Pietro, Roberto Di.

Role Mining in Business : Taming Rose-Based Access Control Administration. - 1 online resource (295 pages)

Intro -- Contents -- Preface -- Fundamentals -- 1. Managing Access Rights -- 1.1 Challenges of Controlling Access -- 1.2 Access Control Concepts -- 1.2.1 Policies, Models, and Mechanisms -- 1.2.2 Permissions, Operations, and Objects -- 1.2.3 Authentication and Authorization -- 1.2.4 User Life-Cycle Management and Provisioning -- 1.2.5 Overentitlement and Underentitlement -- 1.3 Access Control Models -- 1.3.1 Access Control Lists -- 1.3.2 Discretionary Access Control -- 1.3.3 Mandatory Access Control -- 1.3.4 Attribute-Based Access Control -- 1.4 Final Remarks -- 2. Role-Based Access Control -- 2.1 RBAC Basics -- 2.2 RBAC Standards -- 2.2.1 Core RBAC -- 2.2.2 Hierarchical RBAC -- 2.2.3 Static Separation of Duties (SSD) RBAC -- 2.2.4 Dynamic Separation of Duties (DSD) RBAC -- 2.3 Advantages of RBAC -- 2.3.1 Efficient Policy Maintenance and Certification -- 2.3.2 Efficient Provisioning -- 2.3.3 Reduction in New Employee Downtime -- 2.3.4 Enhanced System Security -- 2.3.5 Enhanced Organizational Productivity -- 2.4 Obstacles to Migrating to RBAC -- 2.4.1 Role Engineering -- 2.4.2 Migration Costs -- 2.4.3 Systems Structure and Interoperability -- 2.4.4 Product Acceptance and Comparison -- 2.5 Final Remarks -- 3. Role Engineering -- 3.1 Modeling Roles -- 3.2 Role Engineering Approaches -- 3.2.1 Top-Down -- 3.2.2 Bottom-Up -- 3.3 Parts of a Role Engineering Task -- 3.4 Guidelines -- 3.5 Final Remarks -- 4. A Step-to-Step Methodology for Role Mining -- 4.1 Role Mining Steps -- 4.2 Understanding Access Control Data -- 4.3 Data Preparation -- 4.4 Role Definition -- 4.5 Final Remarks -- 5. The Hidden Structure of Roles -- 5.1 Formalization of the Role Mining Problem -- 5.2 Graph-Based Approach -- 5.2.1 Graph Theory Basics -- 5.2.2 Role Mining and Graph-Related Problems -- 5.3 Matrix-Based Approach -- 5.3.1 Role Mining and Binary Matrix Factorization. 5.3.2 Pseudo-Roles -- 5.3.3 Relevance of Maximal Pseudo-Roles -- 5.3.4 Fast Computation of Maximal Pseudo-Roles -- 5.4 Permission-Powerset Lattice -- 5.4.1 Posets, Lattices, Hasse Diagrams, and Graphs -- 5.4.2 Mapping Permission Patterns to Roles -- 5.4.3 Finding Redundancies -- 5.5 Final Remarks -- Pattern Identification in Users' Entitlements -- 6. Enumerating Candidate Roles -- 6.1 Eliciting Patterns From Access Data -- 6.1.1 Clustering Techniques -- 6.1.1.1 Categorization of Clustering Methods -- 6.1.1.2 ORCA: A Hierarchical Clustering for Role Mining -- 6.1.2 Frequent Itemsets -- 6.1.2.1 Definitions -- 6.1.2.2 The Algorithm Apriori -- 6.1.2.3 Generating Association Rules -- 6.1.2.4 Closed Itemset Mining -- 6.1.2.5 CompleteMiner: Enumeration of Closed Permission-Sets -- 6.2 Minimizing the Number of Roles -- 6.2.1 A Graph Reduction for Role Minimization -- 6.2.2 Optimal Boolean Matrix Decomposition -- 6.3 Estimating the Minimum Number of Roles -- 6.3.1 Martingales and Azuma-Hoe.ding Inequality -- 6.3.2 A Concentration Result for Number of Roles -- 6.3.3 Applications of the Bound -- 6.4 Final Remarks -- 7. Minimizing the Effort of Administering RBAC -- 7.1 A Cost-Driven Approach to Role Engineering -- 7.2 Problem Formalization -- 7.3 Finding Optimal Role-Sets -- 7.3.1 Discarding Candidate Roles -- 7.3.2 Finding the Optimum -- 7.4 Finding Sub-Optimal Role-Sets -- 7.4.1 Lattice Generation -- 7.4.2 Removing Costly Roles -- 7.4.3 Examples -- 7.4.4 Testing With Real Data -- 7.5 Final Remarks -- Devising Meaningful Roles -- 8. Measuring the Meaning of Roles -- 8.1 Meaningful Roles -- 8.2 Modeling Business -- 8.2.1 Business Activities -- 8.2.2 Organization Units -- 8.3 Measuring the Meaning of Roles -- 8.3.1 Farness -- 8.3.2 Activity-Spread -- 8.3.3 Organization-Unit-Spread -- 8.3.4 Revising the Cost Function -- 8.4 Spread Indices in Action. 8.4.1 Example of Activity-Spread -- 8.4.2 Organization-Unit-Spread on Real Data -- 8.5 Final Remarks -- 9. Visual Role Mining -- 9.1 Role Visualization Problem -- 9.1.1 Binary Matrix Representation -- 9.1.2 Problem Formalization -- 9.2 Matrix Sorting Algorithm -- 9.2.1 Algorithm Description -- 9.2.2 Example -- 9.3 Visual Elicitation of Roles -- 9.3.1 Using Pseudo-Roles -- 9.3.2 Example -- 9.4 A Visual Approach to Role Engineering -- 9.5 Experimental Results -- 9.6 Final Remarks -- Taming Role Mining Complexity -- 10. Splitting Up the Mining Task -- 10.1 A Divide-and-Conquer Approach -- 10.2 Complexity Measures -- 10.3 Similarity -- 10.3.1 Similarity and Jaccard Coefficient -- 10.3.2 Approximating the Similarity -- 10.4 Minability -- 10.4.1 Clustering Coefficient -- 10.4.2 The Minability Index -- 10.4.3 Approximating the Minability -- 10.5 Considerations About Minability and Similarity -- 10.6 Conditioned Indices -- 10.6.1 Conditioned Similarity -- 10.6.2 Conditioned Minability -- 10.6.3 Examples -- 10.6.4 Approximation of Conditioned Indices -- 10.7 Application to a Real Case -- 10.7.1 High and Low Values of Minability and Similarity -- 10.7.2 Selection of the Best Business Information -- 10.7.3 Drill Down -- 10.8 Final Remarks -- 11. Stable Roles -- 11.1 Stable Assignments and Stable Roles -- 11.1.1 Problem Formalization -- 11.2 Pruning Unstable Assignments -- 11.2.1 Methodology -- 11.2.2 Unstable Assignment Identification -- 11.3 Stability and Mining Complexity -- 11.4 Pruning Examples -- 11.4.1 A Real Case -- 11.4.2 Effects of the Pruning on the Mining Complexity -- 11.4.3 Threshold Tuning -- 11.5 Final Remarks -- 12. Imputing Missing Grants -- 12.1 Missing Values -- 12.2 AB A: Adaptive Bicluster-Based Approach -- 12.3 Algorithm Description -- 12.4 Testing AB A -- 12.4.1 Testing on Synthetic Data -- 12.4.2 Testing on Real Data. 12.5 Final Remarks -- The Risk of Unmanageable Roles -- 13. The Risk of Meaningless Roles -- 13.1 Assessing Risky System Configurations -- 13.2 Risk Model -- 13.3 Risk Metrics -- 13.3.1 Similarity- and Minability-Based Risks -- 13.3.2 Conditioned Indices -- 13.3.3 Fast Index Approximation -- 13.4 Analysis of a Real Case -- 13.5 Final Remarks -- 14. Ranking Users and Permissions -- 14.1 Stability -- 14.2 Framework Description -- 14.3 Experimental Results -- 14.4 Final Remarks -- Bibliography -- Index.

Key Features:Focus on role mining - the automated part of role engineering - to reduce the cost of managing roles in both expected and unexpected waysCouples clear formalism with both theoretical and experimental resultsEffectively blends theory and practice to address both academia and industry.

9789814366151


Computer networks -- Access control.


Electronic books.

TK5105.59 -- .C65 2012eb

005.8

Powered by Koha