Abstract
In Role Based Access Control (RBAC) systems, formulating a correct set of roles, assigning appropriate privileges to roles, and assigning roles to users are the fundamental design tasks. Whether these tasks are performed by a human (e.g., system administrator) or by a machine (e.g., expert system), misconfigurations are likely to occur. The misconfigurations could manifest as under-privileges (fewer privileges assigned) or over-privileges (more privileges than necessary). In this paper, we describe an approach based on role mining to detect and correct such misconfigurations. Here, the overlap among the users and privileges of different roles is used to identify possible misconfigurations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to Optimal RBAC with Minimal Perturbation. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM Press, New York (2008)
Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role Engineering via Prioritized Subset Enumeration. In: IEEE Transactions on Dependable and Secure Computing, October 2008, vol. 28. IEEE Computer Society Digital Library, IEEE Computer Society, Los Alamitos (2008), http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.61
Vaidya, J., Atluri, V., Guo, Q.: The Role-Mining Problem: Finding a Minimal Descriptive Set of Roles. In: 12th ACM Symposium on Access Control Models and Technologies, pp. 175–184. ACM Press, New York (2007)
Molloy, I., Li, N., Li, T., Lobo, J.: Evaluating Role Mining Algorithms. In: 14th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM Press, New York (2009)
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast Exact and Heuristic Methods for Role Minimization Problems. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM Press, New York (2008)
Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning and Techniques, 2nd edn. Morgan Kaufmann Publishers, San Francisco (2005)
Bauer, L., Garriss, S., Reiter, M.K.: Detecting and Resolving Policy Misconfigurations in Access-Control Systems. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 185–194. ACM Press, New York (2008)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional, Reading (2002)
Vaidya, J., Atluri, V., Warner, J.: Roleminer: mining Roles Using Subset Enumeration. In: 13th ACM Conference on Computer and Communications Security, pp. 144–153. ACM Press, New York (2006)
Mukkamala, R., Jajodia, S.: Effects of Distributed Database Modeling on Evaluation of Transaction Rollbacks. In: 22nd Winter Simulation Conference, pp. 839–845. IEEE Press, Los Alamitos (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mukkamala, R., Kamisetty, V., Yedugani, P. (2009). Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper). In: Prakash, A., Sen Gupta, I. (eds) Information Systems Security. ICISS 2009. Lecture Notes in Computer Science, vol 5905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10772-6_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-10772-6_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10771-9
Online ISBN: 978-3-642-10772-6
eBook Packages: Computer ScienceComputer Science (R0)