Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice
ZHANG Lei1,2, ZHANG Hong-li1, HAN Dao-jun2, SHEN Xia-jiong2
1. School of Computer Science and Technology, Harbin Institute of Technology, Harbin, Heilongjiang 150001, China;
2. Institute of Data and Knowledge Engineering, Henan University, Kaifeng, Henan 475004, China
Roles minimization problem and its algorithm based on RBAC model are studied in this paper.Roles minimization problem is introduced into concept lattice model.The minimal set of roles,roles replacement and roles reduction are defined,and the corresponding theorems are proved.Based on this,the model of solving roles minimization problem based on roles replacement is created and a greedy algorithm is proposed.In this algorithm,the object concepts set is regarded as initial set,concetps in roles set are replaced and reducted by their parents one by one,and the minimal set of roles is solved by iteration in bottom-up way.Experiments show that the theory and the proposed algorithm are effective.
张磊, 张宏莉, 韩道军, 沈夏炯. 基于概念格的RBAC模型中角色最小化问题的理论与算法[J]. 电子学报, 2014, 42(12): 2371-2378.
ZHANG Lei, ZHANG Hong-li, HAN Dao-jun, SHEN Xia-jiong. Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice. Chinese Journal of Electronics, 2014, 42(12): 2371-2378.
[1] 李凤华,苏,马建峰.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813. Li Feng-hua,Su Mang,Shi Guo-zhen,Ma Jianfeng.Research status and development trends of access control model[J].Acta Electronica Sinica,2012,40(4):805-813.(in Chinese)
[2] Vaidya J,Atluri V,Guo Q.The role mining problem:finding a minimal descriptive set of roles[A].Proceedings of the 12th ACM symposium on Access control models and technologies[C].New York:ACM,2007.175-184.
[3] Vaidya J,Atluri V,Guo Q,et al.Edge-rmp:Minimizing administrative assignments for role-based access control[J].Journal of Computer Security,2009,17(2):211-235.
[4] Lu H,Vaidya J,Atluri V.Optimal boolean matrix decomposition:Application to role engineering[A].IEEE 24th International Conference on Data Engineering[C].Piscataway:IEEE,2008.297-306.
[5] Ene A,Horne W,Milosavljevic N,et al.Fast exact and heuristic methods for role minimization problems[A].Proceedings of the 13th ACM symposium on Access control models and technologies[C].New York: ACM,2008.1-10.
[6] Zhang D,Ramamohanarao K,Ebringer T.Role engineering using graph optimisation[A].Proceedings of the 12th ACM symposium on Access control models and technologies[C].New York:ACM,2007.139-144.
[7] Ganter B,Wille R.Formal Concept Analysis:Mathematical Foundations[M].Berlin:Springer,1999.
[8] 张磊,张宏莉,殷丽华,韩道军.概念格的属性渐减原理与算法研究[J].计算机研究与发展,2013,50(2):248-259. Zhang Lei,Zhang Hong-li,Yin Li-hua,Han Dao-jun.Theory and algorithms of attribute decrement for concept lattice[J].Journal of Computer Research and Development,2013,50(2):248-259.(in Chinese)
[9] Sobieski ?,Zieliński B.Modelling role hierarchy structure using the formal concept analysis[J].Annales UMCS,Informatica,2010,10(2):143-159.
[10] Wang Jian,Zeng Cheng,He Chuan,Hong Liang,et al.Context-aware role mining for mobile service recommendation[A].Proceedings of the 27th Annual ACM Symposium on Applied Computing[C].New York:ACM,2012.173-178.
[11] Gauthier F,Merlo E.Investigation of access control models with formal concept analysis:A case study[A].2012 16th European Conference on Software Maintenance and Reengineering(CSMR)[C].Piscataway:IEEE,2012.397-402.
[12] Han DaoJun,Zhuo Hankui,Xia Lanting,Li Lei.Permission and role automatic assigning of user in role-based access control[J].Journal of Central South University of Technology,2012,19(4):1049-1056.
[13] Molloy I,Li N,Li T,et al.Evaluating role mining algorithms[A].Proceedings of the 14th ACM Symposium on Access Control Models and Technologies[C].New York:ACM,2009.95-104.
[14] Molloy I,Chen H,Li T,et al.Mining roles with multiple objectives[J].ACM Transactions on Information and System Security(TISSEC),2010,13(4):36.
2014, Vol. 42 
