Mining Least Privilege Roles by Genetic Algorithm
Role-based access control (RBAC) has been adopted widely by reducing the complexity of the management of access control. The least privilege principle is a very important constraint policy of RBAC. A key problem related to this is the notion of goodness/interestingness – when is a role good? Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. In this paper, to address this problem, we map this problem to a formal definition in mathematics – δ-approx least privilege mining (δ-approx LPM). We introduce a method named GABM to enforce LPM based on the generic algorithm. By GABM, the least privilege roles can be found out correctly. Our experiments display the effect of GABM. Finally, we conclude our work.
Dongye Sun, Wen-Pei Sung and Ran Chen
L. J. Dong et al., "Mining Least Privilege Roles by Genetic Algorithm", Applied Mechanics and Materials, Vols. 121-126, pp. 4508-4512, 2012