Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Information ◽  
2019 ◽  
Vol 10 (11) ◽  
pp. 342 ◽  
Author(s):  
Wei Sun ◽  
Hui Su ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Problems ◽  
Engineering System ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Optimization ◽  
Cardinality Constraint ◽  
Cardinality Constraints ◽  
Role Mining ◽  
Clustering Problem

Role-based access control (RBAC) is one of the most popular access-control mechanisms because of its convenience for management and various security policies, such as cardinality constraints, mutually exclusive constraints, and user-capability constraints. Role-engineering technology is an effective method to construct RBAC systems. However, mining scales are very large, and there are redundancies in the mining results. Furthermore, conventional role-engineering methods not only do not consider more than one cardinality constraint, but also cannot ensure authorization security. To address these issues, this paper proposes a novel method called role-engineering optimization with cardinality constraints and user-oriented mutually exclusive constraints (REO_CCUMEC). First, we convert the basic role mining into a clustering problem, based on the similarities between users and use-partitioning and compression technologies, in order to eliminate redundancies, while maintaining its usability for mining roles. Second, we present three role-optimization problems and the corresponding algorithms for satisfying single or double cardinality constraints. Third, in order to evaluate the performance of authorizations in a role-engineering system, the maximal role assignments are implemented, while satisfying multiple security constraints. The theoretical analyses and experiments demonstrate the accuracy, effectiveness, and efficiency of the proposed method.

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

Access Control in Mobile and Ubiquitous Environments

2010 ◽  
pp. 1481-1497
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
New Techniques ◽  
Role Based ◽  
Resource Constrained Devices

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resource-constrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

scholarly journals Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control

2020 ◽  
Vol 12 (10) ◽  
pp. 164
Author(s):  
Wei Sun ◽  
Hui Su ◽  
Huacheng Xie
Keyword(s):  
Access Control ◽  
Hamming Distance ◽  
Visual Representation ◽  
Engineering System ◽  
Engineering Optimization ◽  
Efficiency And Effectiveness ◽  
Model Counting ◽  
Separation Of Duty ◽  
Attribute Based Access Control ◽  
Policy Mining

Recently, attribute-based access control (ABAC) has received increasingly more attention and has emerged as the desired access control mechanism for many organizations because of its flexibility and scalability for authorization management, as well as its security policies, such as separation-of-duty constraints and mutually exclusive constraints. Policy-engineering technology is an effective approach for the construction of ABAC systems. However, most conventional methods lack interpretability, and their constructing processes are complex. Furthermore, they do not consider the separation-of-duty constraints. To address these issues in ABAC, this paper proposes a novel method called policy engineering optimization with visual representation and separation of duty constraints (PEO_VR&SOD). First, to enhance interpretability while mining a minimal set of rules, we use the visual technique with Hamming distance to reduce the policy mining scale and present a policy mining algorithm. Second, to verify whether the separation of duty constraints can be satisfied in a constructed policy engineering system, we use the method of SAT-based model counting to reduce the constraints and construct mutually exclusive constraints to implicitly enforce the given separation of duty constraints. The experiments demonstrate the efficiency and effectiveness of the proposed method and show encouraging results.

scholarly journals Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 334
Author(s):  
Gabriel Nyame ◽  
Zhiguang Qin
Keyword(s):  
Knowledge Management ◽  
Access Control ◽  
Organizational Context ◽  
Relevant Literature ◽  
Management Tool ◽  
Future Research ◽  
Illustrative Case ◽  
Role Based Access Control ◽  
Role Mining ◽  
Role Based

Role-based access control (RBAC) continues to gain popularity in the management of authorization concerning access to knowledge assets in organizations. As a socio-technical concept, the notion of role in RBAC has been overemphasized, while very little attention is given to the precursors: role strain, role ambiguity, and role conflict. These constructs provide more significant insights into RBAC design in Knowledge Management Systems (KMS). KMS is the technology-based knowledge management tool used to acquire, store, share, and apply knowledge for improved collaboration and knowledge-value creation. In this paper, we propose eight propositions that require future research concerning the RBAC system for knowledge security. In addition, we propose a model that integrates these precursors and RBAC to deepen the understanding of these constructs. Further, we examine these precursory constructs in a socio-technical fashion relative to RBAC in the organizational context and the status–role relationship effects. We carried out conceptual analysis and synthesis of the relevant literature, and present a model that involves the three essential precursors that play crucial roles in role mining and engineering in RBAC design. Using an illustrative case study of two companies where 63 IT professionals participated in the study, the study established that the precursors positively and significantly increase the intractability of the RBAC system design. Our framework draws attention to both the management of organizations and RBAC system developers about the need to consider and analyze the precursors thoroughly before initiating the processes of policy engineering, role mining, and role engineering. The propositions stated in this study are important considerations for future work.

Access Control in Mobile and Ubiquitous Environments

2011 ◽  
pp. 278-294 ◽  
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
Access Control Policy ◽  
New Techniques ◽  
Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Chapter 28. Pseudo-Boolean and Cardinality Constraints

2021 ◽  
Author(s):  
Olivier Roussel ◽  
Vasco Manquinho
Keyword(s):  
Optimization Problems ◽  
Expressive Power ◽  
Natural Generalization ◽  
Satisfiability Problem ◽  
Weighted Sum ◽  
Inference Rules ◽  
Cardinality Constraint ◽  
Cardinality Constraints ◽  
Satisfiability Algorithms

Pseudo-Boolean and cardinality constraints are a natural generalization of clauses. While a clause expresses that at least one literal must be true, a cardinality constraint expresses that at least n literals must be true and a pseudo-Boolean constraint states that a weighted sum of literals must be greater than a constant. These contraints have a high expressive power, have been intensively studied in 0/1 programming and are close enough to the satisfiability problem to benefit from the recents advances in this field. Besides, optimization problems are naturally expressed in the pseudo-Boolean context. This chapter presents the inference rules on pseudo-Boolean constraints and demonstrates their increased inference power in comparison with resolution. It also shows how the modern satisfiability algorithms can be extended to deal with pseudo-Boolean constraints.

scholarly journals Agent-Based Semantic Role Mining for Intelligent Access Control in Multi-Domain Collaborative Applications of Smart Cities

Sensors ◽  
2021 ◽  
Vol 21 (13) ◽  
pp. 4253
Author(s):  
Rubina Ghazal ◽  
Ahmad Kamran Malik ◽  
Basit Raza ◽  
Nauman Qadeer ◽  
Nafees Qamar ◽  
...  
Keyword(s):  
Access Control ◽  
Intelligent Agents ◽  
Smart Cities ◽  
Role Based Access Control ◽  
Semantic Role ◽  
Role Mining ◽  
Occupational Classification ◽  
Business Environments ◽  
Intelligent Software ◽  
Role Based

Significance and popularity of Role-Based Access Control (RBAC) is inevitable; however, its application is highly challenging in multi-domain collaborative smart city environments. The reason is its limitations in adapting the dynamically changing information of users, tasks, access policies and resources in such applications. It also does not incorporate semantically meaningful business roles, which could have a diverse impact upon access decisions in such multi-domain collaborative business environments. We propose an Intelligent Role-based Access Control (I-RBAC) model that uses intelligent software agents for achieving intelligent access control in such highly dynamic multi-domain environments. The novelty of this model lies in using a core I-RBAC ontology that is developed using real-world semantic business roles as occupational roles provided by Standard Occupational Classification (SOC), USA. It contains around 1400 business roles, from nearly all domains, along with their detailed task descriptions as well as hierarchical relationships among them. The semantic role mining process is performed through intelligent agents that use word embedding and a bidirectional LSTM deep neural network for automated population of organizational ontology from its unstructured text policy and, subsequently, matching this ontology with core I-RBAC ontology to extract unified business roles. The experimentation was performed on a large number of collaboration case scenarios of five multi-domain organizations and promising results were obtained regarding the accuracy of automatically derived RDF triples (Subject, Predicate, Object) from organizational text policies as well as the accuracy of extracted semantically meaningful roles.

scholarly journals A Conceptual Model of Role Based Access Control Using Role Mining Algorithm

2018 ◽  
Vol 12 (3) ◽  
pp. 1394
Author(s):  
Nazirah Abd Hamid ◽  
Rabiah Ahmad ◽  
Siti Rahayu Selamat
Keyword(s):  
Access Control ◽  
Conceptual Model ◽  
Role Based Access Control ◽  
Role Mining ◽  
General Process ◽  
System A ◽  
Mining Algorithm ◽  
Access Control System ◽  
Role Based ◽  
Mining Model

Numerous studies have shown that currently, role-based access control has becoming one of the successful access control model because of its principle that could simplifies the work of security administrators. However, to construct a concise, role-based access control system, a good role mining algorithm structure is needed therefore the objectives of this paper are firstly, to provide a general overview on phases that involved in designing and developing the algorithm and secondly, to introduce a conceptual model that constructed based on the analysis and this model represents a general process in role mining model. This model involved series of phases that begin with the input of data, pre-processing stage, candidate role generation phase, role selection and role assignment process and lastly number of roles as generated output.

Fast and Efficient Multiview Access Control Mechanism for Cloud Based Agriculture Storage Management System

2019 ◽  
Vol 9 (1) ◽  
pp. 33-49 ◽  
Author(s):  
Kuldeep Sambrekar ◽  
Vijay S. Rajpurohit
Keyword(s):  
Access Control ◽  
Management System ◽  
Data Access ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Gis Technology ◽  
Fine Grained ◽  
Storage Overhead ◽  
Role Based ◽  
And Storage

Agriculture and its related industries are the backbone of many countries' economic growth. To achieve an efficient agricultural management system, remote sensing forecasting and GIS technology are providing information to users/stakeholders of various agricultural application uses. This information is huge in size and is stored in the cloud computing storage environment. Minimizing data access and storage costs on such an environment is desired. For achieving fine-grained role-based access control mechanisms, researchers are now focusing on ensuring such roles are enforced correctly. Existing models, though they are using role-based access control at various levels, are facing challenges like high computation rates and storage overhead. Currently, existing systems are using XML and UML for role and user creation. To address these research challenges, this article presents a model Fast and Efficient Multi View Access Control (FEMVAC) using the Amazon S3 public cloud environment for agriculture. The model minimizes storage overhead by adopting a banarization method over UML/XML method. The experimental outcome shows that the FEMVAC method is efficient compared with existing models.

Sign in / Sign up

Export Citation Format

Share Document