Mining Least Privilege Roles By Genetic Algorithm
Role-based access control (RBAC) has been adopted widely by reducing the complexity of the management of access control.The least privilege principle is a very important constraint policy of RBAC.A key problem related to this is the notion of goodness/interestingness-when is a role good? Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC.In this paper,to address this problem,we map this problem to a formal definition in mathematics-δ-approx least privilege mining (δ-approx LPM).We introduce a method named GABM to enforce LPM based on the generic algorithm.By GABM,the least privilege roles can be found out correctly.Our experiments display the effect of GABM.Finally,we conclude our work.
access control RBAC least privilege role mining
Lijun Dong Maocai Wang Xiaojun Kang
School of Computer, China University of Geosciences, Wuhan, 430074, P.R.China
国际会议
台湾
英文
4508-4512
2011-12-11(万方平台首次上网日期,不代表论文的发表时间)