摘要
绝大部分的角色挖掘方法都是从无到有地进行构建,所有角色都是新挖掘出来的,而没有考虑事先已经存在的角色集合.而且从已有角色集合的方法中提出的相似度定义均不满足交换律;提出一种混合角色挖掘方法,以top-down方法预先定义部分角色,以bottom-up方法挖掘候选角色集合.定义加权结构复杂度并以此作为系统状态优化的指标.给出满足交换律的相似度定义,以此作为与原有角色集近似度量的指标,并提出相似度计算算法.在此基础上提出最小扰动混合角色挖掘的定义和算法;分析算法复杂度并作出性能评估,评估结果表明算法准确率和效率均有明显提高.
A basic problem in the design of role-based access control (RBAC) system is to automatically discover roles and configure user-role assignment and permission-role assignment. In order to achieve these objectives, researchers have proposed to discover roles from the existing user-permission assignments using data mining techniques, which is called role mining. But most of the existing role mining techniques do not consider the existing RBAC configurations and try t6 define everything from scratch. The definitions of similarity in the literature do not satisfy the commutative law. In this paper, we formally present a hybrid role mining method, providing deployed roles set using top-down approach and mining candidate role set using bottom-up approach. We propose the measures of weighted structural complexity for the optimality of the RBAC state. We also present the definitions of similarity of role sets for minimal perturbation that satisfy the commutative law and the similarity computation algorithm. Finally, the hybrid role mining algorithm with minimal perturbation is discussed. The algorithm' computational complexity is analyzed and the effectiveness of the algorithm is evaluated. The evaluation results demonstrate the correctness and effectiveness of our approach.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2013年第5期951-960,共10页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60873025)
苏州大学江苏省计算机信息处理技术重点实验室基金项目(KJS0920)
关键词
角色挖掘
角色工程
基于角色访问控制
加权结构复杂度
相似度
role mining
role engineering
role-based access control (RBAC)
weighted structural complexity(WSC)
similarity