Next Article in Journal
Design of IoT-based Cyber–Physical Systems: A Driverless Bulldozer Prototype
Previous Article in Journal
Fuzzy Reinforcement Learning and Curriculum Transfer Learning for Micromanagement in Multi-Robot Confrontation
Open AccessArticle

Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints

Center of Network Information and Computing, Xinyang Normal University, Xinyang 464000, China
*
Author to whom correspondence should be addressed.
Information 2019, 10(11), 342; https://doi.org/10.3390/info10110342
Received: 18 October 2019 / Revised: 31 October 2019 / Accepted: 2 November 2019 / Published: 4 November 2019
(This article belongs to the Section Information Systems)
Role-based access control (RBAC) is one of the most popular access-control mechanisms because of its convenience for management and various security policies, such as cardinality constraints, mutually exclusive constraints, and user-capability constraints. Role-engineering technology is an effective method to construct RBAC systems. However, mining scales are very large, and there are redundancies in the mining results. Furthermore, conventional role-engineering methods not only do not consider more than one cardinality constraint, but also cannot ensure authorization security. To address these issues, this paper proposes a novel method called role-engineering optimization with cardinality constraints and user-oriented mutually exclusive constraints (REO_CCUMEC). First, we convert the basic role mining into a clustering problem, based on the similarities between users and use-partitioning and compression technologies, in order to eliminate redundancies, while maintaining its usability for mining roles. Second, we present three role-optimization problems and the corresponding algorithms for satisfying single or double cardinality constraints. Third, in order to evaluate the performance of authorizations in a role-engineering system, the maximal role assignments are implemented, while satisfying multiple security constraints. The theoretical analyses and experiments demonstrate the accuracy, effectiveness, and efficiency of the proposed method. View Full-Text
Keywords: role engineering; role mining; role assignments; cardinality constraints; user-oriented mutually exclusive constraints role engineering; role mining; role assignments; cardinality constraints; user-oriented mutually exclusive constraints
Show Figures

Figure 1

MDPI and ACS Style

Sun, W.; Su, H.; Liu, H. Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive Constraints. Information 2019, 10, 342.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop