| As a secure and efficient access control strategy,Role-Based Access Control(RBAC)technology has received extensive attention.The most important and complex step in configuring RBAC security policies is called role engineering.Currently,there are two approaches for role engineering: the top-down approach and the bottom-up approach.The former configures an RBAC system based on the knowledge in business operation and security policies.The latter uses data mining techniques to discover roles from the userpermission assignments in the existing access control lists(ACL),and as such it also called role mining.Role mining has been widely used to automate the construction of role-based access control systems.There are two basic problems in role mining: role minimization and edge concentration.The role mining algorithms of these two problems have been widely studied,and there is a certain research basis for the evaluation of existing role mining algorithms.However,the evaluation methods of the existing role mining algorithms are all based on a fixed value(for example,the minimum number of roles).These evaluation methods cannot compare and analyze the different role mining algorithms in different datasets.In order to solve the above problems,this paper analyzes the theoretical definition and optimization of role minimization and edge concentration.Combining with the theoretical research and analysis,this paper defines three reference lines corresponding to the results of the role minimization and the edge concentration of the role mining algorithm: full-mark,medium-mark and base-mark,and designs the algorithms for solving the reference standard.The value of the reference lines of the dataset depends on the characteristics of the dataset itself.The corresponding solution algorithms can be designed separately according to the physical meaning of the reference lines.Comprehensive role mining results and reference lines can construct the evaluation score vector of the role mining results.Based on the physical meaning of the score vector,the role mining results of different algorithms under different datasets can be uniformly evaluated and compared.This paper establishes the evaluation criteria and the respective evaluation score vector for the role minimization and edge concentration results,and proposes the dimensionless evaluation framework of the role mining results for information security management.Finally,six real datasets and ten different role mining algorithms are chosen for experimental verification.The experimental results not only show the standard lines of role minimization and edge concentration results corresponding to each datasets,but also verify the score results of each role mining algorithm.From the experimental results,we can obtain the goodness of each role mining results in role minimization and edge concentration of different datasets,and objectively assess varieties of role minimization and edge concentration results on a uniform scale. |
PDF Full Text Request