An Efficient Solution to User Authorization Query Problem in RBAC Systems Using Hierarchical Clustering

Authors

  • K. Rajesh Rao Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India https://orcid.org/0000-0001-9178-0652
  • Aditya Kolpe Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India
  • Tribikram Pradhan Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India
  • Bruno Bogaz Zarpelão Department of Computer Science, State University of Londrina, Londrina-PR, Brazil

DOI:

https://doi.org/10.13052/jcsm2245-1439.1142

Keywords:

Hierarchical Agglomerative Clustering, Least Privilege Principle, Role Based Access Control, Separation of duties, User Authorization Query Problem

Abstract

 Role Based Access Control (RBAC) systems face an essential issue related to systematic handling of users’ access requests known as the User Authentication Query (UAQ) Problem. In this paper, we show that the UAQ problem can be resolved using Unsupervised machine learning following the guaranteed access request and Dynamic Separation of Duty relations. The use of Agglomerative Hierarchical Clustering not only improves efficiency but also avoids disordered merging of existing roles to create new ones and steers clear of duplication. With a time complexity of  O(n^3), the algorithm proves to be one of the fastest and promising models in state-of-the-art. The proposed model has been compared with the existing models and experimentally evaluated.

Downloads

Download data is not yet available.

Author Biographies

K. Rajesh Rao, Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India

K. Rajesh Rao received his B.E. degree in Computer Science and Engineering and an M.Tech. degree in Computer Science and Information Security. His Ph.D. degree is in the area of Cloud Information Security from Manipal Academy of Higher Education (MAHE), Manipal, India. Currently, he is an Assistant Professor-Senior at Manipal Institute of Technology, MAHE, and is also associated with City, University of London as a Researcher in the area of cyber security. His research interests include, but are not limited to security analytics, access control models, cloud security, internet of things, and soft computing.

Aditya Kolpe, Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India

Aditya Kolpe received his BTech in Information Technology from Manipal Institute of Technology, Manipal and currently working as Associate Software Engineer at Oracle. His research interests include cyber security, data science and machine learning.

Tribikram Pradhan, Department of Information and Communication Technology, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, Karnataka, India

Tribikram Pradhan received his Ph.D. from Indian Institute of Technology (BHU), Varanasi in 2020, where he contributed to the development of a Multi-objective academic recommender system to provide recommendations for papers, citations, collaborators, reviewers, and academic venues. He also proposed a model for automatic meta-review generation considering individual reviews of a given research paper. Prior to joining IIT (BHU), he also worked as an assistant professor in the Department of Information and Communication Technology, Manipal Institute of Technology, Manipal. His research interests include information retrieval, recommender systems, text mining, social network analysis and natural language processing.

Bruno Bogaz Zarpelão, Department of Computer Science, State University of Londrina, Londrina-PR, Brazil

Bruno Bogaz Zarpelão received his BSc degree in computer Science from State University of Londrina, Brazil, and the PhD degree in Electrical Engineering from University of Campinas, Brazil. He is currently an Assistant Professor at the Computer Science Department of the State University of Londrina (UEL), which he joined in 2012. From March 2018 to February 2019, he was a visiting postdoctoral researcher with City, University of London. His research interests include security analytics, machine learning applied to cyber security, and internet of things.

References

F. David and K. Richard. Role-based access controls. In Proceedings of 15th NIST-NCSC National Computer Security Conference, volume 563. Baltimore, Maryland: NIST-NCSC, 1992.

R. Sandhu, D. Ferraiolo, and R. Kuhn. The nist model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, volume 10, 2000.

K. Rajesh Rao, A. Nayak, I.G. Ray, Y. Rahulamathavan, and M. Rajarajan. Role recommender-rbac: Optimizing user-role assignments in rbac. Computer Communications, 166:140–153, 2021.

Y. Zhang and J.B.D. Joshi. Uaq: a framework for user authorization query processing in rbac extended with hybrid hierarchy and constraints. In Proceedings of the 13th ACM symposium on Access control models and technologies, pages 83–92, 2008.

G.T. Wickramaarachchi, W.H. Qardaji, and N. Li. An efficient framework for user authorization queries in rbac systems. In Proceedings of the 14th ACM symposium on Access control models and technologies, pages 23–32, 2009.

N. Mousavi and M.V. Tripunitara. Mitigating the intractability of the user authorization query problem in role-based access control (rbac). In International Conference on Network and System Security, pages 516–529, 2012.

N. Mousavi. Algorithmic Problems in Access Control. Ph.d. dissertation, University of Waterloo, Canada, 2014.

J. Lu, J.B.D. Joshi, L. Jin, and Y. Liu. Towards complexity analysis of user authorization query problem in rbac. Computers & Security, 48:116–130, 2015.

A. Armando, G. Gazzarata, and F. Turkmen. Benchmarking uaq solvers. In Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pages 145–152, 2020.

ANSI INCITS. Incits 359-2004, american national standard for information technology, role based access control. American National Standards Institute, 2004.

Z. Tang, R. Guan, and K. Li. User authorization queries in rbac systems based on dna computation. In 2010 IEEE Fifth International Conference on Bio-Inspired Computing: Theories and Applications (BIC-TA), pages 174–179, 2010.

J. Lu, Y. Xin, Z. Zhang, H. Peng, and J. Han. Supporting user authorization queries in rbac systems by role–permission reassignment. Future Generation Computer Systems, 88:707–717, 2018.

J. Lu, Z. Wang, D.Xu, C. Tang, and J. Han. Towards an efficient approximate solution for the weighted user authorization query problem. IEICE TRANSACTIONS on Information and Systems, 100(8):1762–1769, 2017.

R Schreiber. Datasets used for role mining experiments.

C. Blundo and S. Cimato. A simple role mining algorithm. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 1958–1962, 2010.

J. Vaidya, V. Atluri, and J. Warner. Roleminer: mining roles using subset enumeration. In Proceedings of the 13th ACM conference on Computer and communications security, pages 144–153, 2006.

Downloads

Published

2022-11-07

Issue

Section

AI and Machine Learning for intelligent Cybersecurity solutions