The Formalization of Least Privilege Mining in RBAC
Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. A key problem is how to find such sets of roles which have the least permissions. However there are too few formalized descriptions and definitions on this problem. In order to provide a material object for researching the least privilege principle, we define the least privilege mining problem (LPMP) and its two variations: δ-approx LPMP and MinNoise LPMP. By showing formalized descriptions, we clarify clearly the methods of discovering least permissions. Correspondingly, we give two simple algorithms to implement the methods.
L. J. Dong et al., "The Formalization of Least Privilege Mining in RBAC", Key Engineering Materials, Vols. 480-481, pp. 1023-1027, 2011