LAUSR

Role-based access control (RBAC) is the most popular access control model currently adopted in several contexts to define security management. Constraints play a crucial role since they can drive the selection of the best representation of the organization’s security policies when migrating towards an RBAC system. In this paper, we examine different types of constraints addressing both theoretical aspects and practical considerations. On one side, we define the constrained role mining problem for each constraint type, showing its complexity. On the other hand, we present efficient heuristics adapted to each class of constraints, all derived from the specialization of a general approach for role mining. We show that our techniques improve over previous proposals, offering a complete set of experimentations obtained after the application of the heuristics to standard real-world datasets.