%0 Conference Proceedings
%T An Optimization Model for the Extended Role Mining Problem
%+ Rutgers University [Camden]
%A Uzun, Emre
%A Atluri, Vijayalakshmi
%A Lu, Haibing
%A Vaidya, Jaideep
%Z Part 4: Access Control II
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 23th Data and Applications Security (DBSec)
%C Richmond, VA, United States
%Y Yingjiu Li
%I Springer
%3 Data and Applications Security and Privacy XXV
%V LNCS-6818
%P 76-89
%8 2011-07-11
%D 2011
%R 10.1007/978-3-642-22348-8_8
%Z Computer Science [cs]Conference papers
%X The primary purpose of Role Mining is to effectively determine the roles in an enterprise using the permissions that have already been assigned to the users. If this permission assignment is viewed as a 0-1 matrix, then Role Mining aims to decompose this matrix into two matrices which represent user-role and role-permission assignments. This decomposition is known as Boolean Matrix Decomposition (BMD). In this paper, we use an Extended BMD (EBMD) to consider separation of duty constraints (SOD) and exceptions, that are common to any security system, in the role mining process. Essentially, in EBMD, we introduce negative assignments. An additional benefit of allowing negative assignments in roles is that, a less number of roles can be used to reconstruct the same given user-permission assignments. We introduce Extended Role Mining Problem and its variants and present their optimization models. We also propose a heuristic algorithm that is capable of utilizing these models to find good decompositions.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01586595/document
%2 https://inria.hal.science/hal-01586595/file/978-3-642-22348-8_8_Chapter.pdf
%L hal-01586595
%U https://inria.hal.science/hal-01586595
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-6818