Engiweb Security

Rome, Italy

Engiweb Security

Rome, Italy

Time filter

Source Type

Colantonio A.,Engiweb Security | Di Pietro R.,Third University of Rome | Ocello A.,Engiweb Security | Verde N.V.,Third University of Rome
Proceedings of the ACM Symposium on Applied Computing | Year: 2010

Missing values frequently pose problems in binary matrices analysis since they can hinder downstream analysis of the datasets. Despite the presence of many imputation methods that have been developed to substitute missing values with estimated values, these available techniques have some common disadvantages: they need to fix some parameters (e.g., number of patterns, number of rows to consider) to estimate missing values - with little theoretical support to determine these parameters -; and, missing values need to be recomputed from scratch as parameters change. In this paper we propose a novel algorithm (ABBA: Adaptive Bicluster-Based Approach) that does not have the above limitations. Further, a formal framework that justifies the rationales behind ABBA is detailed. Finally, experimental results over both synthetic and real data confirm the viability of our approach and the quality of the results, that overcomes the ones achieved by the main competing algorithm (KNN). © 2010 ACM.


Colantonio A.,Engiweb Security | Colantonio A.,Third University of Rome | Di Pietro R.,Third University of Rome | Ocello A.,Engiweb Security | Verde N.V.,Third University of Rome
Computers and Security | Year: 2010

In this paper we address the problem of reducing the role mining complexity in RBAC systems. To this aim, we propose a three steps methodology: first, we associate a weight to roles; second, we identify user-permission assignments that cannot belong to roles with a weight exceeding a given threshold; and third, we restrict the role-finding problem to user-permission assignments identified in the second step. We formally show - the proofs of our results are rooted in graph theory - that this methodology allows role engineers for the elicitation of stable candidate roles, by contextually simplifying the role selection task. Efficient algorithms to implement our strategy are also described. Further, we discuss practical applications of our approach. Finally, we tested our methodology on real dataset. Results achieved confirm both the viability of our proposal and the analytical findings. © 2009 Elsevier Ltd. All rights reserved.


Colantonio A.,Engiweb Security | Colantonio A.,Third University of Rome | Di Pietro R.,Third University of Rome | Ocello A.,Engiweb Security | Verde N.V.,Third University of Rome
Decision Support Systems | Year: 2011

Role-based access control (RBAC) allows to effectively manage the risk derived from granting access to resources, provided that designed roles are business-driven. Role mining represents an essential tool for role engineers, but existing techniques are not able to elicit roles with an associated clear business meaning. Hence, it is difficult to mitigate risk, to simplify business governance, and to ensure compliance throughout the enterprise. To elicit meaningful roles, we propose a methodology where data to analyze are decomposed into smaller subsets according to the provided business information. We introduce two indices, minability and similarity, that drive the decomposition process by providing the expected complexity to find roles with business meaning. The proposed methodology is rooted on a sound theoretical framework. Moreover, experiments on real enterprise data support its effectiveness. © 2010 Elsevier B.V. All rights reserved.


Colantonio A.,Engiweb Security | Colantonio A.,Third University of Rome | Di Pietro R.,Third University of Rome | Ocello A.,Engiweb Security | Verde N.V.,Third University of Rome
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse. © 2010 IFIP International Federation for Information Processing.

Loading Engiweb Security collaborators
Loading Engiweb Security collaborators