Role Refinement in Access Control: Model and Analysis

DSpace/Manakin Repository

Role Refinement in Access Control: Model and Analysis

Show simple item record

title Role Refinement in Access Control: Model and Analysis
contributor.author Xia, H.
contributor.author Dawande, Milind W.
contributor.author Mookerjee, Vijay S.
contributor.ISNI 0000 0001 1561 8354 (Dawande, MW)
contributor.LCNA 2007039673 (Dawande, MW)
contributor.LCNA 90649574‏ (Mookerjee, VS)
description.abstract Access control mechanisms in software systems administer user privileges by granting users permission to perform certain operations while denying unauthorized access to others. Such mechanisms are essential to ensure that important business functions in an organization are conducted securely and smoothly. Currently, the dominant access control approach in most major software systems is role-based access control. In this approach, permissions are first assigned to roles, and users acquire permissions by becoming members of certain roles. However, given the dynamic nature of organizations, a fixed set of roles usually cannot meet the demands that users (existing or new) have to conduct business. The typical response to this problem is to myopically create new roles to meet immediate demand that cannot be satisfied by an existing set of roles. This ad hoc creation of roles invariably leads to a proliferation in the number of roles with the accompanying administrative overhead. Based on discussions with practitioners, we propose a role refinement scheme that reconstructs a system of roles to reduce the cost of role management. We first show that the role-refinement problem is strongly NP-hard and then provide two polynomial-time approximation algorithms (a greedy algorithm and a randomized rounding algorithm) and establish their performance guarantees. Finally, numerical experiments-based on a real data set from a firm's enterprise resource planning system-are conducted to demonstrate the applicability and performance of our refinement scheme.
identifier.issn 1091-9856
identifier.uri http://hdl.handle.net/10735.1/4217
identifier.bibliographicCitation Xia, H., M. Dawande, and V. Mookerjee. 2014. "Role refinement in access control: Model and analysis." Informs Journal on Computing 26(4): 866-884.
identifier.volume 26
identifier.issue 4
subject Role refinement
subject Business records--Access control
subject Computer networks--Security measures
date.created 2014-07-28
publisher Informs Inst. for Operations Res. and the Management Sciences
relation.uri http://dx.doi.org/10.1287/ijoc.2014.0603
rights ©2014 INFORMS
language.iso en
source.journal Informs Journal on Computing

Files in this item

Files Size Format View
JSOM-FR-VSMookerjee-271344.40.pdf 882.5Kb PDF View/Open Article
JSOM-FR-VSMookerjee-271344.40.s.pdf 137.0Kb PDF View/Open Supplement

This item appears in the following Collection(s)


Show simple item record