research-article

Evaluating role mining algorithms

Authors:

Jorge LoboAuthors Info & Claims

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

Pages 95 - 104

https://doi.org/10.1145/1542207.1542224

Published: 03 June 2009 Publication History

Abstract

While many role mining algorithms have been proposed in recent years, there lacks a comprehensive study to compare these algorithms. These role mining algorithms have been evaluated when they were proposed, but the evaluations were using different datasets and evaluation criteria. In this paper, we introduce a comprehensive framework for evaluating role mining algorithms. We categorize role mining algorithms into two classes based on their outputs; Class 1 algorithms output a sequence of prioritized roles while Class 2 algorithms output complete RBAC states. We then develop techniques that enable us to compare these algorithms directly. We also introduce a new role mining algorithm and two new ways for algorithmically generating datasets for evaluation. Using synthetic as well as real datasets, we compared nine role mining algorithms. Our results illustrate the strengths and weaknesses of these algorithms.

References

[1]

A. Colantonio, R. D. Pietro, and A. Ocello. A cost-driven approach to role engineering. In Proceedings of the 2008 ACM Symposium on Applied Computing (SAC), 2008.

Digital Library

[2]

E. J. Coyne. Role engineering. In Proc. ACM Workshop on Role-Based Access Control (RBAC), 1995.

Digital Library

[3]

A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. Fast exact and heuristic methods for role minimization problems. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2008.

Digital Library

[4]

M. Frank, D. Basin, and J. M. Buhmann. A class of probabilistic models for role engineering. In Proc. ACM Conference on Computer and Communications Security (CCS), 2008.

Digital Library

[5]

J. Han, J. Pei, and Y. Yin. Mining frequent patterns without candidate generation. In Proc. ACM International Conference on Management of Data (SIGMOD), 2000.

Digital Library

[6]

A. Kern, A. Schaad, and J. Moffett. An administration concept for the enterprise role-based access control model. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), June 2003.

Digital Library

[7]

M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2003.

Digital Library

[8]

H. Lu, J. Vaidya, and V. Atluri. Optimal boolean matrix decomposition: Application to role engineering. In Proc. International Conference on Data Engineering (ICDE), 2008.

Digital Library

[9]

I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with semantic meanings. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2008.

Digital Library

[10]

I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. Mining roles with multiple objectives. In Review.

[11]

G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2002.

Digital Library

[12]

H. Roeckle, G. Schimpf, and R. Weidinger. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proc. ACM Workshop on Role-Based Access Control (RBAC), 2000.

Digital Library

[13]

J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1975.

[14]

J. Schlegelmilch and U. Steffens. Role mining with ORCA. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2005.

Digital Library

[15]

D. Shin, G.-J. Ahn, S. Cho, and S. Jin. On modeling system-centric information for role engineering. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2003.

Digital Library

[16]

S. D. Stoller, P. Yang, C. R. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control, Oct. 2007.

[17]

J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: Finding a minimal descriptive set of roles. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2007.

Digital Library

[18]

J. Vaidya, V. Atluri, Q. Guo, and N. Adam. Migrating to optimal RBAC with minimal perturbation. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2008.

Digital Library

[19]

J. Vaidya, V. Atluri, and J. Warner. RoleMiner: Mining roles using subset enumeration. In Proc. ACM Conference on Computer and Communications Security (CCS), New York, NY, USA, 2006.

Digital Library

[20]

D. Zhang, K. Ramamohanarao, and T. Ebringer. Role engineering using graph optimisation. In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2007.

Digital Library

Cited By

Crampton JEiben EGutin GKarapetyan DMajumdar D(2024)Bi-objective Optimization in Role MiningACM Transactions on Privacy and Security10.1145/369783328:1(1-22)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3697833
Anderer SKempter TScheuermann BMostaghim S(2023)Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary AlgorithmsSN Computer Science10.1007/s42979-023-01805-14:4Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1007/s42979-023-01805-1
Anderer SScheuermann BMostaghim S(2023)Evolutionary Optimization of Roles for Access Control in Enterprise Resource Planning SystemsComputational Intelligence10.1007/978-3-031-46221-4_1(1-23)Online publication date: 3-Nov-2023
https://doi.org/10.1007/978-3-031-46221-4_1
Show More Cited By

Index Terms

Evaluating role mining algorithms
1. Information systems
  1. Information systems applications
    1. Data mining
2. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

On the definition of role mining
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

There have been many approaches proposed for role mining. However, the problems solved often differ due to a lack of consensus on the formal definition of the role mining problem. In this paper, we provide a detailed analysis of the requirements for ...
The role mining problem: finding a minimal descriptive set of roles
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role based access control. A key problem related to this is the notion of goodness/interestingness -- when is a role good/...
Research on Role Mining Algorithms in RBAC
HPCCT '18: Proceedings of the 2018 2nd High Performance Computing and Cluster Technologies Conference

While role mining algorithms have been proposed in recent years, but there still lacks a more comprehensive study to compare and analyze these algorithms. These role mining algorithms have been evaluated when they were proposed, but different datasets ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

June 2009

258 pages

ISBN:9781605585376

DOI:10.1145/1542207

General Chair:
Barbara Carminati
University of Insubria, Italy
,
Program Chair:
James Joshi
University of Pittsburgh, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '09

Sponsor:

SACMAT '09: 14th ACM Symposium on Access Control Models and Technologies

June 3 - 5, 2009

Stresa, Italy

Acceptance Rates

SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

95
Total Citations
View Citations
961
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)5

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Crampton JEiben EGutin GKarapetyan DMajumdar D(2024)Bi-objective Optimization in Role MiningACM Transactions on Privacy and Security10.1145/369783328:1(1-22)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3697833
Anderer SKempter TScheuermann BMostaghim S(2023)Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary AlgorithmsSN Computer Science10.1007/s42979-023-01805-14:4Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1007/s42979-023-01805-1
Anderer SScheuermann BMostaghim S(2023)Evolutionary Optimization of Roles for Access Control in Enterprise Resource Planning SystemsComputational Intelligence10.1007/978-3-031-46221-4_1(1-23)Online publication date: 3-Nov-2023
https://doi.org/10.1007/978-3-031-46221-4_1
Marette TMiettinen PNeumann S(2023)Visualizing Overlapping Biclusterings and Boolean Matrix FactorizationsMachine Learning and Knowledge Discovery in Databases: Research Track10.1007/978-3-031-43412-9_44(743-758)Online publication date: 17-Sep-2023
https://doi.org/10.1007/978-3-031-43412-9_44
Liu YLi YLin SArtho CRyu SSmaragdakis Y(2022)Finding permission bugs in smart contracts with role miningProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534372(716-727)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534372
Parkinson SKhan S(2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
https://dl.acm.org/doi/10.1145/3533703
Guo QTripunitara MDietrich SChowdhury OTakabi D(2022)The Secrecy Resilience of Access Control Policies and Its Application to Role MiningProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535030(115-126)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535030
Drakopoulos GMylonas P(2022)A Genetic Algorithm For Boolean Semiring Matrix Factorization With Applications To Graph Mining2022 IEEE International Conference on Big Data (Big Data)10.1109/BigData55660.2022.10020828(3864-3870)Online publication date: 17-Dec-2022
https://doi.org/10.1109/BigData55660.2022.10020828
Blundo CCimato SSiniscalchi L(2022)Heuristics for constrained role mining in the post-processing frameworkJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03648-114:8(9925-9937)Online publication date: 25-Jan-2022
https://doi.org/10.1007/s12652-021-03648-1
Anderer SSchrader FScheuermann BMostaghim S(2022)Evolutionary Algorithms for the Constrained Two-Level Role Mining ProblemEvolutionary Computation in Combinatorial Optimization10.1007/978-3-031-04148-8_6(79-94)Online publication date: 4-Apr-2022
https://doi.org/10.1007/978-3-031-04148-8_6
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents