SlideShare a Scribd company logo

Comparing Role Mining Algorithms

O
Onur Yılmaz

Presentation of the paper: Evaluating role mining algorithms. In Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09) Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang, and Jorge Lobo. 2009. ACM, New York, NY, USA, 95-104. DOI=10.1145/1542207.1542224 http://doi.acm.org/10.1145/1542207.1542224

EducationTechnology
1 of 43
Download to read offline
Evaluating Role Mining Algorithms SACMAT’09, June 3 - 5, 2009, Stresa, Italy. Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang @ CERIAS Research Center Department of Computer Science, Purdue University Jorge Lobo @ IBM T.J. Watson Research Center Presentation by Onur Yılmaz - onur@onuryilmaz.me
Outline  Introduction  Overview  Role Mining Algorithms  Evaluation Results  Analysis  Conclusion  Future Work
Introduction  Aim of the study  Comprehensive study to compare role mining algorithms  What is presented?  Two new methods for generating datasets  Analysis of nine role mining algorithms
Introduction Role Mining  Using data mining techniques to discover roles from existing system configuration data
Overview  3 key points: Output of a role mining algorithm Criteria to compare outputs of algorithms Input datasets
Overview Output of Role Mining Algorithm Existing algorithms based on their outputs:  Class 1: Outputting prioritized roles  Class 2: Outputting RBAC states
Overview Output of Role Mining Algorithm Class 1: Outputting prioritized roles  Prioritized list of candidate roles, each of which is a set of permissions  CompleteMiner and Fast-Miner Candidate role generation a set of candidate roles from the userpermission assignment data Candidate role prioritization
Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states ρ = <User, Permission, UP > RBAC state γ = <Roles, UserRoleAss, RolePermissionAss, RoleHierarchy, DirectUserPermissionAss>
Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states  Minimize some cost measure while finding RBAC output Number of roles, number of user assignments etc..
Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC) Sums up the number of relationships in an RBAC state, with possibly different weights for each relationship.
Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC) Given a weight vector W = < wr, wu, wp, wh, wd > wsc(γ,W) = wr ∗ |R| + wu ∗ |UA| + wp ∗ |PA|+ wh ∗ |transitive_reduce(RH)| + wd∗ |DUPA|
Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC)  Different weight vectors encode different mining objectives and minimization goals  HierarchicalMiner takes both a configuration ρ and a weight vector and aims at outputting an RBAC state with low WSC.  Graph optimization minimizes the number of edges
Overview Output of Role Mining Algorithm Class 1 vs Class 2 Algorithms  RBAC states are easy to compare  List of candidate roles can be more useful in practice Administrator examines the role mining results and determine whether to adopt some part of it. In practice, whether role mining algorithms can suggest the best candidate roles.
Overview Metrics for Comparing Algorithms Two metrics:  Complexity of the RBAC state  Quality of roles
Overview Metrics for Comparing Algorithms Complexity of the RBAC state Using WSC, how well each algorithm performs under a variety of mining objectives
Overview Metrics for Comparing Algorithms Quality of Roles  For each weight vector W, evaluate the complexity of the optimal RBAC state using only the top k roles.  Among the top k roles, how quickly do the mined roles cover the UP relation?  Among the top k roles, how well do they «resemble» the original roles?
Overview Input Data Type Access Control Configuration ρ = <User, Permission, UserPermissionRelation >
Overview Input Data Type Datasets from literature
Overview Input Data Type  Generated Datasets Random Data Generator Tree-Based Data Generator ERBAC Data Generator
Overview Input Data Type Random Data Generator Permission Role User – Permission Assignment Roles Number of Users, Number of Roles, Number of Permissions, Users Maximum Number of Roles for Users, Maximum Number of Permissions for Role
Overview Input Data Type Tree-Based Data Generator Assign permissions to nodes in the tree Assign users to leaf nodes Randomly generate a tree Number of Users, Number of Permissions, Height of Tree Upper bound on number of children node, Lower bound on number of children node
Overview Input Data Type ERBAC Data Generator Permissions Functional Roles Functional Roles Users Number of Users, Number of Business Roles, Number of Functional Roles, Number of Permissions Business Roles Business Roles Maximum # of Business Roles, Maximum # of Functional Roles, Maximum # of Permissions
Role Mining Algorithms Class 1 Class 2 CompleteMiner (CM) ORCA FastMiner (FM) Graph Optimization (GO) DynamicMiner (DM) HP Role Minimization (HPr) PairCount (PC) HP Edge Minimization (HPe) HierarchicalMiner (HM)
Role Mining Algorithms CompleteMiner (CM) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles Based on number of exact matches Exponential Time
Role Mining Algorithms FastMiner (FM) Initial set of roles from user permission sets Only intersection between pairs of initial roles Prioritization of roles Candidate roles O (n2m) n: users, m: permissions
Role Mining Algorithms DynamicMiner (DM)  CM and FM -> static prioritization (does not consider candidate roles that been already chosen) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles with the highest priority first O (n * |C| * min{n,m} ) C: Set of candidate roles
Role Mining Algorithms PairCount (PC)  Newly proposed method  CM -> Prioritization based on exact numbers  In reality, multiple roles are assigned to a user  Pair Count: Pairs of users that share the only role, but no other PC(P) = | { (ui, uj ) | ui = uj ∧ P(ui) ∩ P(uj) = P } | O (n2m)
Role Mining Algorithms PairCount (PC) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles Based on Pair Counts O (n2m)
Role Mining Algorithms ORCA  Hierarchical clustering on permissions Set of clusters of permissions Find pairs of clusters The number of users having both permissions is the largest Continue until One cluster or No user with permissions in two clusters O (m2n)
Role Mining Algorithms HP Role Minimization (HPr)  Minimal set of roles to cover the user-permission assignment relation Selecting the next user with the fewest uncovered permissions Select a user u and finds a pair <U(u), P(u)> All user-permission assignments between U(u) and P(u) are removed This pair forms a «role» P(u): Permissions of user u U(u): All users have all the permissions of u O (nm)
Role Mining Algorithms HP Edge Minimization (HPe)  Finding a RBAC state with minimal number of edges, called edge concentration  Similar to Graph Optimization algorithm, except this does not create a role hierarchy HPr Greedily improve objective function If two roles have overlap in the permission or user sets -> restructuring Converge O (k2m) k : number of iterations
Role Mining Algorithms HierarchicalMiner (HM)  Concept: < P, U > such that  U contains all the users that have all permissions in P,  P contains all the permissions that are shared by all users in U Reduced family of concepts Remove a role if RBAC state is improved Removing a role: - Redistribution of users down the hierarchy - Permissions up the hierarchy Heuristically continue Similar to Graph Optimization but uses concept lattice.
Evaluation Results  For each dataset, each algorithm  Ranked according to their ability to optimize evaluation criteria  1 to N  Two metrics mentioned before:  Comparing Complexity of the RBAC States  Comparing Prioritized Role Quality
Evaluation Results Comparing Complexity of the RBAC States  Role Minimization
Evaluation Results Comparing Complexity of the RBAC States  Edge Concentration HM has an advantage in this test because its roles are designed for a role-hierarchy
Evaluation Results Comparing Complexity of the RBAC States  Allowed Noise at Direct Assignments Dataset contains errors that should not be covered by roles.
Evaluation Results Comparing Complexity of the RBAC States  Discovering Original Roles  Similarity of mined roles to original data  Used metric is average maximal Jaccard HM: The top 40+ roles are more or less the ones generated PC: Performed the worst, generating roles farthest from the original data
Evaluation Results Comparing Prioritized Role Quality  Quality of WSC over k-roles
Evaluation Results Comparing Prioritized Role Quality  Quality of Coverage How well the algorithm at quickly covering the UP relation?
Analysis  Algorithms that minimize the number of roles often generate RBAC states with a larger number of edges, resulting in increased complexity.  GO generates large role hierarchies when the number of users is greater than the number of permissions.  DM is over-fitting some of the roles to cover users, and does not consider the entire resulting RBAC state.  HM is computationally and memory intensive.
Conclusion  Aim of the study  Comprehensive study to compare role mining algorithms  What is presented?  Two new methods for generating datasets  Analysis of nine role mining algorithms
Future Work  Handling data with attribute information  In addition to the user-permission data, attribute information may also be available.  Handling noisy data  In some scenarios, the input user-permission data may contain noises.
Evaluating Role Mining Algorithms SACMAT’09, June 3 - 5, 2009, Stresa, Italy. Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang @ CERIAS Research Center Department of Computer Science, Purdue University Jorge Lobo @ IBM T.J. Watson Research Center Presentation by Onur Yılmaz - onur@onuryilmaz.me

Recommended

Unit 1
Unit 1Unit 1
Unit 1donny101
 
The Pregel Programming Model with Spark GraphX
The Pregel Programming Model with Spark GraphXThe Pregel Programming Model with Spark GraphX
The Pregel Programming Model with Spark GraphXAndrea Iacono
 
Explaining the Postgres Query Optimizer (Bruce Momjian)
Explaining the Postgres Query Optimizer (Bruce Momjian)Explaining the Postgres Query Optimizer (Bruce Momjian)
Explaining the Postgres Query Optimizer (Bruce Momjian)Ontico
 
Unit 5-hive data types – primitive and complex data
Unit 5-hive data types – primitive and complex dataUnit 5-hive data types – primitive and complex data
Unit 5-hive data types – primitive and complex datavishal choudhary
 
Journal paper 1
Journal paper 1Journal paper 1
Journal paper 1Editor IJCATR
 
Advantages of Query Biased Summaries in Information Retrieval
Advantages of Query Biased Summaries in Information RetrievalAdvantages of Query Biased Summaries in Information Retrieval
Advantages of Query Biased Summaries in Information RetrievalOnur Yılmaz
 
Gesundheit! modeling contagion through facebook news feed
Gesundheit! modeling contagion through facebook news feedGesundheit! modeling contagion through facebook news feed
Gesundheit! modeling contagion through facebook news feedMaxim Boiko Savenko
 
B2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftB2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftSteve Feldman
 

Recommended

Unit 1
Unit 1Unit 1
Unit 1donny101
 
The Pregel Programming Model with Spark GraphX
The Pregel Programming Model with Spark GraphXThe Pregel Programming Model with Spark GraphX
The Pregel Programming Model with Spark GraphXAndrea Iacono
 
Explaining the Postgres Query Optimizer (Bruce Momjian)
Explaining the Postgres Query Optimizer (Bruce Momjian)Explaining the Postgres Query Optimizer (Bruce Momjian)
Explaining the Postgres Query Optimizer (Bruce Momjian)Ontico
 
Unit 5-hive data types – primitive and complex data
Unit 5-hive data types – primitive and complex dataUnit 5-hive data types – primitive and complex data
Unit 5-hive data types – primitive and complex datavishal choudhary
 
Journal paper 1
Journal paper 1Journal paper 1
Journal paper 1Editor IJCATR
 
Advantages of Query Biased Summaries in Information Retrieval
Advantages of Query Biased Summaries in Information RetrievalAdvantages of Query Biased Summaries in Information Retrieval
Advantages of Query Biased Summaries in Information RetrievalOnur Yılmaz
 
Gesundheit! modeling contagion through facebook news feed
Gesundheit! modeling contagion through facebook news feedGesundheit! modeling contagion through facebook news feed
Gesundheit! modeling contagion through facebook news feedMaxim Boiko Savenko
 
B2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftB2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftSteve Feldman
 
CS 542 -- Query Execution
CS 542 -- Query ExecutionCS 542 -- Query Execution
CS 542 -- Query ExecutionJ Singh
 
IRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-MapIRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-MapIRJET Journal
 
Exploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active LearningExploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active LearningYunyao Li
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Hierarchical free monads and software design in fp
Hierarchical free monads and software design in fpHierarchical free monads and software design in fp
Hierarchical free monads and software design in fpAlexander Granin
 
Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...IOSR Journals
 
E01113138
E01113138E01113138
E01113138IOSR Journals
 
A tale of experiments on bug prediction
A tale of experiments on bug predictionA tale of experiments on bug prediction
A tale of experiments on bug predictionMartin Pinzger
 
cikm14
cikm14cikm14
cikm14Pranay Anchuri
 
Q01231103109
Q01231103109Q01231103109
Q01231103109IOSR Journals
 
Cloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big DataCloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big DataAbhishek M Shivalingaiah
 
probabilistic ranking
probabilistic rankingprobabilistic ranking
probabilistic rankingFELIX75
 
Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams IndicThreads
 
Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...Rusif Eyvazli
 
SQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19cSQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19cRachelBarker26
 
projectreport
projectreportprojectreport
projectreportWeston Wei
 
October 26, Optimization
October 26, OptimizationOctober 26, Optimization
October 26, OptimizationUniversity of Colorado at Boulder
 
Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97David Leahy
 
Javantura v4 - Java and lambdas and streams - are they better than for loops ...
Javantura v4 - Java and lambdas and streams - are they better than for loops ...Javantura v4 - Java and lambdas and streams - are they better than for loops ...
Javantura v4 - Java and lambdas and streams - are they better than for loops ...HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Self-Tuning and Managing Services
Self-Tuning and Managing ServicesSelf-Tuning and Managing Services
Self-Tuning and Managing ServicesReza Rahimi
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 

More Related Content

Similar to Comparing Role Mining Algorithms

CS 542 -- Query Execution
CS 542 -- Query ExecutionCS 542 -- Query Execution
CS 542 -- Query ExecutionJ Singh
 
IRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-MapIRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-MapIRJET Journal
 
Exploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active LearningExploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active LearningYunyao Li
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Hierarchical free monads and software design in fp
Hierarchical free monads and software design in fpHierarchical free monads and software design in fp
Hierarchical free monads and software design in fpAlexander Granin
 
Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...IOSR Journals
 
A tale of experiments on bug prediction
A tale of experiments on bug predictionA tale of experiments on bug prediction
A tale of experiments on bug predictionMartin Pinzger
 
Cloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big DataCloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big DataAbhishek M Shivalingaiah
 
probabilistic ranking
probabilistic rankingprobabilistic ranking
probabilistic rankingFELIX75
 
Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams IndicThreads
 
Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...Rusif Eyvazli
 
SQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19cSQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19cRachelBarker26
 
Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97David Leahy
 
Self-Tuning and Managing Services
Self-Tuning and Managing ServicesSelf-Tuning and Managing Services
Self-Tuning and Managing ServicesReza Rahimi
 

Similar to Comparing Role Mining Algorithms (20)

CS 542 -- Query Execution
CS 542 -- Query ExecutionCS 542 -- Query Execution
CS 542 -- Query Execution
 
IRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-MapIRJET- Constrained Role Mining using K-Map
IRJET- Constrained Role Mining using K-Map
 
Exploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active LearningExploiting Structure in Representation of Named Entities using Active Learning
Exploiting Structure in Representation of Named Entities using Active Learning
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Hierarchical free monads and software design in fp
Hierarchical free monads and software design in fpHierarchical free monads and software design in fp
Hierarchical free monads and software design in fp
 
Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...Adaptive check-pointing and replication strategy to tolerate faults in comput...
Adaptive check-pointing and replication strategy to tolerate faults in comput...
 
E01113138
E01113138E01113138
E01113138
 
A tale of experiments on bug prediction
A tale of experiments on bug predictionA tale of experiments on bug prediction
A tale of experiments on bug prediction
 
cikm14
cikm14cikm14
cikm14
 
Q01231103109
Q01231103109Q01231103109
Q01231103109
 
Cloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big DataCloudera Movies Data Science Project On Big Data
Cloudera Movies Data Science Project On Big Data
 
probabilistic ranking
probabilistic rankingprobabilistic ranking
probabilistic ranking
 
Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams Harnessing the Power of Java 8 Streams
Harnessing the Power of Java 8 Streams
 
Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...Scaling Application on High Performance Computing Clusters and Analysis of th...
Scaling Application on High Performance Computing Clusters and Analysis of th...
 
SQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19cSQL Performance Tuning and New Features in Oracle 19c
SQL Performance Tuning and New Features in Oracle 19c
 
projectreport
projectreportprojectreport
projectreport
 
October 26, Optimization
October 26, OptimizationOctober 26, Optimization
October 26, Optimization
 
Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97Automating Drug Design Nov 13th 2009 97
Automating Drug Design Nov 13th 2009 97
 
Javantura v4 - Java and lambdas and streams - are they better than for loops ...
Javantura v4 - Java and lambdas and streams - are they better than for loops ...Javantura v4 - Java and lambdas and streams - are they better than for loops ...
Javantura v4 - Java and lambdas and streams - are they better than for loops ...
 
Self-Tuning and Managing Services
Self-Tuning and Managing ServicesSelf-Tuning and Managing Services
Self-Tuning and Managing Services
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 

Comparing Role Mining Algorithms

  • 1. Evaluating Role Mining Algorithms SACMAT’09, June 3 - 5, 2009, Stresa, Italy. Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang @ CERIAS Research Center Department of Computer Science, Purdue University Jorge Lobo @ IBM T.J. Watson Research Center Presentation by Onur Yılmaz - onur@onuryilmaz.me
  • 2. Outline  Introduction  Overview  Role Mining Algorithms  Evaluation Results  Analysis  Conclusion  Future Work
  • 3. Introduction  Aim of the study  Comprehensive study to compare role mining algorithms  What is presented?  Two new methods for generating datasets  Analysis of nine role mining algorithms
  • 4. Introduction Role Mining  Using data mining techniques to discover roles from existing system configuration data
  • 5. Overview  3 key points: Output of a role mining algorithm Criteria to compare outputs of algorithms Input datasets
  • 6. Overview Output of Role Mining Algorithm Existing algorithms based on their outputs:  Class 1: Outputting prioritized roles  Class 2: Outputting RBAC states
  • 7. Overview Output of Role Mining Algorithm Class 1: Outputting prioritized roles  Prioritized list of candidate roles, each of which is a set of permissions  CompleteMiner and Fast-Miner Candidate role generation a set of candidate roles from the userpermission assignment data Candidate role prioritization
  • 8. Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states ρ = <User, Permission, UP > RBAC state γ = <Roles, UserRoleAss, RolePermissionAss, RoleHierarchy, DirectUserPermissionAss>
  • 9. Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states  Minimize some cost measure while finding RBAC output Number of roles, number of user assignments etc..
  • 10. Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC) Sums up the number of relationships in an RBAC state, with possibly different weights for each relationship.
  • 11. Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC) Given a weight vector W = < wr, wu, wp, wh, wd > wsc(γ,W) = wr ∗ |R| + wu ∗ |UA| + wp ∗ |PA|+ wh ∗ |transitive_reduce(RH)| + wd∗ |DUPA|
  • 12. Overview Output of Role Mining Algorithm Class 2: Outputting RBAC states Weighted Structural Complexity (WSC)  Different weight vectors encode different mining objectives and minimization goals  HierarchicalMiner takes both a configuration ρ and a weight vector and aims at outputting an RBAC state with low WSC.  Graph optimization minimizes the number of edges
  • 13. Overview Output of Role Mining Algorithm Class 1 vs Class 2 Algorithms  RBAC states are easy to compare  List of candidate roles can be more useful in practice Administrator examines the role mining results and determine whether to adopt some part of it. In practice, whether role mining algorithms can suggest the best candidate roles.
  • 14. Overview Metrics for Comparing Algorithms Two metrics:  Complexity of the RBAC state  Quality of roles
  • 15. Overview Metrics for Comparing Algorithms Complexity of the RBAC state Using WSC, how well each algorithm performs under a variety of mining objectives
  • 16. Overview Metrics for Comparing Algorithms Quality of Roles  For each weight vector W, evaluate the complexity of the optimal RBAC state using only the top k roles.  Among the top k roles, how quickly do the mined roles cover the UP relation?  Among the top k roles, how well do they «resemble» the original roles?
  • 17. Overview Input Data Type Access Control Configuration ρ = <User, Permission, UserPermissionRelation >
  • 19. Overview Input Data Type  Generated Datasets Random Data Generator Tree-Based Data Generator ERBAC Data Generator
  • 20. Overview Input Data Type Random Data Generator Permission Role User – Permission Assignment Roles Number of Users, Number of Roles, Number of Permissions, Users Maximum Number of Roles for Users, Maximum Number of Permissions for Role
  • 21. Overview Input Data Type Tree-Based Data Generator Assign permissions to nodes in the tree Assign users to leaf nodes Randomly generate a tree Number of Users, Number of Permissions, Height of Tree Upper bound on number of children node, Lower bound on number of children node
  • 22. Overview Input Data Type ERBAC Data Generator Permissions Functional Roles Functional Roles Users Number of Users, Number of Business Roles, Number of Functional Roles, Number of Permissions Business Roles Business Roles Maximum # of Business Roles, Maximum # of Functional Roles, Maximum # of Permissions
  • 23. Role Mining Algorithms Class 1 Class 2 CompleteMiner (CM) ORCA FastMiner (FM) Graph Optimization (GO) DynamicMiner (DM) HP Role Minimization (HPr) PairCount (PC) HP Edge Minimization (HPe) HierarchicalMiner (HM)
  • 24. Role Mining Algorithms CompleteMiner (CM) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles Based on number of exact matches Exponential Time
  • 25. Role Mining Algorithms FastMiner (FM) Initial set of roles from user permission sets Only intersection between pairs of initial roles Prioritization of roles Candidate roles O (n2m) n: users, m: permissions
  • 26. Role Mining Algorithms DynamicMiner (DM)  CM and FM -> static prioritization (does not consider candidate roles that been already chosen) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles with the highest priority first O (n * |C| * min{n,m} ) C: Set of candidate roles
  • 27. Role Mining Algorithms PairCount (PC)  Newly proposed method  CM -> Prioritization based on exact numbers  In reality, multiple roles are assigned to a user  Pair Count: Pairs of users that share the only role, but no other PC(P) = | { (ui, uj ) | ui = uj ∧ P(ui) ∩ P(uj) = P } | O (n2m)
  • 28. Role Mining Algorithms PairCount (PC) Initial set of roles from user permission sets All possible intersections Prioritization of roles Candidate roles Based on Pair Counts O (n2m)
  • 29. Role Mining Algorithms ORCA  Hierarchical clustering on permissions Set of clusters of permissions Find pairs of clusters The number of users having both permissions is the largest Continue until One cluster or No user with permissions in two clusters O (m2n)
  • 30. Role Mining Algorithms HP Role Minimization (HPr)  Minimal set of roles to cover the user-permission assignment relation Selecting the next user with the fewest uncovered permissions Select a user u and finds a pair <U(u), P(u)> All user-permission assignments between U(u) and P(u) are removed This pair forms a «role» P(u): Permissions of user u U(u): All users have all the permissions of u O (nm)
  • 31. Role Mining Algorithms HP Edge Minimization (HPe)  Finding a RBAC state with minimal number of edges, called edge concentration  Similar to Graph Optimization algorithm, except this does not create a role hierarchy HPr Greedily improve objective function If two roles have overlap in the permission or user sets -> restructuring Converge O (k2m) k : number of iterations
  • 32. Role Mining Algorithms HierarchicalMiner (HM)  Concept: < P, U > such that  U contains all the users that have all permissions in P,  P contains all the permissions that are shared by all users in U Reduced family of concepts Remove a role if RBAC state is improved Removing a role: - Redistribution of users down the hierarchy - Permissions up the hierarchy Heuristically continue Similar to Graph Optimization but uses concept lattice.
  • 33. Evaluation Results  For each dataset, each algorithm  Ranked according to their ability to optimize evaluation criteria  1 to N  Two metrics mentioned before:  Comparing Complexity of the RBAC States  Comparing Prioritized Role Quality
  • 34. Evaluation Results Comparing Complexity of the RBAC States  Role Minimization
  • 35. Evaluation Results Comparing Complexity of the RBAC States  Edge Concentration HM has an advantage in this test because its roles are designed for a role-hierarchy
  • 36. Evaluation Results Comparing Complexity of the RBAC States  Allowed Noise at Direct Assignments Dataset contains errors that should not be covered by roles.
  • 37. Evaluation Results Comparing Complexity of the RBAC States  Discovering Original Roles  Similarity of mined roles to original data  Used metric is average maximal Jaccard HM: The top 40+ roles are more or less the ones generated PC: Performed the worst, generating roles farthest from the original data
  • 38. Evaluation Results Comparing Prioritized Role Quality  Quality of WSC over k-roles
  • 39. Evaluation Results Comparing Prioritized Role Quality  Quality of Coverage How well the algorithm at quickly covering the UP relation?
  • 40. Analysis  Algorithms that minimize the number of roles often generate RBAC states with a larger number of edges, resulting in increased complexity.  GO generates large role hierarchies when the number of users is greater than the number of permissions.  DM is over-fitting some of the roles to cover users, and does not consider the entire resulting RBAC state.  HM is computationally and memory intensive.
  • 41. Conclusion  Aim of the study  Comprehensive study to compare role mining algorithms  What is presented?  Two new methods for generating datasets  Analysis of nine role mining algorithms
  • 42. Future Work  Handling data with attribute information  In addition to the user-permission data, attribute information may also be available.  Handling noisy data  In some scenarios, the input user-permission data may contain noises.
  • 43. Evaluating Role Mining Algorithms SACMAT’09, June 3 - 5, 2009, Stresa, Italy. Ian Molloy, Ninghui Li, Tiancheng Li, Ziqing Mao, Qihua Wang @ CERIAS Research Center Department of Computer Science, Purdue University Jorge Lobo @ IBM T.J. Watson Research Center Presentation by Onur Yılmaz - onur@onuryilmaz.me