首页    期刊浏览 2024年11月27日 星期三
登录注册

文章基本信息

  • 标题:Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations
  • 本地全文:下载
  • 作者:Wei Sun ; Shiwei Wei ; Huaping Guo
  • 期刊名称:Future Internet
  • 电子版ISSN:1999-5903
  • 出版年度:2019
  • 卷号:11
  • 期号:9
  • 页码:201-221
  • DOI:10.3390/fi11090201
  • 出版社:MDPI Publishing
  • 摘要:Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.
  • 关键词:role engineering; role mining; separation of duty constraints; user authorization query role engineering ; role mining ; separation of duty constraints ; user authorization query
国家哲学社会科学文献中心版权所有