Role mining with ORCA
- 1 June 2005
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 168-176
- https://doi.org/10.1145/1063979.1064008
Abstract
With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Role-based access control (RBAC) has proven to be a solution to this problem but relies on a well-defined set of role definitions, a role concept for the enterprise in question. The definition of a role concept (role engineering) is a difficult task traditionally performed via interviews and workshops. However, often users already have the permissions that they need to do their jobs, and roles can be derived from these permission assignments using data mining technology, thus giving the process of role concept definition a head-start.In this paper, we present the ORCA role mining tool and its algorithm. The algorithm performs a cluster analysis on permission assignments to build a hierarchy of permission clusters and presents the results to the user in graphical form. It allows the user to interactively add expert knowledge to guide the clustering algorithm. The tool provides valuable insights into the permission structures of an enterprise and delivers an initial role hierarchy for the definition of an enterprise role concept using a bottom-up approach.Keywords
This publication has 10 references indexed in Scilit:
- Role mining - revealing business roles for security administration using data mining technologyPublished by Association for Computing Machinery (ACM) ,2003
- A scenario-driven role engineering process for functional RBAC rolesPublished by Association for Computing Machinery (ACM) ,2002
- Role-finding/role-engineering (panel session)Published by Association for Computing Machinery (ACM) ,2000
- Process-oriented approach for role-finding to implement role-based security administration in a large industrial organizationPublished by Association for Computing Machinery (ACM) ,2000
- The uses of role hierarchies in access controlPublished by Association for Computing Machinery (ACM) ,1999
- Control principles and role hierarchiesPublished by Association for Computing Machinery (ACM) ,1998
- Role activation hierarchiesPublished by Association for Computing Machinery (ACM) ,1998
- The ARBAC97 model for role-based administration of rolesPublished by Association for Computing Machinery (ACM) ,1997
- Role engineeringPublished by Association for Computing Machinery (ACM) ,1996
- Role-based access control modelsComputer, 1996