| Nowadays the size of datas is increasing bigger and bigger. Also the user and the corresponding authority in the enterprise system are complex and the size is huge. It is necessary to use the role based access control model to manage the system. Role mining, as a solution to automatically mine potential roles, has obtained broad attention. However, most current role mining algorithms pay attention to the minimality of formed role based access control models. They totally override that the role may have access risk as the entity in access control system. The risky roles would probably result to the leakage of the authority. At the same time, it is required to develop authority policy to manage the roles activation and the authority policy can promise that the user activates the proper role. However, due to the large amount of control information and the amount of log information, it is a hard challenge to the traditional algorithms. With the rise of Hadoop and the wide use of the distributed platform it is a trend to improve the traditional algorithms to apply to the distributed platforms.In order to solve this problem, a new approach called the risk based role mining algorithm is proposed. The algorithm is divided into two phases. In the first phase, the algorithm forms the concept by using formal concept analysis and the concepts are original roles. But there are many redundant roles in the original roles. Therefore, it is necessary to partially merge the original roles. In the second phase, the algorithm introduces the risk factor and builds the risk assessment model. Then based on the assessment model the algorithm updates roles in original roles and finally forms role model of controllable risk. The results of experiment show that the risk based role mining algorithm can not only mine accurate roles, and also control the final role model well.To solve the lower efficiency when the traditional role mining algorithms analyse big operating datas, we combine the formal concept analysis with distributed computing model and form the distributed formal concept analysis based on Hadoop. And then the concepts which are seen as original role sets are as input of role mining algorithm. The distributed formal concept analysis greatly improves the efficiency of the analysis. The contrast experiment shows that the efficiency of distributed formal concept analysis is much higher than the original.At the same time, we propose the algorithm of role activation based on user trust in order to develop appropriate authority strategy. This algorithm first computes users'trust and user trust threshold of roles. Then it judges the trust of user who applies for the role and the trust threshold of the role. From the experiment result we can see the proposed activation algorithm can make the user activate the proper role well. |
PDF Full Text Request