Abstract:Bottom-up role-mining is the determination of a set of roles given as input a set of users and the permissions those users possess. It is well-established in the research literature, and in practice, as an important problem in information security. A natural objective that has been explored in prior work is for the set of roles to be of minimum size. We address this problem for practical inputs while reconciling foundations, specifically, that the problem is \cnph. We first observe that an approach from prior work that exploits a sufficient condition for an efficient algorithm, while a useful first step, does not scale to more recently proposed benchmark inputs. We propose a new technique: the enumeration of maximal bicliques. We point out that the number of maximal bicliques provides a natural measure of the hardness of an input. We leverage the enumeration of maximal bicliques in two different ways. Our first approach addresses more than half the benchmark inputs to yield exact results. The other approach is needed for hard instances; in it, we identify and adopt as roles those that correspond to large maximal bicliques. We have implemented all our algorithms and carried out an extensive empirical assessment, which suggests that our approaches are promising. Our code is available publicly as open-source.

What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve a key problem in **bottom - up role - mining**, that is, **how to minimize the number of required roles**. Specifically, given a set of users and their permissions, the goal is to determine a set of roles so that these roles can cover all users' permissions and the total number of roles is as small as possible. #### Background and Motivation 1. **Access Control and RBAC** - Access control is an important aspect in information security, which is used to determine the operations that users can perform on resources. - Role - Based Access Control (RBAC) is a commonly used access control method, in which users are assigned to different roles, and each role has specific permissions. 2. **Role - Mining Problem** - Role - mining is to derive a set of roles from the existing user - permission matrix so that these roles can accurately reflect the user - permission assignment. - One of the important optimization goals is **minimizing the number of roles**, which not only helps simplify the access control system, but also can improve the manageability and security of the system. 3. **Limitations of Existing Methods** - Previous work has proposed some effective methods to solve the role - mining problem, but these methods perform poorly when dealing with newly proposed benchmark datasets, especially when facing larger - scale and more complex datasets. #### Main Contributions of the Paper 1. **New Technique: Maximal Biclique Enumeration** - The authors propose a new technique based on maximal biclique enumeration. A biclique refers to a complete bipartite graph between two vertex sets in a bipartite graph. - By enumerating all maximal bicliques, the minimum number of roles can be found more effectively. 2. **Measurement of Instance Difficulty** - The authors point out that the number of maximal bicliques can be used as a natural indicator to measure the difficulty of the input instance. If the number of maximal bicliques is small, the instance is relatively simple; otherwise, it is more difficult. 3. **Two Solution Strategies** - For simple instances (i.e., with a small number of maximal bicliques), all maximal bicliques can be enumerated and a constraint solver can be used to select the minimum number of roles. - For difficult instances, the authors propose a heuristic algorithm, which approximates the optimal solution by selecting larger maximal bicliques. 4. **Experimental Evaluation** - The authors implement the above algorithms and conduct extensive experimental evaluations on multiple benchmark datasets, and the results show that the new method outperforms existing methods in many cases. #### Conclusion This paper solves the problem of minimizing the number of roles in bottom - up role - mining by introducing a new method of maximal biclique enumeration. This method not only provides new insights in theory, but also shows good performance in practical applications, especially when dealing with large - scale and complex datasets. --- If you have more specific questions or need further explanation, please feel free to let me know!

Minimizing the Number of Roles in Bottom-Up Role-Mining using Maximal Biclique Enumeration

Constrained Role Mining

Minimal Role Mining Method for Web Service Composition

Bi-objective Optimization in Role Mining

Role Mining with Probabilistic Models

Role Mining and Policy Misconfigurations

Mining Hierarchical Temporal Roles with Multiple Metrics

Efficient Maximal Biclique Enumeration on Large Signed Bipartite Graphs

A cost-driven approach to role engineering

Enumerating Maximal Bicliques from a Large Graph using MapReduce

Graph Based Strategies to Role Engineering

Inconsistency Resolution Method for RBAC Based Interoperation

Role Mining Algorithm Evaluation and Improvement in Large Volume Android Applications.

BBK: a simpler, faster algorithm for enumerating maximal bicliques in large sparse bipartite graphs

Fairness-aware Maximal Biclique Enumeration on Bipartite Graphs

AMBEA: Aggressive Maximal Biclique Enumeration in Large Bipartite Graph Computing

The maximum clique enumeration problem: algorithms, applications, and implementations

Efficient Graph Based Approach To Large Scale Role Engineering

Accelerating Maximal Clique Enumeration via Graph Reduction

Efficient Balanced Signed Biclique Search in Signed Bipartite Graphs