期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

最小扰动混合角色挖掘方法研究 被引量:6

Hybrid Role Mining Methods with Minimal Perturbation
下载PDF
导出
摘要 绝大部分的角色挖掘方法都是从无到有地进行构建,所有角色都是新挖掘出来的,而没有考虑事先已经存在的角色集合.而且从已有角色集合的方法中提出的相似度定义均不满足交换律;提出一种混合角色挖掘方法,以top-down方法预先定义部分角色,以bottom-up方法挖掘候选角色集合.定义加权结构复杂度并以此作为系统状态优化的指标.给出满足交换律的相似度定义,以此作为与原有角色集近似度量的指标,并提出相似度计算算法.在此基础上提出最小扰动混合角色挖掘的定义和算法;分析算法复杂度并作出性能评估,评估结果表明算法准确率和效率均有明显提高. A basic problem in the design of role-based access control (RBAC) system is to automatically discover roles and configure user-role assignment and permission-role assignment. In order to achieve these objectives, researchers have proposed to discover roles from the existing user-permission assignments using data mining techniques, which is called role mining. But most of the existing role mining techniques do not consider the existing RBAC configurations and try t6 define everything from scratch. The definitions of similarity in the literature do not satisfy the commutative law. In this paper, we formally present a hybrid role mining method, providing deployed roles set using top-down approach and mining candidate role set using bottom-up approach. We propose the measures of weighted structural complexity for the optimality of the RBAC state. We also present the definitions of similarity of role sets for minimal perturbation that satisfy the commutative law and the similarity computation algorithm. Finally, the hybrid role mining algorithm with minimal perturbation is discussed. The algorithm' computational complexity is analyzed and the effectiveness of the algorithm is evaluated. The evaluation results demonstrate the correctness and effectiveness of our approach.
作者 翟志刚 王建东 曹子宁 毛宇光
机构地区 南京航空航天大学计算机科学与技术学院 江苏省省级机关事务管理局 计算机软件新技术国家重点实验室(南京大学)
出处 《计算机研究与发展》 EI CSCD 北大核心 2013年第5期951-960,共10页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60873025) 苏州大学江苏省计算机信息处理技术重点实验室基金项目(KJS0920)
关键词 角色挖掘 角色工程 基于角色访问控制 加权结构复杂度 相似度 role mining role engineering role-based access control (RBAC) weighted structural complexity(WSC) similarity
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献26

  • 1Coyne E J. Role-engineerng [C] //Proc of the 1st ACM Workshop on Role-Based Access Control. New York: ACM, 1995:15-16.
  • 2Kern A, Kuhlmann M, Schaad A, et al. Observations on the role life-cycle in the context of enterprise security management [C] //Proc of the 7th ACM Syrup on Access Control Models and Technologies (SACMAT2002). New York: ACM, 2002:43-51.
  • 3Shin D, Ahn G J, Cho S, et al. On modeling system-centric information for role engineering [C] //Proe of the 8th ACM Symp on Access Control Models and Technologies (SACMAT2003). New York: ACM, 2003:169-178.
  • 4Kuhlmann M, Shohat D, Schimpf G. Role mining-revealing business roles for security administration using data mining technology [C] //Proc of the 8th ACM Syrup on Access Control Models and Technologies (SACMAT2003). New York: ACM, 2003:179-186.
  • 5Vaidya J, Atluri V, Guo Q. The role mining problem: Finding a minimal descriptive set of roles [C] //Proc of the 12th ACM Symp on Access Control Models and Technologies (SACMAT2007). New York: ACM, 2007:175-184.
  • 6Vaidya J, Atluri V, Guo Q. The role mining problem: A formal perspective[J]. ACM Trans on Information and System Security (TISSEC), 2010, 13(3) : 27:1-27:31.
  • 7Lu Haibing, Vaidya J, Atluri V. Optimal Boolean matrix decomposition: Application to role engineering [C] //Proc of IEEE 24th Int Conf on Data Engineering (ICDE'08). Los Alamitos, CA: IEEE Computer Society, 2008: 297-306.
  • 8Guo Q, Vaidya J, Atluri V. The role hierarchy mining problem. Discovery of optimal role hierarchies [C] //Proc of the 2008 Annual Computer Security Applications Conf (ACSAC'08). Los Alamitos, CA: IEEE Computer Society, 2008:237-246.
  • 9Frank M, Buhmann J M, Basin D. On the definition of role mining [C] //Proc of the 15th ACM Symp on Access Control Models and Technologies (SACMAT2010). New York: ACM, 2010:35-43.
  • 10Schlegelmilch J, Steffens U. Role mining with ORCA [C] // Proc of the 10th ACM Syrup on Access Control Models and Technologies (SACMAT2005). New York: ACM, 2005: 168-176.

二级参考文献23

  • 1张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型[J].中国科学(E辑),2007,37(2):254-271. 被引量:21
  • 2林闯,封富君,李俊山.新型网络环境下的访问控制技术[J].软件学报,2007,18(4):955-966. 被引量:67
  • 3李晓峰,冯登国,徐震.一种通用访问控制管理模型[J].计算机研究与发展,2007,44(6):947-957. 被引量:8
  • 4Sandhu R, Coyne E, Feinstein H, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47.
  • 5Sandhu R, Munawer Q. The ARBAC99 model for administration of roles [C] //Proc of the 15th Annual Computer Security Applications Conference, Los Alamitos, CA: IEEE Computer Society, 1999:229-314.
  • 6Covington M J, Long Wende, Srinivasan S, et at. Securing context-aware applications using environment roles [C]// Proc of the 6th ACM Syrup on Access Control Models and Technologies. New York: ACM, 2001:10-20.
  • 7Bertino E, Catania B, Damiani M L, et al. GEO-RBAC: A spatially aware RBAC [C]//Proc of the 10th ACM Syrup on Access Control Models and Technologies. New York: ACM, 2005:29-37.
  • 8Bertino E, Bonatti P A, Ferrari E. TRBAC: A temporal role-based access control model[J]. ACM Trans on Information and System Security, 2001, 4(3): 191-233.
  • 9Ray I, Yu Lijun. Towards a location-aware role-based access control model [C]//Proc of the 1st Int Conf on Security and Privacy for Emerging Areas in Communications Networks. Piscataway, NJ: IEEE, 2005:234-236.
  • 10Cuppens F, Midge A. Modelling contexts in the Or-BAC model [C]//Proc of the 19th Annual Computer Security Applications Conference. Piseataway, NJ: IEEE, 2003: 416-425.

共引文献40

同被引文献37

引证文献6

二级引证文献150

计算机研究与发展
2013年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部