Fast exact and heuristic methods for role minimization problems

Alina Ene, Prasad Rao, William Horne, Robert Schreiber, Nikola Milosavljevic, Robert E. Tarjan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

205 Scopus citations

Abstract

We describe several new bottom-up approaches to problems in role engineering for Role-Based Access Control (RBAC). The salient problems are all NP-complete, even to approximate, yet we find that in instances that arise in practice these problems can be solved in minutes. We first consider role minimization, the process of finding a smallest collection of roles that can be used to implement a pre-existing user-to-permission relation. We introduce fast graph reductions that allow recovery of the solution from the solution to a problem on a smaller input graph. For our test cases, these reductions either solve the problem, or reduce the problem enough that we find the optimum solution with a (worst-case) exponential method. We introduce lower bounds that are sharp for seven of nine test cases and are within 3.4% on the other two. We introduce and test a new polynomial-time approximation that on average yields 2% more roles than the optimum. We next consider the related problem of minimizing the number of connections between roles and users or permissions, and we develop effective heuristic methods for this problem as well. Finally, we propose methods for several related problems.

Original languageEnglish (US)
Title of host publicationSACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages1-10
Number of pages10
DOIs
StatePublished - 2008
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: Jun 11 2008Jun 13 2008

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
Country/TerritoryUnited States
CityEstes Park, CO
Period6/11/086/13/08

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Keywords

  • Role mining
  • Role-based access control

Fingerprint

Dive into the research topics of 'Fast exact and heuristic methods for role minimization problems'. Together they form a unique fingerprint.

Cite this