Mining temporal roles using many-valued concepts

摘要

Many of today's access control policies are associated with temporal restrictions. Under temporal role-based access control (TRBAC), roles have an associated temporal component, which allows them to better encapsulate such temporal access control policies. However, given their complexity, TRBAC systems can only be well managed if the set of roles is correctly defined. The process of deriving an optimal set of such roles is known as temporal role mining. In this paper, we formally define the temporal role mining problem (TRMP) in the form of a matrix decomposition problem, by introducing a new operator that multiplies a set with a Boolean value and redefining existing matrix multiplication operations in terms of it. We also define a new metric for temporal role mining, called cumulative overhead of temporal roles and permissions (CO-TRAP), which takes into consideration the administrative effort required for managing the resulting TRBAC system. Since TRMP as well as minimization of CO-TRAP are NP-complete problems, we propose two greedy algorithms based on many-valued concepts. Experimental evaluation on a number of real-world datasets shows that the proposed approach is both efficient and effective.