Mining constraints in role-based access control

Constraints are an important aspect of role-based access control (RBAC) and sometimes argued to be the principal motivation of RBAC. While role engineering is proposed to define an architectural structure of the organization’s security policies, none of the work has employed constraint mining in migrating a non-RBAC system to an RBAC system to our knowledge, thus providing the motivation for this work. In this paper, we first define a wide variety of constraints, which are the best-known ones to date, and then create a relationship between the conventional data mining technology and the constraints. We further propose an anti-association rule mining algorithm to generate the constraints. Experiments on performance study prove the superiority of the new algorithm.