Abstract
Background: If we rely solely on whether to assign permissions together to determine roles, the roles we generate may not necessarily reflect the needs of the system. Therefore, the role generation process can be done based on user-to-permission dynamic relationships, such as user dynamic operation logs, thus providing the motivation for this work.
Methods: In our paper, we introduce a special generalization process and a frequent set-based analysis method to generate roles based on the particular data type of user dynamic operation logs so that the time factor of permissions used is considered before the process of role generation to generate the roles such also as auth_perms(r) = {p1, p2, p3}.
Results: Our algorithm is less time consuming and generates less roles than traditional algorithm. Furthermore, the roles generated by the algorithm can better describe the real needs of the system and have better interpretability.
Conclusion: The results show that the algorithm has superior performance and useful role generation compared to traditional algorithm.
Keywords: RBAC, role engineering, role mining, dynamic, operation logs, technology.
[http://dx.doi.org/10.1145/501978.501980]
[http://dx.doi.org/10.1145/507711.507718]
[http://dx.doi.org/10.1145/1377836.1377838]
[http://dx.doi.org/10.1002/cpe.1731]
[http://dx.doi.org/10.1145/3381991.3395597]
[http://dx.doi.org/10.1145/507711.507717]
[http://dx.doi.org/10.1145/1377836.1377840]
2007pp. 139-144 Antipoles, France [http://dx.doi.org/10.1145/1266840.1266862]
[http://dx.doi.org/10.1007/978-3-642-17714-9_13]
[http://dx.doi.org/10.1002/sec.1177]
[http://dx.doi.org/10.1002/cpe.3456]
[http://dx.doi.org/10.1007/978-3-642-39256-6_5]
[http://dx.doi.org/10.3233/JCS-140512]
[http://dx.doi.org/10.1049/iet-ifs.2016.0258]
[http://dx.doi.org/10.1145/3322431.3325106]