Skip to main content
SpringerLink
Log in

Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)

  • Conference paper
Information Systems Security (ICISS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5905))

Included in the following conference series:

Abstract

In Role Based Access Control (RBAC) systems, formulating a correct set of roles, assigning appropriate privileges to roles, and assigning roles to users are the fundamental design tasks. Whether these tasks are performed by a human (e.g., system administrator) or by a machine (e.g., expert system), misconfigurations are likely to occur. The misconfigurations could manifest as under-privileges (fewer privileges assigned) or over-privileges (more privileges than necessary). In this paper, we describe an approach based on role mining to detect and correct such misconfigurations. Here, the overlap among the users and privileges of different roles is used to identify possible misconfigurations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  2. Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to Optimal RBAC with Minimal Perturbation. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM Press, New York (2008)

    Chapter  Google Scholar 

  3. Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role Engineering via Prioritized Subset Enumeration. In: IEEE Transactions on Dependable and Secure Computing, October 2008, vol. 28. IEEE Computer Society Digital Library, IEEE Computer Society, Los Alamitos (2008), http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.61

    Google Scholar 

  4. Vaidya, J., Atluri, V., Guo, Q.: The Role-Mining Problem: Finding a Minimal Descriptive Set of Roles. In: 12th ACM Symposium on Access Control Models and Technologies, pp. 175–184. ACM Press, New York (2007)

    Chapter  Google Scholar 

  5. Molloy, I., Li, N., Li, T., Lobo, J.: Evaluating Role Mining Algorithms. In: 14th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM Press, New York (2009)

    Google Scholar 

  6. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast Exact and Heuristic Methods for Role Minimization Problems. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM Press, New York (2008)

    Google Scholar 

  7. Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning and Techniques, 2nd edn. Morgan Kaufmann Publishers, San Francisco (2005)

    MATH  Google Scholar 

  8. Bauer, L., Garriss, S., Reiter, M.K.: Detecting and Resolving Policy Misconfigurations in Access-Control Systems. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 185–194. ACM Press, New York (2008)

    Chapter  Google Scholar 

  9. Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional, Reading (2002)

    Google Scholar 

  10. Vaidya, J., Atluri, V., Warner, J.: Roleminer: mining Roles Using Subset Enumeration. In: 13th ACM Conference on Computer and Communications Security, pp. 144–153. ACM Press, New York (2006)

    Chapter  Google Scholar 

  11. Mukkamala, R., Jajodia, S.: Effects of Distributed Database Modeling on Evaluation of Transaction Rollbacks. In: 22nd Winter Simulation Conference, pp. 839–845. IEEE Press, Los Alamitos (1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Norfolk, Old Dominion University, Virginia, 23529-0162, USA

    Ravi Mukkamala, Vishnu Kamisetty & Pawankumar Yedugani

Authors
  1. Ravi Mukkamala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vishnu Kamisetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pawankumar Yedugani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electrical Engineering and Computer Science Department, University of Michigan, 48109, Ann Arbor, MI, USA

    Atul Prakash

  2. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India

    Indranil Sen Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mukkamala, R., Kamisetty, V., Yedugani, P. (2009). Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper). In: Prakash, A., Sen Gupta, I. (eds) Information Systems Security. ICISS 2009. Lecture Notes in Computer Science, vol 5905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10772-6_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10772-6_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10771-9

  • Online ISBN: 978-3-642-10772-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation