Mining Hierarchical Temporal Roles with Multiple Metrics

Abstract : Temporal role-based access control (TRBAC) extends role-based access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric. We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at their goal of minimizing the number of roles.
Type de document :
Communication dans un congrès
Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.79-95, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_6〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01633674
Contributeur : Hal Ifip <>
Soumis le : lundi 13 novembre 2017 - 11:46:14
Dernière modification le : lundi 13 novembre 2017 - 11:48:29
Document(s) archivé(s) le : mercredi 14 février 2018 - 14:17:59

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Scott Stoller, Thang Bui. Mining Hierarchical Temporal Roles with Multiple Metrics. Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.79-95, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_6〉. 〈hal-01633674〉

Partager

Métriques

Consultations de la notice

8