An Efficient Solution to User Authorization Query Problem in RBAC Systems Using Hierarchical Clustering
Keywords:Hierarchical Agglomerative Clustering, Least Privilege Principle, Role Based Access Control, Separation of duties, User Authorization Query Problem
Role Based Access Control (RBAC) systems face an essential issue related to systematic handling of users’ access requests known as the User Authentication Query (UAQ) Problem. In this paper, we show that the UAQ problem can be resolved using Unsupervised machine learning following the guaranteed access request and Dynamic Separation of Duty relations. The use of Agglomerative Hierarchical Clustering not only improves efficiency but also avoids disordered merging of existing roles to create new ones and steers clear of duplication. With a time complexity of O(n^3), the algorithm proves to be one of the fastest and promising models in state-of-the-art. The proposed model has been compared with the existing models and experimentally evaluated.
F. David and K. Richard. Role-based access controls. In Proceedings of 15th NIST-NCSC National Computer Security Conference, volume 563. Baltimore, Maryland: NIST-NCSC, 1992.
R. Sandhu, D. Ferraiolo, and R. Kuhn. The nist model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, volume 10, 2000.
K. Rajesh Rao, A. Nayak, I.G. Ray, Y. Rahulamathavan, and M. Rajarajan. Role recommender-rbac: Optimizing user-role assignments in rbac. Computer Communications, 166:140–153, 2021.
Y. Zhang and J.B.D. Joshi. Uaq: a framework for user authorization query processing in rbac extended with hybrid hierarchy and constraints. In Proceedings of the 13th ACM symposium on Access control models and technologies, pages 83–92, 2008.
G.T. Wickramaarachchi, W.H. Qardaji, and N. Li. An efficient framework for user authorization queries in rbac systems. In Proceedings of the 14th ACM symposium on Access control models and technologies, pages 23–32, 2009.
N. Mousavi and M.V. Tripunitara. Mitigating the intractability of the user authorization query problem in role-based access control (rbac). In International Conference on Network and System Security, pages 516–529, 2012.
N. Mousavi. Algorithmic Problems in Access Control. Ph.d. dissertation, University of Waterloo, Canada, 2014.
J. Lu, J.B.D. Joshi, L. Jin, and Y. Liu. Towards complexity analysis of user authorization query problem in rbac. Computers & Security, 48:116–130, 2015.
A. Armando, G. Gazzarata, and F. Turkmen. Benchmarking uaq solvers. In Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pages 145–152, 2020.
ANSI INCITS. Incits 359-2004, american national standard for information technology, role based access control. American National Standards Institute, 2004.
Z. Tang, R. Guan, and K. Li. User authorization queries in rbac systems based on dna computation. In 2010 IEEE Fifth International Conference on Bio-Inspired Computing: Theories and Applications (BIC-TA), pages 174–179, 2010.
J. Lu, Y. Xin, Z. Zhang, H. Peng, and J. Han. Supporting user authorization queries in rbac systems by role–permission reassignment. Future Generation Computer Systems, 88:707–717, 2018.
J. Lu, Z. Wang, D.Xu, C. Tang, and J. Han. Towards an efficient approximate solution for the weighted user authorization query problem. IEICE TRANSACTIONS on Information and Systems, 100(8):1762–1769, 2017.
R Schreiber. Datasets used for role mining experiments.
C. Blundo and S. Cimato. A simple role mining algorithm. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 1958–1962, 2010.
J. Vaidya, V. Atluri, and J. Warner. Roleminer: mining roles using subset enumeration. In Proceedings of the 13th ACM conference on Computer and communications security, pages 144–153, 2006.
Copyright (c) 2022 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.