بناء نموذج التحكم في الصلاحيات القائم على الدور لكل مستخدم بشكل ديناميكي من وجهة نظر المستخدم (DUO-RBAC)
حازم مالك حسني كيوان
Hazem Malek Husni Kiwan
Most researchers now trend to use role mining to generate role-based access control model from the existing user-permission assignments. User-oriented role-based access control is a type of role-based access control model, which aims to use role mining from end user perspective to generate a user-oriented RBAC model, since the user almost prefer a simple and minimum role assignments. This research is the first for generating a dynamic user-oriented rolebased access control model (DUO-RBAC) for inserting a new user-permission assignments (new UPA) to the existing user-oriented RBAC model. In a quick clarification, if there is a system which has user-permission assignments, a user-oriented RBAC model can be generated which contains new roles, each one assigns to users and permissions. Then, if we have a new users with new permissions should enter the system which has the model, we will regenerate a new model with new roles assignments to include these new users. Re-generating roles will be done by our dynamic model, with three constraints. First, there are no changes in the number of role assignments for each user in the system after the inserting process, since the user will be conflicted if he has different number of roles from time to time. Second, the permissions that each user has before the inserting process must be the same after generating the new model. Last one, will take into account that each user assign to number of roles no more than t (maximum number of roles that each user can assign), where t is predefined in the existing user-oriented RBAC model. Also, we develop a new algorithm, which based on user-oriented role mining to find the optimal way for inserting the new user permission assignments to the existing model. Our experiments applied on benchmark “Access Control” real datasets to evaluate the results and show the effectiveness of our developed algorithm of several measures. Those measures are: optimal number of roles to make the objective function minimized, optimal number of user-role assignments and generating a new model from end user perspective (keep the new generated model suitable from end-user perspective).
علم الحاسوب , Computer Science