Role Mining


This project started in December 2007 and ended in September 2011.


Mario Frank, Information Security Group, ETH
Prof. David Basin, Information Security Group, ETH
Prof. Joachim Buhmann, Machine Learning Laboratory, ETH


This project addresses an important practical problem in Information Security: developing and rationalizing access control infrastructures based on Role-Based Access Control (RBAC). RBAC is an approach for specifying user privileges for carrying out operations on system objects: Roles group together system privileges and users are assigned to roles, thereby granting them the associated privileges.
Although RBAC is conceptually simple, it is very difficult to configure RBAC systems in practice within large enterprises, i.e., to determine the appropriate roles and assign users to roles. This complexity leads to both high security administration costs and security weaknesses due to improperly implemented and administered security policies.

To tackle these problems, data mining techniques will be developed for both configuring RBAC systems and for assessing configurations. Data sets such as existing user privileges or job functions will be used for this analysis. The resulting configurations should satisfy various criteria such as minimizing the number of roles or minimizing the changes required when users are added to or removed from the system.


Mario Frank, Morteza Haghir Chehreghani and Joachim M. Buhmann

The Minimum Transfer Cost Principle for Model-Order Selection

European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD 2011), September 2011.

Mario Frank and Joachim M. Buhmann

Selecting the rank of truncated SVD by Maximum Approximation Capacity

IEEE International Symposium on Information Theory (ISIT 2011), August 2011.

Joachim M. Buhmann, Morteza Haghir Chehreghani, Mario Frank and Andreas P. Streich
Information Theoretic Model Selection for Pattern Analysis

ICML 2011 Workshop on Unsupervised and Transfer Learning, June 2011.

Mario Frank and Ian Molloy

Tutorial on Role Mining

17th ACM Conference on Computer and Communications Security (CCS 2010), October 2010.

Mario Frank, Joachim M. Buhmann and David Basin

On the Definition of Role Mining

15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010), June 2010.

Mario Frank, Andreas P. Streich, David Basin and Joachim M. Buhmann

A Probabilistic Approach to Hybrid Role Mining

16th ACM Conference on Computer and Communications Security (CCS 2009), November 2009.

Andreas P. Streich, Mario Frank, David Basin and Joachim M. Buhmann
Multi-Assignment Clustering for Boolean Data

26th International Conference on Machine Learning (ICML 2009), June 2009

Mario Frank, David Basin and Joachim M. Buhmann 

A Class of Probabilistic Models for Role Engineering

15th ACM Conference on Computer and Communications Security (CCS 2008), October 2008.