Thursday, April 30, 2009

In Munich, for "European Identity Conference 09" next week?

The Kuppinger Cole European Identity Conference 09 will take place on May 05 - 08, 2009 in Munich - Germany. It is Europe's largest Conference on Identity & Access Management with more than 50 exhibitors.

This event is a great networking opportunity for smart, innovative, and forward thinking people to get together to learn about and discuss today's most significant technology topics on IAM.

Complete details are available here, so come visit Engiweb Security's booth, or attend one of the three panels were we will be speaking.

Also, Engineering Ingegneria Informatica will be presenting a case study based on our IDEAS Platform at 15:00 on Tuesday, May 5. It will be a highly informative speech, so I hope you will attend.
I hope to see you next week.

Wednesday, January 7, 2009

Alessandro strikes again!

Two new Technical Papers, “Mining Stable Roles in RBAC”, and “A Probabilistic Bound on the Basic Role Mining Problem and its Applications” have been recently accepted and will be presented, by my colleague Alessandro Colantonio, at the coming IFIP/SEC-2009- 24th IFIP International Information Security Conference, Pafos, Cyprus, May 18-20, 2008.

I am not an expert in the used theoretical and mathematical concepts, but I find the global effort to minimize complexity very insightful. Clearly, keeping the number of different roles sufficiently small is an important aspects. But there are many other aspects being equally important, in particular roles should reflect the organizational structure, should be acceptable by human users, easy to update, and should consider business constraints. The papers highlight some basic features on which Engiweb Security “IDEAS Role Constructor” module is based.

The abstracts:

A Probabilistic Bound on the Basic Role Mining Problem and its Applications
In this paper we describe a new probabilistic approach to the role engineering process for RBAC. In particular, we address the issue of minimizing the number of roles, problem known in literature as the Basic Role Mining Problem (basicRMP). We leverage the equivalence of the above issue with the vertex coloring problem. Our main result is the proof that the minimum number of roles is sharply concentrated around its expected value. A further contribution is to show how this result can be applied as a stop condition when striving to find out an approximation for the basicRMP.
We also show that the proposal can be used to decide whether it is advisable to undertake the efforts to renew an RBAC state. Note that both these applications can result in a substantial saving of resources. A thorough analysis using advanced probabilistic tools supports our results.
Finally, further relevant research directions are also highlighted.

Mining Stable Roles in RBAC
In this paper we address the problem of generating a candidate role set for an RBAC configuration that enjoys the following two key features: it minimizes the administration cost; and, it is a stable candidate role-set.
To achieve these goals, we implement a three steps methodology: first, we associate a weight to roles; second, we identify and remove the user-permission assignments that can not belong to a role having a weight exceeding a given threshold; third, we restrict the problem of finding a candidate role-set for the given system configuration using only the user-permission assignments that have not been removed in step two (that is, user-permission assignments that belong to roles having a weight exceeding the given threshold). We formally show-proof of our results are rooted in graph theory-that this methodology achieves the intended goals.
Finally, we discuss practical applications of our approach to the role mining problem.

Authors: Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Verde.

If you are interested in receiving the full texts, please send me an e-mail: my surname at eng dot it.