{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T09:07:20Z","timestamp":1769159240398,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,10]],"date-time":"2020-06-10T00:00:00Z","timestamp":1591747200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,10]]},"DOI":"10.1145\/3381991.3395597","type":"proceedings-article","created":{"date-parts":[[2020,5,29]],"date-time":"2020-05-29T04:34:57Z","timestamp":1590726897000},"page":"119-130","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Informed Privilege-Complexity Trade-Offs in RBAC Configuration"],"prefix":"10.1145","author":[{"given":"Jon","family":"Currey","sequence":"first","affiliation":[{"name":"HashiCorp Inc., San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robbie","family":"McKinstry","sequence":"additional","affiliation":[{"name":"HashiCorp Inc., San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Armon","family":"Dadgar","sequence":"additional","affiliation":[{"name":"HashiCorp Inc., San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark","family":"Gritter","sequence":"additional","affiliation":[{"name":"HashiCorp Inc., San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,6,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Vijayalakshmi Atluri Jaideep Vaidya and Qi Guo. 2008. Migrating to Optimal RBAC with Minimal Perturbation. (2008).  Vijayalakshmi Atluri Jaideep Vaidya and Qi Guo. 2008. Migrating to Optimal RBAC with Minimal Perturbation. (2008)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1527125.1527138"},{"key":"e_1_3_2_1_3_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS)","author":"Bertino Elisa","year":"2008"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1364198"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-16849"},{"key":"e_1_3_2_1_6_1","unstructured":"Kalyanmoy Deb. 2001. Multi-objective optimization using evolutionary algorithms. Vol. 16. John Wiley & Sons.  Kalyanmoy Deb. 2001. Multi-objective optimization using evolutionary algorithms. Vol. 16. John Wiley & Sons."},{"key":"e_1_3_2_1_7_1","article-title":"A fast and elitist multiobjective genetic algorithm","volume":"6","author":"Deb K.","year":"2002","journal-title":"NSGA-II. IEEE Transactions on Evolutionary Computation"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Alina Ene William Horne Nikola Milosavljevic Prasad Rao Robert Schreiber and Robert E. Tarjan. 2008. Fast exact and heuristic methods for role minimization problems. (2008) 1--10.  Alina Ene William Horne Nikola Milosavljevic Prasad Rao Robert Schreiber and Robert E. Tarjan. 2008. Fast exact and heuristic methods for role minimization problems. (2008) 1--10.","DOI":"10.1145\/1377836.1377838"},{"key":"e_1_3_2_1_9_1","volume-title":"Role-Based Access Control. In In 15th NIST-NCSC National Computer Security Conference. 554--563","author":"Ferraiolo David","year":"1992"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2445566.2445567"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653675"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Nurit Gal-Oz Yaron Gonen Ran Yahalom Ehud Gudes Boris Rozenberg and Erez Shmueli. 2011. Mining Roles fromWeb Application Usage Patterns. In Trust Privacy and Security in Digital Business Steven Furnell Costas Lambrinoudakis and G\u00fcnther Pernul (Eds.). 125--137.  Nurit Gal-Oz Yaron Gonen Ran Yahalom Ehud Gudes Boris Rozenberg and Erez Shmueli. 2011. Mining Roles fromWeb Application Usage Patterns. In Trust Privacy and Security in Digital Business Steven Furnell Costas Lambrinoudakis and G\u00fcnther Pernul (Eds.). 125--137.","DOI":"10.1007\/978-3-642-22890-2_11"},{"key":"e_1_3_2_1_14_1","unstructured":"Qi Guo. 2010. A formal approach to the role mining problem. Ph.D. Dissertation. Rutgers University-Graduate School-Newark.  Qi Guo. 2010. A formal approach to the role mining problem. Ph.D. Dissertation. Rutgers University-Graduate School-Newark."},{"key":"e_1_3_2_1_15_1","unstructured":"HashiCorp. 2015. hashicorp\/vault: A tool for secrets management encryption as a service and privileged access management. https:\/\/github.com\/hashicorp\/vault. [Online; accessed 17-Apr-2020].  HashiCorp. 2015. hashicorp\/vault: A tool for secrets management encryption as a service and privileged access management. https:\/\/github.com\/hashicorp\/vault. [Online; accessed 17-Apr-2020]."},{"key":"e_1_3_2_1_16_1","unstructured":"HashiCorp. 2015. Vault by HashiCorp. https:\/\/https:\/\/www.vaultproject.io. [Online; accessed 17-Apr-2020].  HashiCorp. 2015. Vault by HashiCorp. https:\/\/https:\/\/www.vaultproject.io. [Online; accessed 17-Apr-2020]."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Jafar Haadi Jafarian Hassan Takabi Hakim Touati Ehsan Hesamifard and Mohamed Shehab. 2015. Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach. (2015) 211--220.  Jafar Haadi Jafarian Hassan Takabi Hakim Touati Ehsan Hesamifard and Mohamed Shehab. 2015. Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach. (2015) 211--220.","DOI":"10.1145\/2752952.2752975"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"John C. John Shamik Sural Vijayalakshmi Atluri and Jaideep S. Vaidya. 2012. Role Mining under Role-Usage Cardinality Constraint. In Information Security and Privacy Research. Springer Berlin Heidelberg 150--161.  John C. John Shamik Sural Vijayalakshmi Atluri and Jaideep S. Vaidya. 2012. Role Mining under Role-Usage Cardinality Constraint. In Information Security and Privacy Research. Springer Berlin Heidelberg 150--161.","DOI":"10.1007\/978-3-642-30436-1_13"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2018.1661330"},{"key":"e_1_3_2_1_20_1","unstructured":"Gene Kim Jez Humble Patrick Debois and John Willis. 2016. The DevOps Handbook:: How to Create World-Class Agility Reliability and Security in Technology Organizations. IT Revolution.  Gene Kim Jez Humble Patrick Debois and John Willis. 2016. The DevOps Handbook:: How to Create World-Class Agility Reliability and Security in Technology Organizations. IT Revolution."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"S. Kirkpatrick C. D. Gelatt and M. P. Vecchi. 1983. Optimization by Simulated Annealing. Science 220 4598 (1983).  S. Kirkpatrick C. D. Gelatt and M. P. Vecchi. 1983. Optimization by Simulated Annealing. Science 220 4598 (1983).","DOI":"10.1126\/science.220.4598.671"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Martin Kuhlmann Dalia Shohat and Gerhard Schimpf. 2003. Role mining - revealing business roles for security administration using data mining technology (SACMAT '03). ACM 179--186.  Martin Kuhlmann Dalia Shohat and Gerhard Schimpf. 2003. Role mining - revealing business roles for security administration using data mining technology (SACMAT '03). ACM 179--186.","DOI":"10.1145\/775412.775435"},{"key":"e_1_3_2_1_23_1","unstructured":"Duo Labs. 2018. Cloudtracker GitHub Repository. https:\/\/github.com\/duo-labs\/ cloudtracker. [Online; accessed 10-Feb-2020].  Duo Labs. 2018. Cloudtracker GitHub Repository. https:\/\/github.com\/duo-labs\/ cloudtracker. [Online; accessed 10-Feb-2020]."},{"key":"e_1_3_2_1_24_1","unstructured":"Duo Labs. 2018. Introducing Cloudtracker. https:\/\/duo.com\/blog\/ introducing-cloudtracker-an-aws-cloudtrail-log-analyzer. [Online; accessed 10-Feb-2020].  Duo Labs. 2018. Introducing Cloudtracker. https:\/\/duo.com\/blog\/ introducing-cloudtracker-an-aws-cloudtrail-log-analyzer. [Online; accessed 10-Feb-2020]."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/2590636.2590637"},{"key":"e_1_3_2_1_26_1","volume-title":"Role Mining Based on Weights (SACMAT '10)","author":"Ma Xiaopu","year":"2010"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Christopher A. Mattson Anoop A. Mullur and Achille Messac. 2004. Smart Pareto filter: obtaining a minimal representation of multiobjective design space. Engineering Optimization 36 6 (2004).  Christopher A. Mattson Anoop A. Mullur and Achille Messac. 2004. Smart Pareto filter: obtaining a minimal representation of multiobjective design space. Engineering Optimization 36 6 (2004).","DOI":"10.1080\/0305215042000274942"},{"key":"e_1_3_2_1_28_1","volume-title":"Least Privilege: Security Gain without Developer Pain. In Enigma 2018 (Enigma","author":"McPeak Travis","year":"2018"},{"key":"e_1_3_2_1_29_1","unstructured":"Kaisa Miettinen. 2012. Nonlinear multiobjective optimization. Vol. 12. Springer Science & Business Media.  Kaisa Miettinen. 2012. Nonlinear multiobjective optimization. Vol. 12. Springer Science & Business Media."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2871148"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Ian Molloy Hong Chen Tiancheng Li Qihua Wang Ninghui Li Elisa Bertino Seraphin Calo and Jorge Lobo. 2008. Mining roles with semantic meanings. (2008) 21--30.  Ian Molloy Hong Chen Tiancheng Li Qihua Wang Ninghui Li Elisa Bertino Seraphin Calo and Jorge Lobo. 2008. Mining roles with semantic meanings. (2008) 21--30.","DOI":"10.1145\/1377836.1377840"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1880022.1880030"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295145"},{"key":"e_1_3_2_1_34_1","unstructured":"Netflix. 2017. Introducing Aardvark and Repokid. https:\/\/netflixtechblog.com\/ introducing-aardvark-and-repokid-53b081bf3a7e. [Online; accessed 5-Feb-2020].  Netflix. 2017. Introducing Aardvark and Repokid. https:\/\/netflixtechblog.com\/ introducing-aardvark-and-repokid-53b081bf3a7e. [Online; accessed 5-Feb-2020]."},{"key":"e_1_3_2_1_35_1","unstructured":"U.S.Department of Commerce\/National Institute of Standards and Technology. 2004. ANSI\/INCITS 359--2004 Role Based Access Control.  U.S.Department of Commerce\/National Institute of Standards and Technology. 2004. ANSI\/INCITS 359--2004 Role Based Access Control."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"J\u00fcrgen Schlegelmilch and Ulrike Steffens. 2005. Role Mining with ORCA. (2005) 168--176.  J\u00fcrgen Schlegelmilch and Ulrike Steffens. 2005. Role Mining with ORCA. (2005) 168--176.","DOI":"10.1145\/1063979.1064008"},{"key":"e_1_3_2_1_38_1","unstructured":"Florian Sellmayr. 2017. Trailscraper GitHub Repository. https:\/\/github.com\/ flosell\/trailscraper. [Online; accessed 10-Feb-2020].  Florian Sellmayr. 2017. Trailscraper GitHub Repository. https:\/\/github.com\/ flosell\/trailscraper. [Online; accessed 10-Feb-2020]."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Hassan Takabi and James B.D. Joshi. 2010. StateMiner: An Efficient Similarity- Based Approach for Optimal Mining of Role Hierarchy (SACMAT '10). 55--64.  Hassan Takabi and James B.D. Joshi. 2010. StateMiner: An Efficient Similarity- Based Approach for Optimal Mining of Role Hierarchy (SACMAT '10). 55--64.","DOI":"10.1145\/1809842.1809853"},{"key":"e_1_3_2_1_40_1","unstructured":"Jaideep Vaidya Vijayalakshmi Atluri and Qi Guo. 2007. The Role Mining Problem: Finding a Minimal Descriptive Set of Roles (SACMAT '07). 175--184.  Jaideep Vaidya Vijayalakshmi Atluri and Qi Guo. 2007. The Role Mining Problem: Finding a Minimal Descriptive Set of Roles (SACMAT '07). 175--184."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1805974.1805983"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Jaideep Vaidya Vijayalakshmi Atluri and JaniceWarner. 2006. RoleMiner: mining roles using subset enumeration. (2006) 144--153.  Jaideep Vaidya Vijayalakshmi Atluri and JaniceWarner. 2006. RoleMiner: mining roles using subset enumeration. (2006) 144--153.","DOI":"10.1145\/1180405.1180424"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.61"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.32"},{"key":"e_1_3_2_1_45_1","unstructured":"Rory Ward and Betsy Beyer. 2014. BeyondCorp: A new approach to enterprise security. (2014).  Rory Ward and Betsy Beyer. 2014. BeyondCorp: A new approach to enterprise security. (2014)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295146"},{"key":"e_1_3_2_1_47_1","unstructured":"Dana Zhang Kotagiri Ramamohanarao and Tim Ebringer. 2007. Role engineering using graph optimisation. (2007) 139--144.  Dana Zhang Kotagiri Ramamohanarao and Tim Ebringer. 2007. Role engineering using graph optimisation. (2007) 139--144."},{"key":"e_1_3_2_1_48_1","volume-title":"Permission Set Mining: Discovering Practical and Useful Roles. 2008 Annual Computer Security Applications Conference (ACSAC)","author":"Zhang Dana","year":"2008"},{"key":"e_1_3_2_1_49_1","volume-title":"Evolving Role Definitions Through Permission Invocation Patterns (SACMAT '13)","author":"Zhang Wen","year":"2013"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2016.81"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0056872"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2003.810758"}],"event":{"name":"SACMAT '20: The 25th ACM Symposium on Access Control Models and Technologies","location":"Barcelona Spain","acronym":"SACMAT '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 25th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3381991.3395597","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3381991.3395597","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:33:08Z","timestamp":1750199588000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3381991.3395597"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,10]]},"references-count":52,"alternative-id":["10.1145\/3381991.3395597","10.1145\/3381991"],"URL":"https:\/\/doi.org\/10.1145\/3381991.3395597","relation":{},"subject":[],"published":{"date-parts":[[2020,6,10]]},"assertion":[{"value":"2020-06-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}