Role-based access control (RBAC) allows to effectively manage the risk derived from granting access to resources, provided that designed roles are business-driven. Role mining represents an essential tool for role engineers, but existing techniques are not able to elicit roles with an associated clear business meaning. Hence, it is difficult to mitigate risk, to simplify business governance, and to ensure compliance throughout the enterprise. To elicit meaningful roles, we propose a methodology where data to analyze are decomposed into smaller subsets according to the provided business information. We introduce two indices. minability and similarity, that drive the decomposition process by providing the expected complexity to find roles with business meaning. The proposed methodology is rooted on a sound theoretical framework. Moreover. experiments on real enterprise data support its effectiveness. (C) 2010 Elsevier B.V. All rights reserved.

Colantonio, A., DI PIETRO, R., Ocello, A., Verde, N.v. (2011). A new role mining framework to elicit business roles and to mitigate enterprise risk. DECISION SUPPORT SYSTEMS, 50(4), 715-731 [10.1016/j.dss.2010.08.022].

A new role mining framework to elicit business roles and to mitigate enterprise risk

DI PIETRO, ROBERTO;
2011-01-01

Abstract

Role-based access control (RBAC) allows to effectively manage the risk derived from granting access to resources, provided that designed roles are business-driven. Role mining represents an essential tool for role engineers, but existing techniques are not able to elicit roles with an associated clear business meaning. Hence, it is difficult to mitigate risk, to simplify business governance, and to ensure compliance throughout the enterprise. To elicit meaningful roles, we propose a methodology where data to analyze are decomposed into smaller subsets according to the provided business information. We introduce two indices. minability and similarity, that drive the decomposition process by providing the expected complexity to find roles with business meaning. The proposed methodology is rooted on a sound theoretical framework. Moreover. experiments on real enterprise data support its effectiveness. (C) 2010 Elsevier B.V. All rights reserved.
2011
Colantonio, A., DI PIETRO, R., Ocello, A., Verde, N.v. (2011). A new role mining framework to elicit business roles and to mitigate enterprise risk. DECISION SUPPORT SYSTEMS, 50(4), 715-731 [10.1016/j.dss.2010.08.022].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11590/120399
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 28
  • ???jsp.display-item.citation.isi??? 17
social impact