Janice Warner

RoleMiner: mining roles using subset enumeration

Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. Essentially, there are two basic approaches to accomplish this: the top-down and the bottom-up. The top-down approach relies on a careful analysis of the business processes to define job functions and then specify appropriate roles from them. While this approach can aid in defining roles more accurately, it is tedious and time consuming since it requires that the semantics of the business processes be well understood. Moreover, it ignores existing permissions within an organization and does not utilize them. On the other hand, the bottom-up approach starts with existing permissions and attempts to derive roles from them, thus helping to automate role definition. In this paper, we present an unsupervised approach called RoleMiner that mines roles from existing user-permission assignments. Since a role is nothing but a set of permissions, when no semantics are available, the task of role mining is essentially that of clustering users that have same (or similar) permissions. However, unlike the traditional applications of data mining that ideally require identification of non-overlapping clusters, roles will have overlapping permission needs and thus permission sets that define roles should be allowed to overlap. It is this distinction from traditional clustering that makes the problem of role mining non-trivial. Our experiments with real and simulated data sets indicate that our role mining process is quite accurate and efficient.

Supporting conditional delegation in secure workflow management systems

Workflows model and control the execution of business processes in an organization. A workflow typically comprises of a set of coordinated activities, known as tasks. Typically, organizations establish a set of security policies, that regulate how the business process and resources should be managed. While a simple policy may specify which user (or role) can be assigned to execute a task, a complex policy may specify authorization constraints, such as separation of duties. Users may delegate the tasks assigned to them. Often such delegations are short-lived and come into play when certain conditions are satisfied. For example, a user may want to delegate his task of check approval only when going on vacation, when a check amount is less than a certain amount, or when his workload exceeds a certain limit.In this paper, we extend the notion of delegation to allow for such conditional delegation, where the delegation conditions can be based on time, workload and task attributes. When workflow systems entertain conditional delegation, different types of constraints come into play, which include authorization constraints, role activation constraints and workflow dependency requirements. We address the problem of assigning users to tasks in a consistent manner such that none of the constraints are violated.

Inter-instance authorization constraints for secure workflow management

Work flows model and control the execution of business process in an organization. They are typically comprised of tasks or logical steps in the business process. To mitigate the ability of insiders to commit fraud, care should be taken that people authorized to perform critical tasks cannot collude. This is typically done through the specification of separation of duty (SOD)constraints. SOD constraints impose restrictions on which users or roles can be assigned to tasks and have been discussed widely in the research literature in the context of a single work flow instance. In this paper, we argue that SOD constraints that span multiple instances of a work flow also need to be considered to mitigate the security fraud. To this end, we extend the notion of SOD to include constraints that span multiple executing instances of a work flow and constraints that also take into consideration the history of completed work flow instances. We present a constraint specification language to specify the inter-instance constraints and propose methodologies to identify the cases in which certain SOD specifications would result in an anomaly. Specifically, we identify 3 types of anomalies, namely, inconsistency, depletion anomaly and overlapping anomaly The identification and rectification of anomalies are done at both the work flow specification time as well as at runtime,as appropriate,so that users can be assigned to tasks in a consistent manner.

Role Engineering via Prioritized Subset Enumeration

Today, role-based access control (RBAC) has become a well-accepted paradigm for implementing access control because of its convenience and ease of administration. However, in order to realize the full benefits of the RBAC paradigm, one must first define the roles accurately. This task of defining roles and associating permissions with them, also known as role engineering, is typically accomplished either in a top-down or in a bottom-up manner. Under the top-down approach, a careful analysis of the business processes is done to first define job functions and then to specify appropriate roles from them. While this approach can help in defining roles more accurately, it is tedious and time consuming since it requires that the semantics of the business processes be well understood. Moreover, it ignores existing permissions within an organization and does not utilize them. On the other hand, under the bottom-up approach, existing permissions are used to derive roles from them. As a result, it may help automate the process of role definition. In this paper, we present an unsupervised approach, called RoleMiner, for mining roles from existing user-permission assignments. Since a role, when semantics are unavailable, is nothing but a set of permissions, the task of role mining is essentially that of clustering users having the same (or similar) permissions. However, unlike the traditional applications of data mining that ideally require identification of nonoverlapping clusters, roles will have overlapping permissions and thus permission sets that define roles should be allowed to overlap. It is this distinction from traditional clustering that makes the problem of role mining nontrivial. Our experiments with real and simulated data sets indicate that our role mining process is quite accurate and efficient. Since our role mining approach is based on subset enumeration, it is fairly robust to reasonable levels of noise.

Using semantics for automatic enforcement of access control policies among dynamic coalitions

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

Automatic enforcement of access control policies among dynamic coalitions

The need to securely share information on an ad-hoc basis between collaborating entities is increasingly becoming important We propose a coalition based access control model (CBAC), comprised of three layers: coalition, role and user-object layers Our model enables translation of coalition level policies to implementation level access control in a manner similar to that of the layers of the TCP/IP protocol We present a coalition policy translation protocol that allows the implementation level access control details to be piggybacked as the access control policy percolates to the coalition level, and similarly, as the coalition level policy trickles down to the implementation level Under our approach, a users request to access an object belonging to another coalition entity is automatically translated by employing an approach that considers attributes associated with user credentials and objects Our approach ensures that the individual access control policies of each coalition entity as well as the agreed-upon coalition policies for sharing are enforced.

A credential-based approach for facilitating automatic resource sharing among ad-hoc dynamic coalitions

Today, there is an increasing need for dynamic, efficient and secure sharing of resources among organizations. In a dynamic coalition environment, participants (including users and systems) of an organization may need to gain access quickly to resources of other organizations in an unplanned manner to accomplish the task at hand. Typically, when entities agree to share their information resources, the access control policies are agreed upon at the coalition level. These coalition level agreements are not at the level of fine-grained policies, in the sense that they do not specify which specific users can access which data object. In this paper, we propose a dynamic coalition-based access control (DCBAC) model that allows automatic access to resources of one coalition entity by users from another coalition entity. To make the model applicable to true ad-hoc dynamic coalitions, we employ a coalition service registry, where coalition entities publicize their coalition level access policies. Any coalition entity wishing to access a specific resource of another coalition entity can obtain a ticket by submitting its entity credentials which are subsequently evaluated by the coalition service registry. DCBAC employs a policy mapper layer that computes the exact credentials required by remote users that are comparable to those required by local users. We demonstrate how the coalition and resource level access policies can be specified in XML-based languages and evaluated.

Finding information in an era of abundance: Towards a collaborative tagging environment in government

Collaboration and information sharing among government organizations is becoming increasingly important for promoting efficiency and productivity as well as for enhancing citizen services. With Internet connectivity widely available and with the ease-of-use of social media tools, citizens actively participate in producing content. However, the abundance of content causes another problem for governments - the difficulty of determining what truly useful and relevant information is to be shared for mission critical tasks and to produce better citizen services. Information resources, such as data, documents, multimedia objects and services stored in different agencies and produced by citizens need to be easily discovered and shared. We propose a data model of rich social tags and a Citizen-Government collaborative tagging environment} where governments and citizens can collaboratively annotate the resources, thus facilitating collaboration responsiveness through accessibility to information. The collaborative annotations capture not only the semantics but also the pragmatic and social aspects related to the resources, such as who, when, where, how and for what related tasks the resources are shared. The benefits of the a rich tag data model emphasizing the relationships of a tag to semantic, social, pragmatic and contextual reference frames include the ability to filter, discover and search new and dynamic as well as hidden resources, to navigate between resources in a search by traversing semantic relationships, and to recommend the most relevant government information even when distributed over different agencies. A distributed architecture of a government collaborative tagging system is proposed and tag-based search and recommendations are illustrated.

A Distributed Service Registry for Resource Sharing Among Ad-Hoc Dynamic Coalitions

In a dynamic coalition environment, it is essential to allow automatic sharing of resources among coalition members. The challenge is to facilitate such sharing while adhering to the security policies of each coalition. To accomplish this, a dynamic coalition-based access control (DCBAC) has been proposed earlier, where security policies enforced by each coalition member are published in a centralized coalition service registry (CSR). In this paper, we propose a distributed coalition service registry (DCSR) system. In the DCSR system, several service registry agents cooperate to provide controlled access to resources. Distribution of the registries results in improved availability, higher concurrency, better response times to user queries, and enhanced flexibility. We employ secure group multicasting to communicate among the DCSR agents. The paper outlines the DCSR system, the supported functionalities and its underlying infrastructure.

Next steps in e-government crowdsourcing

In the US, the Federal Administrations Open Government Initiative has spurred use of crowdsourcing tools for several types of citizen participation. Likewise, US states and municipalities have implemented several forums. A survey of crowdsourcing initiatives as well as a discussion of important characteristics and features are provided in this paper. Most critical to crowdsourcing success is the feeling by participants that their efforts were considered and that results came from the initiative. This requires moderators who are knowledge workers adept at working in a social network environment, flexible crowdsourcing tools that make linking and feedback easy to provide, as well as a change in processes used to develop governmental services.