IIT Home Page CNR Home Page

Data Mining for Access Control

In ICT security, access control refers to the set of methodologies and models to efficiently administer user entitlements. Role-based access control (RBAC) is the most wide-spread access control model. "Roles" are sets of access permissions that correspond to a job function. As business abstractions, roles promote transparency and reduce the cost of managing permissions. A well-conceived set of business roles is essential to realize the benefits of adopting RBAC. However, designing a set of roles that uniquely suits a company is very challenging. Data mining has recently attracted both researchers and practitioners in the access control area, since it can facilitate the elicitation of good roles. This talk aims at showing how data mining techniques can help security analysts and administrators maximize the benefits of adopting RBAC. To this aim, we consider the role mining problem from several viewpoints. We show how a role engineering problem can be reformulated as a data mining problem. Hence, allowing to use general-purpose data mining techniques in a role engineering context, and vice-versa. Furthermore, we address the problem of reducing the data mining complexity in RBAC systems by removing "noise" from data; i.e., permissions exceptionally or accidentally granted or denied. We propose a new divide-and-conquer approach to data mining that facilitates attributing business meaning to automatically elicited roles and reduces the problem complexity. In particular, we borrow the clustering coefficient concept from the theory of complex networks to implement this approach. Finally, we show a novel visual approach to role engineering that allows to visually extract interesting patterns from binary data.

BIO: Alessandro Colantonio received the master's degree in computer engineering with specialization in IT systems and applications from the University of Pisa, Italy, in 2001. He received a specialization master in IT security management from "La Sapienza" University, Rome, Italy, in 2008. He received the PhD degree in mathematics from the "Roma Tre" University, Roma, Italy. He is co-founder and CTO of Bay31 AG, a Swiss software company specialized in access governance. He was previously head of research at CrossIdeas and consultant at Accenture and Altran. His main research interests include the identification of methodologies and models for role management and engineering that support the role lifecycle within role-based access management systems.


From 11/12/2013-15.30 to 11/12/2013-15.30 , IIT CNR

Speaker: Alessandro Colantonio