Role mining under User-Distribution cardinality constraint

Role-based access control (RBAC) defines the methods complex organizations use to assign their users permissions for accessing restricted resources. RBAC assigns users to roles, where roles determine the resources each user can access. The definition of roles, especially when there is a large number of users and many resources to handle, can be a very difficult and time consuming task. The class of tools and methodologies to elicit roles starting from existing user-permission assignments are referred to as role mining. Sometimes, to let the RBAC model be directly deployable in organizations, role mining can also take into account various constraints, like cardinality and separation of duty. Typically, these constraints are enforced to ease roles’ management and their use is justified as role administration becomes convenient. In this paper, we focus on the User-Distribution cardinality constraint which places a restriction the number of users that can be assigned to a given role. In this scenario, we present a simple heuristic that improves over the state-of-the-art. Furthermore, to address a more realistic situation, we provide the User-Distribution model with the additional constraint that avoids the generation of roles sharing identical set of permissions. Similarly, within this context, we describe a heuristic enabling the computation of a solution in the new model. Additionally, we assess both heuristics’ performances using real-world datasets

A Simple Role Mining Algorithm

Complex organizations need to establish access control policies in order to manage access to restricted resources. Role Based Access Control paradigm has been introduced in '90 years aiming at simplifying the management of centralized access control. The definition of a good set of roles in order to match the organizational requirements of a company is a problem partially solved by role mining techniques, which return automatically a set of roles compatible with the permissions assigned to users. Unfortunately, the problem of finding an optimal role set has been proved to be NP-hard; so heuristics have been introduced in order to approximate the optimal solution. In this work we propose a novel heuristic and compare its results showing its efficiency and effectiveness

Visual Cryptography Schemes with Optimal Pixel Expansion

A visual cryptography scheme encodes a black & white secret image into n shadow images called shares which are distributed to the n participants. Such shares are such that only qualified subsets of participants can "visually" recover the secret image. Usually, the reconstructed image will be darker than the background of the image itself. In this paper we consider visual cryptography schemes satisfying the model introduced by Tzeng and Hu (Designs, Codes and Cryptography, Vol. 27, No. 3, pp. 207--227, 2002). In such a model the recovered secret image can be darker or lighter than the background. We prove a lower bound on the pixel expansion of the scheme and, for (2, n)-threshold visual cryptography schemes, we provide schemes achieving the bound. Our schemes improve on the ones proposed by Tzeng and Hu

Ensuring XML Integrity Using Watermarking Techniques

International audienceToday, XML is the most used data interchange format for business-to-business applications. Indeed, an increasing amount of data in XML format is created and published over the Internet every day. Moreover, organizations need more and more to share sets of XML documents usually managed via a common XML repository. XML integrity and authenticity have become strong requirements for applications like web services that exchange messages in such format. XML signature aims to guarantee these properties but it cannot avoid attackers to intercept and change the structure of the XML message. A very common attack to XML Signature called XML Signature Wrapping(XSW) attack represents a big issue in web services security as SOAP messages –which are XML signed files- could be corrupted. In this paper, we propose a countermeasure to the XML Signature wrapping attack that makes use of XML watermarking techniques. In our proposal we express constraints on the schema of the XML document and fix its structure using an absolute coordinate system whose values are embedded within the file as a watermark