Role mining with user attribution using generative models

摘要

Applications of machine learning techniques such as Latent Dirichlet Allocation (LDA) and author-topic models (ATM) to the problems of mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements are provided. In one aspect, a method for performing role mining given a plurality of users and a plurality of permissions is provided. The method includes the following steps. At least one generative machine learning technique, e.g., LDA, is used to obtain a probability distribution θ for user-to-role assignments and a probability distribution β for role-to-permission assignments. The probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments are used to produce a final set of roles, including user-to-role assignments and role-to-permission assignments.

主权项

1. A method for performing role mining given a plurality of users and a plurality of permissions, the method comprising the steps of:
using at least one generative machine learning technique to obtain a collection K of k roles, a probability distribution θ for user-to-role assignments and a probability distribution β for role-to-permission assignments, wherein the probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments account for past usage of permission assignments by the users; and finding latent roles in the permissions by converting the probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments into a final set of roles, including discrete user-to-role assignments and role-to-permission assignments.