Role Mining for Engineering and Optimizing Role Based Access Control Systems

Role engineering is the process of designing an RBAC system. A promising approach to role engineering is role mining, which uses data mining techniques to find an RBAC system from existing permission assignment data. Role mining techniques are also useful for optimizing and refactoring an existing RBAC system, which can become increasingly chaotic over time. In this paper the authors study the problem of mining an RBAC system that optimizes some objective measure of "Goodness" for RBAC systems. They introduce the weighted structural complexity measure, which sums up the sizes of different RBAC system components (e.g., the number of roles, the number of user-role assignments, etc.), possibly with different weights for each component.