Show simple item record

dc.contributor.authorXia, H.en_US
dc.contributor.authorDawande, Milind W.en_US
dc.contributor.authorMookerjee, Vijay S.en_US
dc.date.accessioned2014-11-24T21:41:56Z
dc.date.available2014-11-24T21:41:56Z
dc.date.created2014-07-28en_US
dc.identifier.issn1091-9856en_US
dc.identifier.urihttp://hdl.handle.net/10735.1/4217
dc.description.abstractAccess control mechanisms in software systems administer user privileges by granting users permission to perform certain operations while denying unauthorized access to others. Such mechanisms are essential to ensure that important business functions in an organization are conducted securely and smoothly. Currently, the dominant access control approach in most major software systems is role-based access control. In this approach, permissions are first assigned to roles, and users acquire permissions by becoming members of certain roles. However, given the dynamic nature of organizations, a fixed set of roles usually cannot meet the demands that users (existing or new) have to conduct business. The typical response to this problem is to myopically create new roles to meet immediate demand that cannot be satisfied by an existing set of roles. This ad hoc creation of roles invariably leads to a proliferation in the number of roles with the accompanying administrative overhead. Based on discussions with practitioners, we propose a role refinement scheme that reconstructs a system of roles to reduce the cost of role management. We first show that the role-refinement problem is strongly NP-hard and then provide two polynomial-time approximation algorithms (a greedy algorithm and a randomized rounding algorithm) and establish their performance guarantees. Finally, numerical experiments-based on a real data set from a firm's enterprise resource planning system-are conducted to demonstrate the applicability and performance of our refinement scheme.en_US
dc.language.isoenen_US
dc.publisherInforms Inst. for Operations Res. and the Management Sciencesen_US
dc.relation.urihttp://dx.doi.org/10.1287/ijoc.2014.0603en_US
dc.rights©2014 INFORMSen_US
dc.subjectRole refinementen_US
dc.subjectBusiness records--Access controlen_US
dc.subjectComputer networks--Security measuresen_US
dc.titleRole Refinement in Access Control: Model and Analysisen_US
dc.type.genrearticleen_US
dc.identifier.bibliographicCitationXia, H., M. Dawande, and V. Mookerjee. 2014. "Role refinement in access control: Model and analysis." Informs Journal on Computing 26(4): 866-884.en_US
dc.source.journalInforms Journal on Computingen_US
dc.identifier.volume26en_US
dc.identifier.issue4en_US
dc.contributor.ISNI0000 0001 1561 8354 (Dawande, MW)en_US
dc.contributor.LCNA2007039673 (Dawande, MW)en_US
dc.contributor.LCNA90649574‏ (Mookerjee, VS)en_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record