Mining hierarchical temporal roles with multiple metrics

Scott D. Stoller; Thang Bui

doi:10.1007/978-3-319-41483-6_6

Mining hierarchical temporal roles with multiple metrics

Scott D. Stoller
, Thang Bui

Computer Science

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

Temporal role-based access control (TRBAC) extends rolebased access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric.We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at their goal of minimizing the number of roles.

Original language	English
Title of host publication	Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings
Editors	Silvio Ranise, Vipin Swarup
Publisher	Springer Verlag
Pages	79-95
Number of pages	17
ISBN (Print)	9783319414829
DOIs	https://doi.org/10.1007/978-3-319-41483-6_6
State	Published - 2016
Event	30th IFIP WG 11.3 Conference on Data and Applications Security, DBSec 2016 - Trento, Italy Duration: Jul 18 2016 → Jul 20 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9766
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	30th IFIP WG 11.3 Conference on Data and Applications Security, DBSec 2016
Country/Territory	Italy
City	Trento
Period	07/18/16 → 07/20/16

Access to Document

10.1007/978-3-319-41483-6_6

Cite this

Stoller, S. D., & Bui, T. (2016). Mining hierarchical temporal roles with multiple metrics. In S. Ranise, & V. Swarup (Eds.), Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings (pp. 79-95). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9766). Springer Verlag. https://doi.org/10.1007/978-3-319-41483-6_6

Stoller, Scott D. ; Bui, Thang. / Mining hierarchical temporal roles with multiple metrics. Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings. editor / Silvio Ranise ; Vipin Swarup. Springer Verlag, 2016. pp. 79-95 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{690a71527c0a41598e9707df0f63610a,

title = "Mining hierarchical temporal roles with multiple metrics",

abstract = "Temporal role-based access control (TRBAC) extends rolebased access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric.We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at their goal of minimizing the number of roles.",

author = "Stoller, \{Scott D.\} and Thang Bui",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2016.; 30th IFIP WG 11.3 Conference on Data and Applications Security, DBSec 2016 ; Conference date: 18-07-2016 Through 20-07-2016",

year = "2016",

doi = "10.1007/978-3-319-41483-6\_6",

language = "English",

isbn = "9783319414829",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "79--95",

editor = "Silvio Ranise and Vipin Swarup",

booktitle = "Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings",

}

Stoller, SD & Bui, T 2016, Mining hierarchical temporal roles with multiple metrics. in S Ranise & V Swarup (eds), Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9766, Springer Verlag, pp. 79-95, 30th IFIP WG 11.3 Conference on Data and Applications Security, DBSec 2016, Trento, Italy, 07/18/16. https://doi.org/10.1007/978-3-319-41483-6_6

Mining hierarchical temporal roles with multiple metrics. / Stoller, Scott D.; Bui, Thang.
Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings. ed. / Silvio Ranise; Vipin Swarup. Springer Verlag, 2016. p. 79-95 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9766).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mining hierarchical temporal roles with multiple metrics

AU - Stoller, Scott D.

AU - Bui, Thang

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2016.

PY - 2016

Y1 - 2016

N2 - Temporal role-based access control (TRBAC) extends rolebased access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric.We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at their goal of minimizing the number of roles.

AB - Temporal role-based access control (TRBAC) extends rolebased access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric.We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at their goal of minimizing the number of roles.

UR - https://www.scopus.com/pages/publications/84979498046

U2 - 10.1007/978-3-319-41483-6_6

DO - 10.1007/978-3-319-41483-6_6

M3 - Conference contribution

AN - SCOPUS:84979498046

SN - 9783319414829

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 79

EP - 95

BT - Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings

A2 - Ranise, Silvio

A2 - Swarup, Vipin

PB - Springer Verlag

T2 - 30th IFIP WG 11.3 Conference on Data and Applications Security, DBSec 2016

Y2 - 18 July 2016 through 20 July 2016

ER -

Stoller SD, Bui T. Mining hierarchical temporal roles with multiple metrics. In Ranise S, Swarup V, editors, Data and Applications Security and Privacy - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings. Springer Verlag. 2016. p. 79-95. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-41483-6_6

Mining hierarchical temporal roles with multiple metrics

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this