| Recently, the role-based access control (RBAC) model is widely used in applicationof enterprise security system. Role mining is a technique that uses the automatic datamining method to generate role state and gets much attention from many researchers. Theglobal minimality of an RBAC state is commonly considered in previous approaches.However, only considering minimality will generate some roles which are hardlyinterpreted and implemented in real world. These roles weaken the robustness of anRBAC state. A new role mining algorithm based on dynamic modeling is provided tosolve these problems. Our approach uses features of roles and attributes of permission toimprove the accuracy.The functional features of a role come from attributes of permissions. Attributes ofpermissions that include operation, resource, weight and so on describe their function. Thenew algorithm is a two-phase approach. In first phase algorithm create the initial role stateusing the minimum permission set. In second phase, algorithm will uses the roles’ featuresand WSC(Weighted Structural Complexity) of state to update the initial role state.Features contain user set, permission set, responsibility and risk. Updating process willimprove the cohesion of generated roles. The experimental results demonstrate theeffectiveness of this new algorithm.The RBAC state configuring problem can’t be solved by using role mining approachesonly. User participation is another important step in role engineering. Therefore, a tool setis designed and developed to help security administrator complete the role configuringwork. This tool set is named RMiner(Role Miner) which provides the necessary tools forrole engineering. RMiner is not only a role engineering tool set, but also a comparativeexperiment platform on which users can add new algorithm to do some experiments. |
PDF Full Text Request