{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T14:35:45Z","timestamp":1760452545918,"version":"3.41.0"},"reference-count":41,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2013,4,1]],"date-time":"2013-04-01T00:00:00Z","timestamp":1364774400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Zurich Information Security Center"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2013,4]]},"abstract":"<jats:p>Role mining tackles the problem of finding a role-based access control (RBAC) configuration, given an access-control matrix assigning users to access permissions as input. Most role-mining approaches work by constructing a large set of candidate roles and use a greedy selection strategy to iteratively pick a small subset such that the differences between the resulting RBAC configuration and the access control matrix are minimized. In this article, we advocate an alternative approach that recasts role mining as an inference problem rather than a lossy compression problem. Instead of using combinatorial algorithms to minimize the number of roles needed to represent the access-control matrix, we derive probabilistic models to learn the RBAC configuration that most likely underlies the given matrix.<\/jats:p>\n          <jats:p>Our models are generative in that they reflect the way that permissions are assigned to users in a given RBAC configuration. We additionally model how user-permission assignments that conflict with an RBAC configuration emerge and we investigate the influence of constraints on role hierarchies and on the number of assignments. In experiments with access-control matrices from real-world enterprises, we compare our proposed models with other role-mining methods. Our results show that our probabilistic models infer roles that generalize well to new system users for a wide variety of data, while other models\u2019 generalization abilities depend on the dataset given.<\/jats:p>","DOI":"10.1145\/2445566.2445567","type":"journal-article","created":{"date-parts":[[2013,4,9]],"date-time":"2013-04-09T12:17:58Z","timestamp":1365509878000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":36,"title":["Role Mining with Probabilistic Models"],"prefix":"10.1145","volume":"15","author":[{"given":"Mario","family":"Frank","sequence":"first","affiliation":[{"name":"University of California Berkeley"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joachim M.","family":"Buhman","sequence":"additional","affiliation":[{"name":"ETH Z\u00fcrich"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Basin","sequence":"additional","affiliation":[{"name":"ETH Z\u00fcrich"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2013,4]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_2_2_1_1","DOI":"10.1214\/aos\/1176342871"},{"doi-asserted-by":"publisher","key":"e_1_2_2_2_1","DOI":"10.1145\/1363686.1364198"},{"doi-asserted-by":"publisher","key":"e_1_2_2_3_1","DOI":"10.1145\/1542207.1542223"},{"volume":"297","volume-title":"Proceedings of the 24th International Information Security Conference (SEC\u201909)","author":"Colantonio A.","key":"e_1_2_2_4_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_5_1","DOI":"10.1016\/j.dss.2010.08.022"},{"doi-asserted-by":"crossref","unstructured":"Cover T. M. and Thomas J. A. 2006. Elements of Information Theory. Wiley-Interscience.   Cover T. M. and Thomas J. A. 2006. Elements of Information Theory . Wiley-Interscience.","key":"e_1_2_2_6_1","DOI":"10.1002\/047174882X"},{"doi-asserted-by":"publisher","key":"e_1_2_2_7_1","DOI":"10.1145\/270152.270159"},{"doi-asserted-by":"publisher","key":"e_1_2_2_8_1","DOI":"10.1016\/j.ins.2008.08.003"},{"doi-asserted-by":"publisher","key":"e_1_2_2_9_1","DOI":"10.1145\/1377836.1377838"},{"volume-title":"Proceedings of ACSAC \u201901","author":"Epstein P.","key":"e_1_2_2_10_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_11_1","DOI":"10.1214\/aos\/1176342360"},{"volume-title":"Proceedings of the 15th National Computer Security Conference. 554--563","author":"Ferraiolo D. F.","key":"e_1_2_2_12_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_13_1","DOI":"10.1145\/1455770.1455809"},{"doi-asserted-by":"publisher","key":"e_1_2_2_14_1","DOI":"10.1145\/1809842.1809851"},{"volume":"6911","volume-title":"Proceedings of ECML PKDD\u201911: Machine Learning and Knowledge Discovery in Databases. Lecture Notes in Computer Science","author":"Frank M.","key":"e_1_2_2_15_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_16_1","DOI":"10.1145\/1653662.1653675"},{"key":"e_1_2_2_17_1","first-page":"459","article-title":"Multi-assignment clustering for Boolean data","volume":"13","author":"Frank M.","year":"2012","journal-title":"J. Mach. Learn. Res."},{"doi-asserted-by":"publisher","key":"e_1_2_2_18_1","DOI":"10.1007\/978-3-540-89862-7_24"},{"volume-title":"Proceedings of the Conference on Neural Information Processing Systems. 475--482","author":"Griffiths T. L.","key":"e_1_2_2_19_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_20_1","DOI":"10.1109\/ACSAC.2008.38"},{"doi-asserted-by":"crossref","unstructured":"Hastie T. Tibshirani R. and Friedman J. 2001. The Elements of Statistical Learning. Springer Series in Statistics. Springer.  Hastie T. Tibshirani R. and Friedman J. 2001. The Elements of Statistical Learning . Springer Series in Statistics. Springer.","key":"e_1_2_2_21_1","DOI":"10.1007\/978-0-387-21606-5"},{"doi-asserted-by":"publisher","key":"e_1_2_2_22_1","DOI":"10.1016\/j.neucom.2007.07.038"},{"volume-title":"Proceedings of the National Conference on Artificial Intelligence. 763--770","author":"Kemp C.","key":"e_1_2_2_23_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_24_1","DOI":"10.1145\/775412.775435"},{"unstructured":"Li N. Li T. Molloy I. Wang Q. Bertino E. Calo S. and Lobo J. 2007. Role mining for engineering and optimizing role based access control systems. Tech. rep. Purdue University IBM T.J.Watson Research Center.  Li N. Li T. Molloy I. Wang Q. Bertino E. Calo S. and Lobo J. 2007. Role mining for engineering and optimizing role based access control systems. Tech. rep. Purdue University IBM T.J.Watson Research Center.","key":"e_1_2_2_25_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_26_1","DOI":"10.1109\/ICDE.2008.4497438"},{"doi-asserted-by":"publisher","key":"e_1_2_2_27_1","DOI":"10.1109\/TDSC.2012.21"},{"doi-asserted-by":"publisher","key":"e_1_2_2_28_1","DOI":"10.5555\/3120676.3120711"},{"doi-asserted-by":"publisher","key":"e_1_2_2_29_1","DOI":"10.1145\/1377836.1377840"},{"doi-asserted-by":"publisher","key":"e_1_2_2_30_1","DOI":"10.1145\/1880022.1880030"},{"doi-asserted-by":"publisher","key":"e_1_2_2_31_1","DOI":"10.1145\/1809842.1809852"},{"doi-asserted-by":"publisher","key":"e_1_2_2_32_1","DOI":"10.1145\/507711.507717"},{"doi-asserted-by":"publisher","key":"e_1_2_2_33_1","DOI":"10.1145\/1063979.1064008"},{"doi-asserted-by":"publisher","key":"e_1_2_2_34_1","DOI":"10.1145\/1553374.1553498"},{"doi-asserted-by":"publisher","key":"e_1_2_2_35_1","DOI":"10.1145\/1180405.1180424"},{"doi-asserted-by":"publisher","key":"e_1_2_2_36_1","DOI":"10.1145\/1266840.1266870"},{"doi-asserted-by":"publisher","key":"e_1_2_2_37_1","DOI":"10.1145\/1805974.1805983"},{"doi-asserted-by":"publisher","key":"e_1_2_2_38_1","DOI":"10.1109\/TDSC.2008.61"},{"volume-title":"Proceedings of the Conference on Uncertainty in Artificial Intelligence. 536--543","author":"Wood F.","key":"e_1_2_2_39_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_40_1","DOI":"10.1145\/2295136.2295146"},{"doi-asserted-by":"publisher","key":"e_1_2_2_41_1","DOI":"10.1145\/1266840.1266862"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2445566.2445567","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2445566.2445567","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:09Z","timestamp":1750239249000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2445566.2445567"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,4]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,4]]}},"alternative-id":["10.1145\/2445566.2445567"],"URL":"https:\/\/doi.org\/10.1145\/2445566.2445567","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2013,4]]},"assertion":[{"value":"2012-06-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2012-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-04-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}