novel dynamic candidate role generation strategy, tailored to our problems. Experiments on benchmark datasets demonstrate the effectiveness of our proposed algorithm.
Document type :
Conference papers
Complete list of metadatas
Contributor : Hal Ifip <>
Submitted on : Wednesday, March 15, 2017 - 5:16:24 PM
Last modification on : Thursday, March 16, 2017 - 9:24:24 AM
Long-term archiving on : Friday, June 16, 2017 - 3:07:41 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Haibing Lu, Yuan Hong, Yanjiang Yang, Lian Duan, Nazia Badar. Towards User-Oriented RBAC Model. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. pp.81-96, ⟨10.1007/978-3-642-39256-6_6⟩. ⟨hal-01490719⟩



Record views


Files downloads