Role based access control is well accepted as the standard best practice for access control within applications and organizations. Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. The essential question is how to devise a complete and correct set of roles -- this depends on how you define goodness/interestingness (when is a role good/interesting?) We define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions. In addition to the above basic RMP, we introduce two different variations of the RMP, called the delta-approx RMP and the Minimal Noise RMP that have pragmatic implications. Our main contribution is to formally define RMP, analyze its theoretical bounds, and present heuristic solutions to find the optimal set of roles based on subset enumeration. We place this in the framework of matrix decomposition which is applicable to many other domains including text mining. \\
Dr. Vijay Atluri received her Ph.D. in Information Technology from George Mason University, USA. She is currently a Professor of Computer Information Systems in the MSIS Department, and research director for the Center for Information Management, Integration and Connectivity (CIMIC) at Rutgers University. Dr. Atluri's research interests include Information Systems Security, Privacy, Databases, Workflow Management, Spatial Databases, Multimedia and Distributed Systems. Currently, she serves as a member of the Steering Committee and the secretary/treasurer for ACM Special Interest Group on Security Audit and Control (SIGSAC), and chair of the IFIP WG11.3 on Data and Application Security.