Your search for: 'author:("Stoller, Scott D.")' has returned 2 results. (0.024s) Save search

Authors: Stoller, Scott D. | Bui, Thang

Article Type: Research Article

Abstract: Temporal role-based access control (TRBAC) extends role-based access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric. We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership …can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at optimizing policy quality. Show more

Keywords: Role mining, temporal role-based access control

DOI: 10.3233/JCS-17989

Citation: Journal of Computer Security, vol. 26, no. 1, pp. 121-142, 2018

Authors: Yang, Ping | Gofman, Mikhail I. | Stoller, Scott D. | Yang, Zijiang

Article Type: Research Article

Abstract: Role based access control (RBAC) is a widely used approach to access control with well-known advantages in managing authorization policies. This paper considers user-role reachability analysis of administrative role based access control (ARBAC), which defines administrative roles and specifies how members of each administrative role can change the RBAC policy. Most existing works on user-role reachability analysis assume the separate administration restriction in ARBAC policies. While this restriction greatly simplifies the user-role reachability analysis, it also limits the expressiveness and applicability of ARBAC. In this paper, we consider analysis of ARBAC without the separate administration restriction and present new techniques …to reduce the number of ARBAC rules and users considered during analysis. We also present parallel algorithms that speed up the analysis on multi-core systems. The experimental results show that our techniques significantly reduce the analysis time, making it practical to analyze ARBAC without separate administration. Show more

Keywords: Administrative role-based access control, policy analysis

DOI: 10.3233/JCS-140511

Citation: Journal of Computer Security, vol. 23, no. 1, pp. 1-29, 2015