Netinfo Security ›› 2022, Vol. 22 ›› Issue (11): 7-16.doi: 10.3969/j.issn.1671-1122.2022.11.002

Previous Articles     Next Articles

Role Mining Scheme with Abnormal Permission Configuration

SHEN Zhuowei1,2, FAN Linli1,2, HUA Tong1,2, WANG Kexiang3   

  1. 1. School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
    2. Key Laboratory of Computer Network and Information Integration of Ministry of Education, Southeast University, Nanjing 211189, China
    3. Chinese Aeronautical Establishment, Beijing 100029, China
  • Received:2022-06-01 Online:2022-11-10 Published:2022-11-16

Abstract:

Role mining is a common method to build RBAC system. However, the current role mining schemes don’t detect the abnormal permission configuration in the original system, so that the result of role mining may contain the wrong role permission configuration, which brings security risks to the system. To solve the above problem, role mining scheme tolerating abnormal permission configuration is proposed. First, Canopy preclustering is introduced to reduce the subsequent spectral clustering calculation in the user clustering part by extracting the subset overlapping data. Then, the initial value selection of spectral clustering was optimized by combining the preclustering results, and the distance of Canopy preclustering and spectral clustering was measured by combining Jakard distance and Hamming distance, aiming at the characteristics that access control data are represented by Boolean values, so as to improve user clustering effect. Finally, the abnormal permission configuration detection rules are refined, and the modified user clustering results are used for role mining. Experimental results show that the scheme can find abnormal permission configuration effectively and improve the efficiency of role mining.

Key words: role mining, Canopy preclustering, spectral clustering, abnormal permission configuration detection

CLC Number: