Role Mining: Survey and Suggestion on Role Mining in Access Control | SpringerLink
Skip to main content
Springer Nature Link
Log in

Role Mining: Survey and Suggestion on Role Mining in Access Control

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1121))

Included in the following conference series:

  • 387 Accesses

Abstract

With the increasing attacks of Network, various security defense mechanisms especially access control mechanism have become research hot-spots, in which Role-Based Access Control (RBAC) as one of the most popular mechanisms has been applied in many fields. However, the booming of various applications and huge users result in the difficulty of defining roles in advance. Therefore, lots of research efforts are focusing on role mining, which has an important impact on improving the function and performance efficiency of RBAC. By investigating and analyzing the related literature in terms of role mining, the development status of role mining technology can be divided into two aspects: the research of extended elements of role mining system and the improvement of existing role mining algorithms. Therefore, this paper summarizes and compares the advantages and disadvantages of ten role mining mechanisms with the objective to find the optimal role mining method via comprehensive comparison, and gives appropriate suggestions. In order to evaluate the role mining more comprehensively, the evaluation metrics included in each role mining mechanism are defined. Finally, this paper analyzes the problems and challenges of role mining, and gives the suggestions for further development.

Supported in part by the National Basic Research Program of China (973) under Grant No. 2013CB329102, and in part by the Natural Science Foundation of China (NSFC) under Grant No. 61003283.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yan, W., Mestha, L.K., Abbaszadeh, M.: Attack detection for securing cyber physical systems. IEEE Internet Things J. 6(5), 8471–8481 (2019)

    Article  Google Scholar 

  2. Weinberger, S.: Top ten most-destructive computer viruses, 19 2012 (2012). Smithsonian.com

  3. Cybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice. A framework for a vulnerability disclosure program for online systems. https://www.justice.gov/criminal-ccips/page/file/983996/download. Accessed 21 May 2019

  4. Guan, J., Zhang, Y., Yao, S., Wang, L.: AID shuffling mechanism based on group-buying auction for identifier network security. IEEE Access 7, 123746–123756 (2019)

    Article  Google Scholar 

  5. Lipner, S.B.: The birth and death of the orange book. IEEE Ann. Hist. Comput. 37(2), 19–31 (2015)

    Article  Google Scholar 

  6. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control: a multi-dimensional view. In: Tenth Annual Computer Security Applications Conference, pp. 54–62, December 1994 (1994)

    Google Scholar 

  7. Sandhu, R.S., Ferraiolo, D.F., Kuhn, D.R.: The NIST model for role-based access control: towards a unified standard. In: Fifth ACM Workshop on Role-Based Access Control, RBAC 2000, Berlin, Germany, 26–27 July 2000, pp. 47–63 (2000)

    Google Scholar 

  8. Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65:1–65:45 (2017)

    Article  Google Scholar 

  9. Gritti, C., Önen, M., Molva, R., Susilo, W., Plantard, T.: Device identification and personal data attestation in networks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 9(4), 1–25 (2018)

    Google Scholar 

  10. Liu, Y., Quan, W., Wang, T., Wang, Y.: Delay-constrained utility maximization for video ads push in mobile opportunistic D2D networks. IEEE Internet Things J. 5(5), 4088–4099 (2018)

    Article  Google Scholar 

  11. Kotenko, I., Saenko, I., Branitskiy, A.: Applying big data processing and machine learning methods for mobile Internet of Things security monitoring. J. Internet Serv. Inf. Secur. (JISIS) 8(3), 54–63 (2018)

    Google Scholar 

  12. Di Pietro, R., Salleras, X., Signorini, M., Waisbard, E.: A blockchain-based trust system for the Internet of Things. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, pp. 77–83. ACM (2018)

    Google Scholar 

  13. Liu, Y., Xu, C., Zhan, Y., Liu, Z., Guan, J., Zhang, H.: Incentive mechanism for computation offloading using edge computing: a Stackelberg game approach. Comput. Netw. 129, 399–409 (2017)

    Article  Google Scholar 

  14. Yao, S., Guan, J., Yan, Z., Xu, K.: SI-STIN: a smart identifier framework for space and terrestrial integrated network. IEEE Netw. 33(1), 8–14 (2018)

    Article  Google Scholar 

  15. Moriano, P., Pendleton, J., Rich, S., Camp, L.J.: Stopping the insider at the gates: protecting organizational assets through graph mining. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 9(1), 4–29 (2018)

    Google Scholar 

  16. Perera, M.N.S., Koshiba, T.: Achieving strong security and member registration for lattice-based group signature scheme with verifier-local revocation. J. Internet Serv. Inf. Secur. (JISIS) 8(4), 1–15 (2018)

    Google Scholar 

  17. Valenza, F., Lioy, A.: User-oriented network security policy specification. J. Internet Serv. Inf. Secur. (JISIS) 8(2), 33–47 (2018)

    Google Scholar 

  18. Aldo, M.S.: Strategic role engineering approach to visual role based access control (V-RBAC). Int. J. Comput. Appl. Eng. Sci. 3(2), 84 (2013)

    Google Scholar 

  19. Narouei, M., Takabi, H.: Towards an automatic top-down role engineering approach using natural language processing techniques. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, pp. 157–160. ACM (2015)

    Google Scholar 

  20. Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control, pp. 103–110. ACM (2000)

    Google Scholar 

  21. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proceedings of the 12th ACM symposium on Access Control Models and Technologies, pp. 175–184. ACM (2007)

    Google Scholar 

  22. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)

    Article  Google Scholar 

  23. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: Migrating from RBAC to temporal RBAC. IET Inf. Secur. 11(5), 294–300 (2017)

    Article  Google Scholar 

  24. Mitra, B., Sural, S., Atluri, V., Vaidya, J.: Toward mining of temporal roles. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 65–80. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_5

    Chapter  Google Scholar 

  25. Pan, N., Sun, L., Zhu, Z., He, L.: A temporal approximation-based role mining approach for TRBAC. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 2366–2370. IEEE (2017)

    Google Scholar 

  26. Frank, M., Buhman, J.M., Basin, D.: Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 15 (2013)

    Article  Google Scholar 

  27. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: A new role mining framework to elicit business roles and to mitigate enterprise risk. Decis. Support Syst. 50(4), 715–731 (2011)

    Article  Google Scholar 

  28. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Visual role mining: a picture is worth a thousand roles. IEEE Trans. Knowl. Data Eng. 24(6), 1120–1133 (2011)

    Article  Google Scholar 

  29. Liu, Y., Wu, H., Xia, Y., Wang, Y., Li, F., Yang, P.: Optimal online data dissemination for resource constrained mobile opportunistic networks. IEEE Trans. Veh. Technol. 66(6), 5301–5315 (2016)

    Article  Google Scholar 

  30. Ma, X., Li, R., Lu, Z.: Role mining based on weights. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 65–74. ACM (2010)

    Google Scholar 

  31. Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: A probabilistic approach to hybrid role mining. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 101–111. ACM (2009)

    Google Scholar 

  32. Zhai, Z., Wang, J., Cao, Z., Mao, Y.: Hybrid role mining methods with minimal perturbation (in Chinese). J. Comput. Res. Dev. 50(5), 951–960 (2013)

    Google Scholar 

  33. Fuchs, L., Meier, S.: The role mining process model-underlining the need for a comprehensive research perspective. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 35–42. IEEE (2011)

    Google Scholar 

  34. Molloy, I., Li, N., Qi, Y.A., Lobo, J., Dickens, L.: Mining roles with noisy data. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 45–54. ACM (2010)

    Google Scholar 

  35. Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secure Comput. 7(3), 300–314 (2008)

    Article  Google Scholar 

  36. Takabi, H., Joshi, J.B.D.: StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 55–64. ACM (2010)

    Google Scholar 

  37. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Taming role mining complexity in RBAC. Comput. Secur. 29(5), 548–564 (2010)

    Article  Google Scholar 

  38. Molloy, I., et al.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(4), 36 (2010)

    Article  Google Scholar 

  39. Guo, Q., Vaidya, J., Atluri, V.: The role hierarchy mining problem: discovery of optimal role hierarchies. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 237–246. IEEE (2008)

    Google Scholar 

  40. Saenko, I., Kotenko, I.: Genetic algorithms for role mining problem. In: 2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing, pp. 646–650. IEEE (2011)

    Google Scholar 

  41. Dong, L., Wu, K., Tang, G.: A data-centric approach to quality estimation of role mining results. IEEE Trans. Inf. Forensics Secur. 11(12), 2678–2692 (2016)

    Article  Google Scholar 

  42. Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., Lobo, J.: Evaluating role mining algorithms. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 95–104. ACM (2009)

    Google Scholar 

  43. Wu, L., et al.: Uniform-scale assessment of role minimization in bipartite networks and its application to access control. Phys. A: Stat. Mech. Applications. 507, 381–397 (2018)

    Article  MathSciNet  Google Scholar 

  44. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: A probabilistic bound on the basic role mining problem and its applications. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIPAICT, vol. 297, pp. 376–386. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01244-0_33

    Chapter  Google Scholar 

  45. Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1958–1962. ACM (2010)

    Google Scholar 

  46. Huang, H., Shang, F., Zhang, J.: Approximation algorithms for minimizing the number of roles and administrative assignments in RBAC. In: 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops, pp. 427–432. IEEE (2012)

    Google Scholar 

  47. Xu, Z., Stoller, S.D.: Mining parameterized role-based policies. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 255–266. ACM (2013)

    Google Scholar 

  48. Molloy, I., et al.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM (2008)

    Google Scholar 

  49. Ye, W., Li, R., Gu, X., Li, Y., Wen, K.: Role mining using answer set programming. Future Gener. Comput. Syst. 55, 336–343 (2016)

    Article  Google Scholar 

  50. Pan, N., Sun, L., He, L.-S., Zhu, Z.-Q.: An approach for hierarchical RBAC reconfiguration with minimal perturbation. IEEE Access 6, 40389–40399 (2017)

    Article  Google Scholar 

  51. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: A survey of role mining. ACM Comput. Surv. 48, 1–37 (2016)

    Article  Google Scholar 

  52. Rosen-Zvi, M., Chemudugunta, C., Griffiths, T., Smyth, P., Steyvers, M.: Learning author-topic models from text corpora. ACM Trans. Inf. Syst. (TOIS) 28(1), 4 (2010)

    Article  Google Scholar 

  53. Molloy, I., Park, Y., Chari, S.: Generative models for access control policies: applications to role mining over logs with attribution. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 45–56. ACM (2012)

    Google Scholar 

  54. Zhang, X., Han, W., Fang, Z., Yin, Y., Mustafa, H.: Role mining algorithm evaluation and improvement in large volume android applications. In: Proceedings of the First International Workshop on Security in Embedded Systems and Smartphones, pp. 19–26. ACM (2013)

    Google Scholar 

  55. Alohaly, M., Takabi, H., Blanco, E.: A deep learning approach for extracting attributes of ABAC policies. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, pp. 137–148. ACM (2018)

    Google Scholar 

  56. Morisset, C., Willemse, T.A.C., Zannone, N.: Efficient extended ABAC evaluation. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, pp. 149–160. ACM (2018)

    Google Scholar 

  57. Colombo, P., Ferrari, E.: Access control in the era of big data: state of the art and research directions. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, SACMAT 2018, Indianapolis, IN, USA, 13–15 June 2018, pp. 185–192 (2018)

    Google Scholar 

  58. Guan, J., Sharma, V., You, I., Atiquzzaman, M., Imran, M.: Extension of MIH for FPMIPv6 (EMIH-FPMIPv6) to support optimized heterogeneous handover. Future Gener. Comp. Syst. 97, 775–791 (2019)

    Article  Google Scholar 

  59. Squicciarini, A.C., Rajtmajer, S.M., Zannone, N.: Multi-party access control: requirements, state of the art and open challenges. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, SACMAT 2018, Indianapolis, IN, USA, 13–15 June 2018, p. 49 (2018)

    Google Scholar 

  60. Liu, B., Guan, J., Jiang, Z.: A policy management system based on multi-dimensional attribution label. In: You, I., Leu, F.-Y., Chen, H.-C., Kotenko, I. (eds.) MobiSec 2016. CCIS, vol. 797, pp. 128–142. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7850-7_12

    Chapter  Google Scholar 

  61. Lee, A.J., Biehl, J.T., Curry, C.: Sensing or watching?: balancing utility and privacy in sensing systems via collection and enforcement mechanisms. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, SACMAT 2018, Indianapolis, IN, USA, 13–15 June 2018, pp. 105–116 (2018)

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their valuable comments which helped them to improve the content, organization, and presentation of this paper.

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Jinsuo Jia & Jianfeng Guan

  2. Academy of Military Sciences, People’s Liberation Army, Beijing, 100141, China

    Lili Wang

Authors
  1. Jinsuo Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lili Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianfeng Guan .

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, Asan, Korea (Republic of)

    Ilsun You

  2. Asia University, Taichung, Taiwan

    Hsing-Chung Chen

  3. Tunghai University, Taichung, Taiwan

    Fang-Yie Leu

  4. SPIIRAS, St. Petersburg, Russia

    Igor Kotenko

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jia, J., Guan, J., Wang, L. (2020). Role Mining: Survey and Suggestion on Role Mining in Access Control. In: You, I., Chen, HC., Leu, FY., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2019. Communications in Computer and Information Science, vol 1121. Springer, Singapore. https://doi.org/10.1007/978-981-15-9609-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9609-4_4

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9608-7

  • Online ISBN: 978-981-15-9609-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation