{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:15:01Z","timestamp":1775470501531,"version":"3.50.1"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2010,12,1]],"date-time":"2010-12-01T00:00:00Z","timestamp":1291161600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2010,12]]},"abstract":"<jats:p>With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. Researchers have proposed to use data mining techniques to discover roles to complement the costly top-down approaches for RBAC system construction. An important problem is how to construct RBAC systems with low complexity. In this article, we define the notion of weighted structural complexity measure and propose a role mining algorithm that mines RBAC systems with low structural complexity. Another key problem that has not been adequately addressed by existing role mining approaches is how to discover roles with semantic meanings. In this article, we study the problem in two primary settings with different information availability. When the only information is user-permission relation, we propose to discover roles whose semantic meaning is based on formal concept lattices. We argue that the theory of formal concept analysis provides a solid theoretical foundation for mining roles from a user-permission relation. When user-attribute information is also available, we propose to create roles that can be explained by expressions of user-attributes. Since an expression of attributes describes a real-world concept, the corresponding role represents a real-world concept as well. Furthermore, the algorithms we propose balance the semantic guarantee of roles with system complexity. Finally, we indicate how to create a hybrid approach combining top-down candidate roles. Our experimental results demonstrate the effectiveness of our approaches.<\/jats:p>","DOI":"10.1145\/1880022.1880030","type":"journal-article","created":{"date-parts":[[2010,12,29]],"date-time":"2010-12-29T14:32:48Z","timestamp":1293633168000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":92,"title":["Mining Roles with Multiple Objectives"],"prefix":"10.1145","volume":"13","author":[{"given":"Ian","family":"Molloy","sequence":"first","affiliation":[{"name":"IBM T.J. Watson Research Center"}]},{"given":"Hong","family":"Chen","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Tiancheng","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Qihua","family":"Wang","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Seraphin","family":"Calo","sequence":"additional","affiliation":[{"name":"IBM T.J. Watson Research Center"}]},{"given":"Jorge","family":"Lobo","sequence":"additional","affiliation":[{"name":"IBM T.J. Watson Research Center"}]}],"member":"320","published-online":{"date-parts":[[2010,12]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the VLDB Conference. 487--499","author":"Agrawal R.","unstructured":"Agrawal , R. and Srikant , R . 1994. Fast algorithms for mining association rules . In Proceedings of the VLDB Conference. 487--499 . Agrawal, R. and Srikant, R. 1994. Fast algorithms for mining association rules. In Proceedings of the VLDB Conference. 487--499."},{"key":"e_1_2_1_2_1","unstructured":"Buecker A. Palacios J. C. Davis B. Hastings T. and Yip I. 2005. Identity management design guide with IBM Tivoli Identity Manager. IBM. Buecker A. Palacios J. C. Davis B. Hastings T. and Yip I. 2005. Identity management design guide with IBM Tivoli Identity Manager. IBM."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1364198"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the IFIP International Conference on Information Security (SEC\u201908)","author":"Colantonio A.","unstructured":"Colantonio , A. , Pietro , R. D. , and Ocello , A . 2008b. Leveraging lattices to improve role mining . In Proceedings of the IFIP International Conference on Information Security (SEC\u201908) . 333--347. Colantonio, A., Pietro, R. D., and Ocello, A. 2008b. Leveraging lattices to improve role mining. In Proceedings of the IFIP International Conference on Information Security (SEC\u201908). 333--347."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/270152.270159"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1006\/jagm.2001.1199"},{"key":"e_1_2_1_7_1","volume-title":"Biclique covers of bipartite graphs: The minimum biclique cover and edge concentration problems. Tech. rep","author":"Ene A.","unstructured":"Ene , A. 2007. Biclique covers of bipartite graphs: The minimum biclique cover and edge concentration problems. Tech. rep ., Princeton University . Ene, A. 2007. Biclique covers of bipartite graphs: The minimum biclique cover and edge concentration problems. Tech. rep., Princeton University."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377838"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455809"},{"key":"e_1_2_1_10_1","unstructured":"Gallaher M. P. O\u2019Connor A. C. and Kropp B. 2002. The economic impact of role-based access control. Planning rep. 02-1 National Institute of Standards and Technology. Gallaher M. P. O\u2019Connor A. C. and Kropp B. 2002. The economic impact of role-based access control. Planning rep. 02-1 National Institute of Standards and Technology."},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Ganter B. and Wille R. 1998. Formal Concept Analysis: Mathematical Foundations. Springer. Ganter B. and Wille R. 1998. Formal Concept Analysis: Mathematical Foundations . Springer.","DOI":"10.1007\/978-3-642-59830-2"},{"key":"e_1_2_1_12_1","unstructured":"Krajca P. Outrata J. and Vychodil V. 2008. Parallel recursive algorithm for FCA. In Concept Lattices and Their Applications. Krajca P. Outrata J. and Vychodil V. 2008. Parallel recursive algorithm for FCA. In Concept Lattices and Their Applications ."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775435"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0166-218X(99)00207-3"},{"key":"e_1_2_1_15_1","unstructured":"Lindig C. 2000. Fast concept analysis. Working with Conceptual Structures - Contributions to ICCS\u201900. Lindig C. 2000. Fast concept analysis. Working with Conceptual Structures - Contributions to ICCS\u201900 ."},{"key":"e_1_2_1_16_1","volume-title":"Mining patterns and violations using concept analysis. Tech. rep.,Universitat des Saarlandes","author":"Lindig C.","unstructured":"Lindig , C. 2007. Mining patterns and violations using concept analysis. Tech. rep.,Universitat des Saarlandes , Saarbrucken, Germany . Lindig, C. 2007. Mining patterns and violations using concept analysis. Tech. rep.,Universitat des Saarlandes, Saarbrucken, Germany."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2008.4497438"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377840"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542224"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507717"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/344287.344308"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1064008"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775434"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315300"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-023X(02)00057-5"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266870"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377839"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180424"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266862"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1880022.1880030","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1880022.1880030","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:15Z","timestamp":1750243935000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1880022.1880030"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,12]]},"references-count":29,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2010,12]]}},"alternative-id":["10.1145\/1880022.1880030"],"URL":"https:\/\/doi.org\/10.1145\/1880022.1880030","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,12]]},"assertion":[{"value":"2008-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-12-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}