RoleVAT: Visual Assessment of Practical Need for Role Based Access Control

Author

Zhang, Dana ; Ramamohanarao, Kotagiri ; Versteeg, Steven ; Zhang, Rui

Author_Institution

Univ. of Melbourne, Melbourne, VIC, Australia

fYear

2009

fDate

7-11 Dec. 2009

Firstpage

13

Lastpage

22

Abstract

Role based access control (RBAC) is a powerful security administration concept that can simplify permission assignment management. Migration to and maintenance of RBAC requires role engineering, the identification of a set of roles that offer administrative benefit. However, establishing that RBAC is desirable in a given enterprise is lacking in current role engineering processes. To help identify the practical need for RBAC, we propose RoleVAT, a Role engineering tool for the Visual Assessment of user and permission Tendencies. User and permission clusters can be visually identified as potential user groups or roles. The benefit and impact of this visual analysis in enterprise environments is discussed and demonstrated through testing on real life as well as synthetic datasets. Our experimental results show the effectiveness of RoleVAT as well as interesting user and role tendencies in real enterprise environments.

Keywords

authorisation; RoleVAT; permission Tendencies; role based access control; role engineering; security administration concept; synthetic datasets; user tendencies; visual assessment; Access control; Application software; Computer security; Conference management; Data engineering; Data mining; Data security; Pattern analysis; Permission; Power engineering and energy; cluster tendency analysis; clustering; data mining; role based access control; role engineering; role mining;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2009. ACSAC '09. Annual

Conference_Location

Honolulu, HI

ISSN

1063-9527

Print_ISBN

978-0-7695-3919-5

Type

conf

DOI

10.1109/ACSAC.2009.11

Filename

5380527