Visual role mining: A picture is worth a thousand roles

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

Research output: Contribution to journalArticlepeer-review

39 Scopus citations

Abstract

This paper offers a new role engineering approach to Role-Based Access Control (RBAC), referred to as visual role mining. The key idea is to graphically represent user-permission assignments to enable quick analysis and elicitation of meaningful roles. First, we formally define the problem by introducing a metric for the quality of the visualization. Then, we prove that finding the best representation according to the defined metric is a NP-hard problem. In turn, we propose two algorithms: ADVISER and EXTRACT. The former is a heuristic used to best represent the user-permission assignments of a given set of roles. The latter is a fast probabilistic algorithm that, when used in conjunction with ADVISER, allows for a visual elicitation of roles even in absence of predefined roles. Besides being rooted in sound theory, our proposal is supported by extensive simulations run over real data. Results confirm the quality of the proposal and demonstrate its viability in supporting role engineering decisions. © 1989-2012 IEEE.
Original languageEnglish (US)
Pages (from-to)1120-1133
Number of pages14
JournalIEEE Transactions on Knowledge and Data Engineering
Volume24
Issue number6
DOIs
StatePublished - May 7 2012
Externally publishedYes

Bibliographical note

Generated from Scopus record by KAUST IRTS on 2023-09-20

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Information Systems
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Visual role mining: A picture is worth a thousand roles'. Together they form a unique fingerprint.

Cite this