Next Article in Journal
Ranking by Relevance and Citation Counts, a Comparative Study: Google Scholar, Microsoft Academic, WoS and Scopus
Previous Article in Journal
Incorporating Background Checks with Sentiment Analysis to Identify Violence Risky Chinese Microblogs
Open AccessArticle

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

1
Center of Network Information and Computing, Xinyang Normal University, Xinyang 464000, China
2
School of Computer and Technology, Guilin University of Aerospace Technology, Guilin 541000, China
3
School of Computer and Information Technology, Xinyang Normal University, Xinyang 464000, China
*
Author to whom correspondence should be addressed.
Future Internet 2019, 11(9), 201; https://doi.org/10.3390/fi11090201
Received: 21 August 2019 / Revised: 15 September 2019 / Accepted: 16 September 2019 / Published: 19 September 2019
(This article belongs to the Section Cybersecurity)
Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method. View Full-Text
Keywords: role engineering; role mining; separation of duty constraints; user authorization query role engineering; role mining; separation of duty constraints; user authorization query
Show Figures

Figure 1

MDPI and ACS Style

Sun, W.; Wei, S.; Guo, H.; Liu, H. Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations. Future Internet 2019, 11, 201.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop