Role Refinement in Access Control: Model and Analysis

DSpace/Manakin Repository

Role Refinement in Access Control: Model and Analysis

Show full item record

Title: Role Refinement in Access Control: Model and Analysis
Author(s):
Xia, H.;
Dawande, Milind W.;
Mookerjee, Vijay S.
Item Type: article
Keywords: Role refinement
Business records--Access control
Computer networks--Security measures
Description:
Abstract: Access control mechanisms in software systems administer user privileges by granting users permission to perform certain operations while denying unauthorized access to others. Such mechanisms are essential to ensure that important business functions in an organization are conducted securely and smoothly. Currently, the dominant access control approach in most major software systems is role-based access control. In this approach, permissions are first assigned to roles, and users acquire permissions by becoming members of certain roles. However, given the dynamic nature of organizations, a fixed set of roles usually cannot meet the demands that users (existing or new) have to conduct business. The typical response to this problem is to myopically create new roles to meet immediate demand that cannot be satisfied by an existing set of roles. This ad hoc creation of roles invariably leads to a proliferation in the number of roles with the accompanying administrative overhead. Based on discussions with practitioners, we propose a role refinement scheme that reconstructs a system of roles to reduce the cost of role management. We first show that the role-refinement problem is strongly NP-hard and then provide two polynomial-time approximation algorithms (a greedy algorithm and a randomized rounding algorithm) and establish their performance guarantees. Finally, numerical experiments-based on a real data set from a firm's enterprise resource planning system-are conducted to demonstrate the applicability and performance of our refinement scheme.
Publisher: Informs Inst. for Operations Res. and the Management Sciences
ISSN: 1091-9856
Persistent Link: http://dx.doi.org/10.1287/ijoc.2014.0603
http://hdl.handle.net/10735.1/4217
Terms of Use: ©2014 INFORMS

Files in this item

Files Size Format View
JSOM-FR-VSMookerjee-271344.40.pdf 882.5Kb PDF View/Open Article
JSOM-FR-VSMookerjee-271344.40.s.pdf 137.0Kb PDF View/Open Supplement

This item appears in the following Collection(s)


Show full item record