Reconfiguring Role-Based Access Control via Role Clustering

Abstract

Read online

Role-based access control (RBAC) systems have become a widely used and accepted method by many organizations today due to their efficiency and ease of management. However, to truly benefit from RBAC systems, the roles in the relevant system must be well defined. Bottom-up, top-down, and hybrid approaches exist to accurately define the roles to be included in access control systems. Even if RBAC systems are designed carefully, the role privilege assignments tend to wear out and become chaotic after some time. This study demonstrates a role mining approach to reconfiguring such existing client specific RBAC systems by identifying clusters of similar roles using the assigned privileges. In this study, masked RBAC data of 10 clients of a software company are used. The approach creates role clusters via Agglomerative Hierarchical Clustering, an unsupervised clustering algorithm that works in a bottom-up technique. The experiment results show that it is better using the resulting candidate clusters as a reference in reconfiguring the RBAC systems, instead of using them to replace the existing roles. Additionally, it has been observed that in some client tables with a limited number of unique roles, the pairwise F1 score was remarkably high, indicating a strong correspondence between the candidate and expected roles.

Keywords

• Agglomerative hierarchical clustering
• pairwise evaluation
• role-based access control
• role mining