Role Mining Using Boolean Matrix Decomposition with Hierarchy

With the increasing adoption of role-based access control (RBAC) in business security, how to apply role mining technology to aid the process of migrating a non-RBAC system to a RBAC system has become an important problem. Numerous approaches have been proposed to use data mining techniques to discover the roles. However, the Boolean matrix decomposition is still little used in role mining, because Boolean matrix decomposition without hierarchy can not express the hierarchical relationships of the RBAC model. In this paper, we propose a new method of Boolean matrix decomposition which can clearly express the hierarchical relationships of the RBAC model. Then, we introduce the cost-utility analysis method in economics to guide the role mining. Our optimization goal is not only to minimize the administration costs, but also to maximize the utility of RBAC configuration in the meanwhile. We further propose a heuristic algorithm to find the optimal solution with the Boolean matrix decomposition. The experimental results demonstrate the effectiveness of our approach.