Institute for Cyber Law, Policy, and Security

Cybersecurity Seminar - hosted by SCI, LERSAIS, and Pitt Cyber

Date

November 18, 2019 - 11:00am to 12:00pm

Join the School of Computing and Information, LERSAIS, and Pitt Cyber in welcoming Dr. Shamik Sural. Dr. Sural will discuss optimal user assignment in constrained role-based access control systems. 

One of the critical requirements towards the success of any business organization is efficient management of its human capital. In a typically resource-constrained organizational environment, maximizing the utilization of its available workforce is imperative. However, tasks cannot simply be assigned to arbitrary employees since they need to have the necessary capabilities for executing the same. Furthermore, security constraints forbid any ad hoc assignments and also enforce major dependencies on other employees who have access to the same tasks. Owing to the increasing size and scale of organizations, both in terms of the number of employees as well as resources to be managed, it is imperative that efficient computational solutions be developed to automate the process of employee to task assignment.

Since role-based access control (RBAC) is still the most commonly used access control model for commercial information systems, we consider organizational policies and constraints to be modeled with RBAC. In the first part of the talk, we will look into the problem of determining a minimal set of users and their role assignments in an RBAC system with a set of Separation of Duty and Cardinality constraints. We model it as a hypergraph coloring problem and provide efficient heuristics for its solution. We next consider a related though different situation in which the goal is to achieve optimal user deployment for a given set of users, roles, and constraints. Here optimality is in the sense of maximizing the number of assignments of users to roles.

Our experimental results show the efficiency of the proposed approaches while generating close to optimal solutions.

Location and Address

3rd floor of the Information Sciences Building

135 N. Bellefield Avenue

Event category

Pitt Cyber Related Events