1 / 11

Comprehensive Evaluation of Role Mining Algorithms for RBAC Systems

Explore the effectiveness of role mining algorithms for RBAC systems, comparing outputs, criteria, and input datasets. Understand Class 1 and Class 2 algorithms, their phases, and metrics for assessment. Delve into algorithm categories, evaluation results, and implications.

mhiga
Download Presentation

Comprehensive Evaluation of Role Mining Algorithms for RBAC Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluating Role Mining Algorithms Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang, Jorge Lobo

  2. Role Mining Overview • Data mining techniques to discover roles from existing system configuration data. • Uses automated techniques. • Can accelerate the role engineering process

  3. Role Mining Algorithms • Algorithms have only been evaluated when they were proposed • No standardized method of evaluating algorithms • Some framework should exist to be able to compare role mining algorithms performance

  4. Evaluating Role Mining Algorithms • Three questions must be answered • What does a role mining algorithm output? • What criteria should be used to compare the outputs from different role mining algorithms? • What input datasets should be used?

  5. Evaluating Role Mining Algorithms • Categorized algorithms into two classes based on output • Class 1 algorithms output a sequence of prioritized roles • Class 2 algorithms output complete RBAC states • Class 1 algorithms can be converted into Class 2 algorithms and vice versa

  6. Class 1 Algorithms • Prioritized list of candidate roles, each of which is a set of permissions • Two phases: (a) identify a set of candidate roles from data (b) assign a priority value to each candidate role (a higher priority is more important and useful)

  7. Class 2 Algorithms • Output is a complete RBAC state • Take as input a configuration <U, P, UP> and outputs <R, UA, PA, RH, DUPA> where: R is a set of roles UA is the user-role assignment PA is the role-permission assignment RH is the role hierarchy DUPA is the direct user-permission assignment relation • Often try to generate an RBAC state that minimizes some cost measure

  8. Metrics for Comparing Algorithms • Quality of RBAC states • Prioritized Role Quality

  9. Input Datasets • Real-world Data • Synthetic Data • Random • Tree-based data generation • ERBAC data generation

  10. Role Mining Algorithms Class 1 Algorithms: • CompleteMiner (CM) and FastMiner(FM) • DynamicMiner (DM) • PairCount (PC) Class 2 Algorithms: • ORCA • Graph Optimization (GO) • HP Role Minimization (HPr) • HP Edge Minimization (Hpe) • HierarchicalMiner (HM)

  11. Algorithm Evaluation Results • HM tended to do the best except in minimizing the number of roles • Synthetic data results largely echoed real-world data • Results indicate that algorithms which strive to minimize the number of roles often generate RBAC states with a larger number of edges.

More Related