Mining Hierarchical Temporal Roles with Multiple Metrics

TL;DR

This paper introduces a novel algorithm for mining hierarchical temporal role-based access control policies from timed ACLs, optimizing multiple quality metrics including complexity and interpretability, and demonstrating superior effectiveness on real-world data.

Contribution

It is the first to produce hierarchical TRBAC policies and to optimize weighted structural complexity and interpretability in policy mining.

Findings

Outperforms previous algorithms in policy quality optimization

Effectively mines hierarchical TRBAC policies from real-world datasets

Supports multiple quality metrics including interpretability

Abstract

Temporal role-based access control (TRBAC) extends role-based access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric. We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at optimizing policy quality.