Abstract
Least privilege means only the necessary privileges are needed to complete a task for users. This is one of the most important principles in RBAC model. Currently, how to assign roles to users to achieve this principle is still not solved. In this paper, the least privilege problem is proved to be NP-hard, and an approximation algorithm is given. The simulation result shows that with the algorithm, each user can acquire its privilege to perform its job with the least privilege principle.
This work was financially supported by National Natural Science Foundation of China under Grant No.11071271, the Fundamental Research Funds for the Central Universities under Grant No. HIT. NSRIF. 2009 and Shenzhen Special Funds under grant No. CXB201005250026A.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings 16th Annual Computer Security Applications Conference (ACSAC 2000), pp. 168–176. IEEE Comput. Soc., Los Alamitos (2000)
Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: 23rd National Information Systems Security Conference (2000)
Chen, L., Crampton, J.: Inter-domain role mapping and least privilege. In: SACMAT 2007: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 157–162. ACM Press, New York (2007)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Ke Xue, S.T., Ge, L.: Least-privilege-based access control model for job execution in grid. In: ISDPE, pp. 301–303. IEEE Computer Society, Los Alamitos (2007)
Lai, C.: Quantitative enforcement of the principle of least privilege in rbac and an efficient fault tolerant cryptosystem. PhD thesis (2007)
Nemhauser, G., Wolsy, L.: Interger and Combinatorial Optimization. Wiley, Chichester (1999)
Schlegelmilch, J., Steffens, U.: Role mining with orca. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 168–176. ACM Press, New York (2005)
Vaidya, J., Atluri, V., Warner, J.: Roleminer: Mining roles using subset enumeration. In: CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, United States. Association for Computing Machinery, pp. 144–153 (2006)
Wainer, J., Kumar, A.: A fine-grained, controllable, user-to-user delegation method in rbac. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 59–66. ACM Press, New York (2005)
Wan, P.-J., Du, D.-Z., Pardalos, P., Wu, W.: Greedy approximations for minimum submodular cover with submodular cost. Computational Optimization and Applications 45(2), 463–474 (2010)
Xiaojun, M.: A boundary-based access control model for sensitive information. In: IFITA, pp. 685–689. IEEE Computer Society, Los Alamitos (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, J., Huang, H., Du, H. (2011). Greedy Algorithm for Least Privilege in RBAC Model. In: Wang, W., Zhu, X., Du, DZ. (eds) Combinatorial Optimization and Applications. COCOA 2011. Lecture Notes in Computer Science, vol 6831. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22616-8_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-22616-8_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22615-1
Online ISBN: 978-3-642-22616-8
eBook Packages: Computer ScienceComputer Science (R0)