IDEAS home Printed from https://ideas.repec.org/a/spr/jcomop/v30y2015i1d10.1007_s10878-013-9633-9.html
   My bibliography  Save this article

Handling least privilege problem and role mining in RBAC

Author

Listed:
  • Hejiao Huang

    (Harbin Institute of Technology Shenzhen Graduate School
    Shenzhen Key Laboratory of Internet Information Collaboration)

  • Feng Shang

    (Harbin Institute of Technology Shenzhen Graduate School
    Shenzhen Key Laboratory of Internet Information Collaboration)

  • Jinling Liu

    (Harbin Institute of Technology Shenzhen Graduate School
    Shenzhen Key Laboratory of Internet Information Collaboration)

  • Hongwei Du

    (Harbin Institute of Technology Shenzhen Graduate School
    Shenzhen Key Laboratory of Internet Information Collaboration)

Abstract

For a given role-based access control (RBAC) configuration, user-role assignment satisfying least privilege principle (specified as LPUAP) is one of the most important problems to be solved in information security. LPUAP has been proved to be NP-hard. This paper gives several efficient greedy algorithms for handling this problem. Experiment results show that the output of our algorithms is almost optimal while the running time is greatly reduced. In another case where a RBAC configuration is to be set up, minimizing the descriptive set of roles (specified as Basic-RMP) and minimizing the administrative assignments for roles (specified as Edge-RMP) can greatly decrease the management costs. Both role mining problems (i.e., Basic-RMP and Edge-RMP) have also been proved to be NP-hard. This paper converts Basic-RMP to set cover problem and Edge-RMP to weighted set cover problem, and two algorithms respectively named $$GA_{Basic}$$ GA Basic algorithm for Basic-RMP and $$GA_{Edge}$$ GA Edge algorithm for Edge-RMP, are designed. Experiment results show that the average similarity rate between role sets produced by $$GA_{Basic}$$ GA Basic algorithm and the original ones used in generating the dataset is above 90 %. However, in the process of converting role mining into Set Cover Problem, the number of candidate role set is very large. In order to reduce the complexity of the $$GA_{Basic}$$ GA Basic algorithm, this paper presents a new polynomial-time algorithm with a performance nearly the same as that of $$GA_{Basic}$$ GA Basic algorithm.

Suggested Citation

  • Hejiao Huang & Feng Shang & Jinling Liu & Hongwei Du, 2015. "Handling least privilege problem and role mining in RBAC," Journal of Combinatorial Optimization, Springer, vol. 30(1), pages 63-86, July.
    • Handle: RePEc:spr:jcomop:v:30:y:2015:i:1:d:10.1007_s10878-013-9633-9
    DOI: 10.1007/s10878-013-9633-9
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10878-013-9633-9
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10878-013-9633-9?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Ding-Zhu Du & Ker-I Ko & Xiaodong Hu, 2012. "Design and Analysis of Approximation Algorithms," Springer Optimization and Its Applications, Springer, number 978-1-4614-1701-9, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Wei Sun & Shiwei Wei & Huaping Guo & Hongbing Liu, 2019. "Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations," Future Internet, MDPI, vol. 11(9), pages 1-21, September.
    2. Tao Wang & Qiang Wu, 2023. "Role Minimization Optimization Algorithm Based on Concept Lattice Factor," Mathematics, MDPI, vol. 11(14), pages 1-13, July.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zhao Zhang & Wen Xu & Weili Wu & Ding-Zhu Du, 2017. "A novel approach for detecting multiple rumor sources in networks with partial observations," Journal of Combinatorial Optimization, Springer, vol. 33(1), pages 132-146, January.
    2. Majun Shi & Zishen Yang & Wei Wang, 2023. "Greedy guarantees for minimum submodular cost submodular/non-submodular cover problem," Journal of Combinatorial Optimization, Springer, vol. 45(1), pages 1-16, January.
    3. Jiao Zhou & Zhao Zhang & Weili Wu & Kai Xing, 2014. "A greedy algorithm for the fault-tolerant connected dominating set in a general graph," Journal of Combinatorial Optimization, Springer, vol. 28(1), pages 310-319, July.
    4. Kübra Tanınmış & Markus Sinnl, 2022. "A Branch-and-Cut Algorithm for Submodular Interdiction Games," INFORMS Journal on Computing, INFORMS, vol. 34(5), pages 2634-2657, September.
    5. Zhao Zhang & Wei Liang & Hongmin W. Du & Siwen Liu, 2022. "Constant Approximation for the Lifetime Scheduling Problem of p -Percent Coverage," INFORMS Journal on Computing, INFORMS, vol. 34(5), pages 2675-2685, September.
    6. Xiaozhi Wang & Xianyue Li & Bo Hou & Wen Liu & Lidong Wu & Suogang Gao, 2021. "A greedy algorithm for the fault-tolerant outer-connected dominating set problem," Journal of Combinatorial Optimization, Springer, vol. 41(1), pages 118-127, January.
    7. Xiang Li & H. George Du & Panos M. Pardalos, 2020. "A variation of DS decomposition in set function optimization," Journal of Combinatorial Optimization, Springer, vol. 40(1), pages 36-44, July.
    8. Xiang Li & H. George Du, 2020. "A short proof for stronger version of DS decomposition in set function optimization," Journal of Combinatorial Optimization, Springer, vol. 40(4), pages 901-906, November.
    9. Chuanwen Luo & Yongcai Wang & Yi Hong & Wenping Chen & Xingjian Ding & Yuqing Zhu & Deying Li, 2019. "Minimizing data collection latency with unmanned aerial vehicle in wireless sensor networks," Journal of Combinatorial Optimization, Springer, vol. 38(4), pages 1019-1042, November.
    10. Shi, Majun & Yang, Zishen & Wang, Wei, 2021. "Minimum non-submodular cover problem with applications," Applied Mathematics and Computation, Elsevier, vol. 410(C).
    11. Limin Wang & Wenxue Du & Zhao Zhang & Xiaoyan Zhang, 2017. "A PTAS for minimum weighted connected vertex cover $$P_3$$ P 3 problem in 3-dimensional wireless sensor networks," Journal of Combinatorial Optimization, Springer, vol. 33(1), pages 106-122, January.
    12. Yichao He & Xinlu Zhang & Wenbin Li & Xiang Li & Weili Wu & Suogang Gao, 2016. "Algorithms for randomized time-varying knapsack problems," Journal of Combinatorial Optimization, Springer, vol. 31(1), pages 95-117, January.
    13. Zishen Yang & Wei Wang & Majun Shi, 2021. "Algorithms and Complexity for a Class of Combinatorial Optimization Problems with Labelling," Journal of Optimization Theory and Applications, Springer, vol. 188(3), pages 673-695, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:jcomop:v:30:y:2015:i:1:d:10.1007_s10878-013-9633-9. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.