Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/it/node/23974' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/it/node/23974' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Data Mining for Access Control | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Data Mining for Access Control

In ICT security, access control refers to the set of methodologies and models to efficiently administer user entitlements. Role-based access control (RBAC) is the most wide-spread access control model. "Roles" are sets of access permissions that correspond to a job function. As business abstractions, roles promote transparency and reduce the cost of managing permissions. A well-conceived set of business roles is essential to realize the benefits of adopting RBAC. However, designing a set of roles that uniquely suits a company is very challenging. Data mining has recently attracted both researchers and practitioners in the access control area, since it can facilitate the elicitation of good roles. This talk aims at showing how data mining techniques can help security analysts and administrators maximize the benefits of adopting RBAC. To this aim, we consider the role mining problem from several viewpoints. We show how a role engineering problem can be reformulated as a data mining problem. Hence, allowing to use general-purpose data mining techniques in a role engineering context, and vice-versa. Furthermore, we address the problem of reducing the data mining complexity in RBAC systems by removing "noise" from data; i.e., permissions exceptionally or accidentally granted or denied. We propose a new divide-and-conquer approach to data mining that facilitates attributing business meaning to automatically elicited roles and reduces the problem complexity. In particular, we borrow the clustering coefficient concept from the theory of complex networks to implement this approach. Finally, we show a novel visual approach to role engineering that allows to visually extract interesting patterns from binary data.

BIO: Alessandro Colantonio received the master's degree in computer engineering with specialization in IT systems and applications from the University of Pisa, Italy, in 2001. He received a specialization master in IT security management from "La Sapienza" University, Rome, Italy, in 2008. He received the PhD degree in mathematics from the "Roma Tre" University, Roma, Italy. He is co-founder and CTO of Bay31 AG, a Swiss software company specialized in access governance. He was previously head of research at CrossIdeas and consultant at Accenture and Altran. His main research interests include the identification of methodologies and models for role management and engineering that support the role lifecycle within role-based access management systems.


Dal 11/12/2013-15.30 al 11/12/2013-15.30 , IIT CNR

Speaker: Alessandro Colantonio