Computer Science ›› 2020, Vol. 47 ›› Issue (5): 313-318.doi: 10.11896/jsjkx.190800051

• Information Security • Previous Articles    

Role Dynamic Adjustment Algorithm for Resisting Insider Threat

PAN Heng1, LI Jing feng2, MA Jun hu3   

  1. 1 Research Institute of Advanced Information Technology,Zhongyuan University of Technology,Zhengzhou 450007,China
    2 PLA Information Engineering University,Zhengzhou 450001,China
    3 PLA Air Force 93010 Unit,Shenyang 110016,China
  • Received:2019-08-12 Online:2020-05-15 Published:2020-05-19
  • About author:PAN Heng,born in 1977,Ph.D,associa-te professor,is a member of China Computer Federation.Her main research interests include Security risk assessment of information System,Network security situation awareness and blockchain technology.
    LI Jing-feng,born in 1977,Ph.D,asso-ciate professor.His main research interests include information system security technologies and information security guarantee.
  • Supported by:
    This work was supported by the Foundation of Priority Fundamental Research Project of Institutions of Higher Education of Henan Province,China (19A520047) and Foundation of Independent Innovation Application Research of Zhongyuan University of Technology,China(K2018YY017).

Abstract: Due to derivations in current role definition from the changes of the bossiness process and information infrastructure,organizations are vulnerable to internal threat.A role dynamic adjustment algorithm is proposed based on the defensive idea of changing the set of roles within the organization regularly and reasonably.The algorithm defines an objective function with adjusting parameters to balance the two elements,which are the user privilege actual use data and the system administrator expert knowledge.Based on heuristic search strategy and sub-set pairing technique,a group of candidate roles are obtained.From these roles,a set of adjusting roles which can achieve a predefined score are obtained,by using a certain heuristic function.Finally,in order to reduce role redundancy,the users of the organization are reassign the roles from the adjusting roles,so getting a new Role-Based Access Control(RBAC) configuration.By using the audit logs from a hospital management system,the performance of the RDA is analyzed.The experimental results show that the proposed algorithm can efficiently adjust the RBAC configuration for the special organization,so it can provide concrete base for resisting the insider threats.

Key words: Insider threats, Role based access control, Heuristic search strategy, One class support vector machine, Dynamic adjustment

CLC Number: 

  • TP191
[1] WANG G F,LIU C Y,PAN H Z,et al.Survey on InsiderThreats to Cloud Computing [J].Chinese Journal of Compu-ters,2017,40(2):296-316.
[2] POVEY D.Optimistic security:A new access control paradigm[C]//Proceedings of the 1999 Workshop on New Security Paradigms.New York:ACM,1999:40-45.
[3] COYNE E J.Role engineering [C]//Proceedings of the First ACM Work Shop on Role Based Access Control.New York:ACM,1996.
[4] ZHOU C,REN Z Y,WU W C.Semantic Roles Mining Algorithms Based on Formal Concept Analysis [J].Computer Science,2018,45(12):117-122,129.
[5] ZHANG L,ZHANG H L,HAN D J,et al.The Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice [J].Acta Electronica Sinica,2014,42(12):2371-2378.
[6] ZHAI Z G,WANG J D,CAO Z N,et al.Hybrid Role Mining Methods with Minimal Perturbation [J].Journal of Computer Research and Development,2013,50(5):951-960.
[7] SANDHU R S,COYNEE J,FEINSTEINH L,et al.Role-based Access Control models [J].Computer,1999,29(2):38-47.
[8] ZHANG D,EBRINGER T,RAMAMOHANARAO K.Role Engineering Using Graph Optimization[C]//Proceedings of The 10th ACM Symposium on Access Control Models and Technologies.New York:ACM,2017:139-144.
[9] HAVELIWALA T H,GIONIS A,KLEIN D D,et al.Evaluating Strategies for Similarity Search on the Web[C]//Proceedings of the 11th International Conference on the World Wide Web.New York:ACM,2002:432-442.
[10] SCHAAD A,MOFFETT J,JACOB J.The Role-based Access Control System of a European Bank:a Case Study and Discussion [C]//Proceedings of the 6th ACM Symposium on Access Control Models and Technologies.New York: ACM,2001:3-9.
[11] GAREY M R,DAVID S J.Computers and Intractability:AGuide to the Theory of NP-Completeness [M].New York:W.H.Freeman and Company,1990:320-334.
[12] SANDHU R S.Lattice-based Access Control Models [J].IEEE Computer,1993,26(11):9-19.
[13] CLAESEN M,DE SMET F,SUYKENS J A K,et al.EnsembleSVM:A Library for Ensemble Learning Using Support Vector Machines[J].Journal of Machine Learning Research,2014,15(1):141-145.
[14] MOLLOY I,PARK Y,CHARI S.Generative Models for Access Control Policies:Applications to Role Mining Over Logs with Attribution[C]//Proceedings of the 17th ACM SACMAT.New York:ACM,2012:45-56.
[1] HAN Dao-jun. Acquiring Minimal Role Set Algorithm in Role Engineering [J]. Computer Science, 2017, 44(8): 115-123.
[2] ZHAO Bo, ZHAO Rong-cai, XU Jin-long and GAO Wei. Method of Progressive Intelligent Backtracking Vector Code Adjustment and Optimization [J]. Computer Science, 2015, 42(1): 50-53.
[3] WANG Cong-jiao,WANG Xi-huai and XIAO Jian-mei. Improved Differential Evolution Algorithm Based on Dynamic Adaptive Strategies [J]. Computer Science, 2013, 40(11): 265-270.
[4] . Field-sensitive Memory Model for Memory Safety of Heap-manipulating Programs [J]. Computer Science, 2012, 39(9): 109-114.
[5] LI Han,GUO He,WANG Yu-xin,LU Guo-ji,YANG Yuan-sheng. Using RBAC-based Approach to Integrate Access Control Policies in Legacy Systems [J]. Computer Science, 2011, 38(7): 126-129.
[6] JI Wen-qian,LI Zhou-jun,CHAO Wen-han,CHEN Xiao-ming. Automatic Abstracting System Based on Improved LexRank Algorithm [J]. Computer Science, 2010, 37(5): 151-154.
[7] . [J]. Computer Science, 2007, 34(3): 283-285.
[8] LEI Xiang-Dong ZHAO Yue-Long CHEN Song-Qiao YUAN Xiao-Li (College of Information Science and Engineering, Central South University, Changsha 410083). [J]. Computer Science, 2007, 34(12): 100-103.
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .