| Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, Migrating from ACLs to RBAC for a large organization is not an easy work. Role mining Algorithm aims to overcome this problem.This thesis first studies the existing role mining algorithms. Evolutionary algorithm-based role mining algorithms can produce a good performance in minimizing the size of the RBAC policy by heuristic search. However, these existing algorithms paid no attention to the interpretability of roles. The reason is that they treated the users or the permissions as the same, regardless of the attributes. This may lead to difficulties in practical applications.To solve the disadvantages mentioned above, we propose two new algorithms which can optimize policy quality in terms of attributes of the users and permissions. One is genetic algorithm (GA)-based elimination algorithm, which start with the entire set of candidate roles and repeatedly remove roles. The other is ant colony optimization (ACO)-based selection algorithm, which starts with an empty policy and repeatedly adds candidate roles to the RBAC policy. We also carry out extensive experiments with publicly available access control policies. The simulation results indicate that the proposed algorithms produce smaller RBAC policy and achieve better performance than the corresponding existing algorithms. |
PDF Full Text Request