An Approach for Hierarchical RBAC Reconfiguration With Minimal Perturbation

In recent years, role-based access control (RBAC) has become the de facto access control model due to its good applicability and high flexibility. Since the organizations need to update the access control policies to meet the changes in employees, departments, business processes, and so on. The RBAC system has to define new roles and becomes more and more bloated because it’s difficult to modify the role-permission assignment with no or minimal impact to other users and roles. Hence, there is a great need to reconfigure the RBAC system over time to reduce its structural complexity and keep as close as possible to the original. Several RBAC reconfiguration approaches have been proposed aiming at generating roles similar to the deployed ones, but they neglect the differences in deployed roles that some of them are useless for the system and generate more roles than needed, which in turn increases the system structure complexity. In this paper, we first propose three indicators to evaluate the quality of deployed roles and define the problem of hierarchy RBAC reconfiguration with minimal weight structure complexity and perturbation. Then, the hierarchy RBAC reconfiguration approach and its algorithm process are proposed to address the problem. To conclude, we demonstrate the effectiveness and stability of our approach through experiments.