On using Authorization Traces to Support Role Mining with Evolutionary Algorithms

Simon Anderer; Alpay Sahin; Bernd Scheuermann; Sanaz Mostaghim

doi:10.5220/0011539300003332

On using Authorization Traces to Support Role Mining with Evolutionary Algorithms

Simon Anderer, Alpay Sahin, Bernd Scheuermann, Sanaz Mostaghim

2022

Abstract

To protect the security of IT systems of companies and organizations, Role Based Access Control is a widely used concept. The corresponding optimization problem, the Role Mining Problem, which consists of finding an optimum set of roles based on a given assignment of permissions to users was shown to be NP-complete and evolutionary algorithms have demonstrated to be a promising solution strategy. It is usually assumed that the assignment of permissions to users, used for role mining, reflects exactly the permissions needed by a user to perform the given tasks. However, considering enterprise resource planning systems (ERP) in real-world use cases, permission-to-user assignments are often outdated or, if at all, only partially available. In contrast, trace data, which records the behavior of users in ERP systems, is easily available. This paper describes and analyzes the different data types and sources provided by ERP systems. Furthermore, it is examined, if this data is suitable to create an initial permission-to-user assignment or to enhance the quality of a yet existing one. For this purpose, different trace-data-based methods are introduced. In the context of an industry-related research project, ERP data of two different companies is analyzed and used to evaluate the presented methods.

Download

Paper Citation

in Harvard Style

Anderer S., Sahin A., Scheuermann B. and Mostaghim S. (2022). On using Authorization Traces to Support Role Mining with Evolutionary Algorithms. In Proceedings of the 14th International Joint Conference on Computational Intelligence (IJCCI 2022) - Volume 1: ECTA; ISBN 978-989-758-611-8, SciTePress, pages 121-132. DOI: 10.5220/0011539300003332

in Bibtex Style

@conference{ecta22,
author={Simon Anderer and Alpay Sahin and Bernd Scheuermann and Sanaz Mostaghim},
title={On using Authorization Traces to Support Role Mining with Evolutionary Algorithms},
booktitle={Proceedings of the 14th International Joint Conference on Computational Intelligence (IJCCI 2022) - Volume 1: ECTA},
year={2022},
pages={121-132},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011539300003332},
isbn={978-989-758-611-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 14th International Joint Conference on Computational Intelligence (IJCCI 2022) - Volume 1: ECTA
TI - On using Authorization Traces to Support Role Mining with Evolutionary Algorithms
SN - 978-989-758-611-8
AU - Anderer S.
AU - Sahin A.
AU - Scheuermann B.
AU - Mostaghim S.
PY - 2022
SP - 121
EP - 132
DO - 10.5220/0011539300003332
PB - SciTePress