IRMAOC: an interpretable role mining algorithm based on overlapping clustering
Abstract The Industrial Internet motivates the research and development of Zero-Trust Architecture (ZTA). Role-Based Access Control (RBAC) as one of the key technologies for ZTA has become a hot topic. Role mining algorithms are crucial for RBAC and interpretable role mining receives wide attention...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2025-01-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00348-z |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832571614223400960 |
|---|---|
| author | Yaqi Yang Jun’e Li Tao Zhang Lu Chen Guirong Huang Zhuo Lv |
| author_facet | Yaqi Yang Jun’e Li Tao Zhang Lu Chen Guirong Huang Zhuo Lv |
| author_sort | Yaqi Yang |
| collection | DOAJ |
| description | Abstract The Industrial Internet motivates the research and development of Zero-Trust Architecture (ZTA). Role-Based Access Control (RBAC) as one of the key technologies for ZTA has become a hot topic. Role mining algorithms are crucial for RBAC and interpretable role mining receives wide attention due to its virtue of mining meaningful roles. However, the roles generated by existing algorithms have low interpretability and high time complexity, limiting their application in practice. This paper proposes an Interpretable Role Mining Algorithm Based on Overlapping Clustering (IRMAOC). It evaluates the interpretability of a role based on user similarity calculated on the permission and attribute of the role, and employs policy interpretability as the metric of a role set. IRMAOC creates a user association graph and clusters to generate candidate roles based on the graph. Then it remains the roles whose interpretability is higher than the preset threshold and re-clusters the users belonging to the other roles until the interpretability of all roles are higher than the threshold. Experimental results show that our algorithm significantly improves the interpretability of roles, reduces the Weighted Structure Complexity (WSC), and decreases time complexity compared to previous works. |
| format | Article |
| id | doaj-art-c64f87e0df044eb28585b0015f3a4e8a |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-c64f87e0df044eb28585b0015f3a4e8a2025-02-02T12:30:04ZengSpringerOpenCybersecurity2523-32462025-01-018111810.1186/s42400-024-00348-zIRMAOC: an interpretable role mining algorithm based on overlapping clusteringYaqi Yang0Jun’e Li1Tao Zhang2Lu Chen3Guirong Huang4Zhuo Lv5Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan UniversityKey Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan UniversityState Grid Smart Grid Research Institute Co., LtdState Grid Smart Grid Research Institute Co., LtdKey Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan UniversityState Grid Henan Electric Power Research InstituteAbstract The Industrial Internet motivates the research and development of Zero-Trust Architecture (ZTA). Role-Based Access Control (RBAC) as one of the key technologies for ZTA has become a hot topic. Role mining algorithms are crucial for RBAC and interpretable role mining receives wide attention due to its virtue of mining meaningful roles. However, the roles generated by existing algorithms have low interpretability and high time complexity, limiting their application in practice. This paper proposes an Interpretable Role Mining Algorithm Based on Overlapping Clustering (IRMAOC). It evaluates the interpretability of a role based on user similarity calculated on the permission and attribute of the role, and employs policy interpretability as the metric of a role set. IRMAOC creates a user association graph and clusters to generate candidate roles based on the graph. Then it remains the roles whose interpretability is higher than the preset threshold and re-clusters the users belonging to the other roles until the interpretability of all roles are higher than the threshold. Experimental results show that our algorithm significantly improves the interpretability of roles, reduces the Weighted Structure Complexity (WSC), and decreases time complexity compared to previous works.https://doi.org/10.1186/s42400-024-00348-zRole-based access controlInterpretability of rolesRole miningOverlapping clustering |
| spellingShingle | Yaqi Yang Jun’e Li Tao Zhang Lu Chen Guirong Huang Zhuo Lv IRMAOC: an interpretable role mining algorithm based on overlapping clustering Cybersecurity Role-based access control Interpretability of roles Role mining Overlapping clustering |
| title | IRMAOC: an interpretable role mining algorithm based on overlapping clustering |
| title_full | IRMAOC: an interpretable role mining algorithm based on overlapping clustering |
| title_fullStr | IRMAOC: an interpretable role mining algorithm based on overlapping clustering |
| title_full_unstemmed | IRMAOC: an interpretable role mining algorithm based on overlapping clustering |
| title_short | IRMAOC: an interpretable role mining algorithm based on overlapping clustering |
| title_sort | irmaoc an interpretable role mining algorithm based on overlapping clustering |
| topic | Role-based access control Interpretability of roles Role mining Overlapping clustering |
| url | https://doi.org/10.1186/s42400-024-00348-z |
| work_keys_str_mv | AT yaqiyang irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering AT juneli irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering AT taozhang irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering AT luchen irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering AT guironghuang irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering AT zhuolv irmaocaninterpretableroleminingalgorithmbasedonoverlappingclustering |