ACM旗舰期刊ACM Computing Surveys论文引用并评述了IDC实验室在角色挖掘方面的工作
ACM旗舰期刊ACM Computing Surveys最新出版的一篇综述文章评述了角色挖掘方面的最新研究进展,HUST-IDC实验室在近年发表的多篇论文被引用,并进行了较为全面的介绍。论文信息如下:
Mitra,
Barsha; Sural, Shamik; Vaidya, Jaideep. A Survey of Role Mining. ACM Computing
Surveys, 2016, 48(4): No.50
角色挖掘是基于角色的访问控制技术中重要的学术研究方向。基于角色的访问控制(Role-Based
Access Control, RBAC)是一种广泛应用的访问控制机制,在该机制中权限不再直接分配给用户,而是通过将权限与角色相互关联。角色挖掘技术就是通过分析系统中已经存在的用户和权限之间的分配关系,利用数据挖掘技术挖掘出所对应的角色和角色层次关系。
HUST-IDC实验室长期从事角色挖掘方向的研究,并与国际学术界角色挖掘研究领域的研究团队建立起长期交流合作关系。近年来,HUST-IDC实验室在访问控制领域的著名国际会议ACM SACMAT、ACM AsiaCCS和期刊Mathematical
and Computer Modelling中发表多篇角色挖掘领域的高水平论文,取得了一系列的高水平研究成果。
“A Survey of
Role Mining”综述中大篇幅引用并评述了HUST-IDC实验室发表的相关论文。
Ma et al.
[2010] propose a role mining technique that associates weights with permissions
according to their importance and derives roles based on these weights.
马晓普等作者的论文[2010]提出了一种角色挖掘的方法,这种方法根据权限的重要性定义了权限的权重,然后根据权限的权重挖掘角色。
X. Ma, R. Li, and Z. Lu. 2010. Role mining based on
weights. In Proc. of 15th ACM Symposium on Access Control Models and
Technologies, 65-74.
Ma et al. [2012] propose two algorithms for
constraint generation named Apriori, which is based on the
traditional association rule-mining algorithm Apriori, and Anti-apriori,
which is based onantiassociation rule mining. Once the set of constraints has been
obtained, roles can be derived in order to enforce them.
马晓普等作者的论文[2012]提出了两个约束生成算法,一个算法名为Apriori,这个算法是基于传统关联规则算法;另外一个名为Anti-apriori,这个算法基于反关联规则算法。一旦生成这些约束集合,角色就可以被导出从而得以实施。
X. Ma, R. Li,
Z. Lu, and W. Wang. 2012. Mining constraints in role-based access control.
Mathematical and Computer Modelling 55, 12 (2012), 87-96.
J. Hu, K. M.
Khan, Y. Bai, and Y. Zhang. 2012. Constraint-enhanced role engineering via
answer set programming. In Proc. of 7th ACM Symposium on Information, Computer
and Communications Security, 73?74.
RMiner [Li et al.
2013] is also a Java-based role mining tool set that implements several role
mining algorithms such as CompleteMiner, FastMiner, HierarchicalMiner, ORCA,
StateMiner, GraphOptimization, Anti-apriori, andWeightedRoleMining. It provides an editor to update the role states obtained from these algorithms.
This tool set is based on an open-source data mining tool calledWEKA [Hall et
al. 2009], which is a collection of a number of machine-learning algorithms.
The UPA (either real or synthetic, generated by RMiner itself) must be
transformed to the attribute file format (ARAF) before being given as input to
RMiner. RMiner preprocesses the input data by removing
any redundancy or noise and gives it as input to the chosen role mining
algorithm. If the roles generated do not satisfy the desired security
requirements, the role set and the PA can be updated using a role editor. The
output of role mining is represented graphically by scatter
plot, histogram, or line chart, which helps in analyzing the output.
RMiner是一个基于java的角色挖掘工具集,它实现了大量角色挖掘算法如CompleteMiner、FastMiner、HierarchicalMiner,、ORCA、 StateMiner、 GraphOptimization,、Anti-apriori,、WeightedRoleMining等算法。它提供了一个编辑器可以更新从算法中获得的角色状态。这个工具集RMiner是基于开源的数据挖掘工具WEKA的,WEKA中集成了大量数据挖掘算法。用户权限分配表(无论是真实的,还是RMiner生成的模拟数据)在导入RMiner前必须转化成ARAF格式。RMiner通过移除冗余和噪声数据对输入数据集进行预处理。如果生成的角色不能满足期望的安全需求,可以在角色编辑器中修改角色集合和权限用户表。角色挖掘的输出结果可以用散点图、柱状图、线形表来图形化的表示。
R. Li, H. Li,
W. Wang, X. Ma, and X. Gu. 2013. RMiner: A tool set for role mining. In Proc.
of 18th ACM Symposium on Access Control Models and Technologies, 193?196.
RMiner角色挖掘工具集及相关的数据集已在Google Code上共享,相关内容可访问:
http://idc.hust.edu.cn/rminer/
https://code.google.com/p/rminer/
