{"id":"https://openalex.org/W3032278292","doi":"https://doi.org/10.1145/3381991.3395597","title":"Informed Privilege-Complexity Trade-Offs in RBAC Configuration","display_name":"Informed Privilege-Complexity Trade-Offs in RBAC Configuration","publication_year":2020,"publication_date":"2020-05-29","ids":{"openalex":"https://openalex.org/W3032278292","doi":"https://doi.org/10.1145/3381991.3395597","mag":"3032278292"},"language":"en","primary_location":{"id":"doi:10.1145/3381991.3395597","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3381991.3395597","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3381991.3395597","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3381991.3395597","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018394419","display_name":"Jon Currey","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jon Currey","raw_affiliation_strings":["HashiCorp Inc., San Francisco, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"HashiCorp Inc., San Francisco, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074012389","display_name":"Robbie McKinstry","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Robbie McKinstry","raw_affiliation_strings":["HashiCorp Inc., San Francisco, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"HashiCorp Inc., San Francisco, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022278444","display_name":"Armon Dadgar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Armon Dadgar","raw_affiliation_strings":["HashiCorp Inc., San Francisco, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"HashiCorp Inc., San Francisco, CA, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063188160","display_name":"Mark Gritter","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mark Gritter","raw_affiliation_strings":["HashiCorp Inc., San Francisco, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"HashiCorp Inc., San Francisco, CA, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1019,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.85269493,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"119","last_page":"130"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9805999994277954,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.75458824634552},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.7496705651283264},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6943089365959167},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.6020974516868591},{"id":"https://openalex.org/keywords/minification","display_name":"Minification","score":0.5944721698760986},{"id":"https://openalex.org/keywords/pareto-principle","display_name":"Pareto principle","score":0.547754168510437},{"id":"https://openalex.org/keywords/mathematical-optimization","display_name":"Mathematical optimization","score":0.5000715255737305},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.5000581741333008},{"id":"https://openalex.org/keywords/range","display_name":"Range (aeronautics)","score":0.46613380312919617},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.34467971324920654},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.3029137849807739},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2658514380455017},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.12818020582199097},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.10333418846130371},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09884101152420044}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.75458824634552},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.7496705651283264},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6943089365959167},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.6020974516868591},{"id":"https://openalex.org/C147764199","wikidata":"https://www.wikidata.org/wiki/Q6865248","display_name":"Minification","level":2,"score":0.5944721698760986},{"id":"https://openalex.org/C137635306","wikidata":"https://www.wikidata.org/wiki/Q182667","display_name":"Pareto principle","level":2,"score":0.547754168510437},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.5000715255737305},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.5000581741333008},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.46613380312919617},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.34467971324920654},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.3029137849807739},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2658514380455017},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.12818020582199097},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.10333418846130371},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09884101152420044},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3381991.3395597","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3381991.3395597","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3381991.3395597","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3381991.3395597","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3381991.3395597","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3381991.3395597","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3032278292.pdf","grobid_xml":"https://content.openalex.org/works/W3032278292.grobid-xml"},"referenced_works_count":44,"referenced_works":["https://openalex.org/W78464240","https://openalex.org/W149396756","https://openalex.org/W299491630","https://openalex.org/W1506871974","https://openalex.org/W1558919105","https://openalex.org/W1595498733","https://openalex.org/W1968110920","https://openalex.org/W1975960070","https://openalex.org/W1981986848","https://openalex.org/W1986294018","https://openalex.org/W1988190983","https://openalex.org/W2001847277","https://openalex.org/W2008499862","https://openalex.org/W2018616316","https://openalex.org/W2024060531","https://openalex.org/W2043978338","https://openalex.org/W2054075152","https://openalex.org/W2065076704","https://openalex.org/W2078074581","https://openalex.org/W2090178682","https://openalex.org/W2095881341","https://openalex.org/W2098907614","https://openalex.org/W2103317919","https://openalex.org/W2107801860","https://openalex.org/W2133523155","https://openalex.org/W2137577559","https://openalex.org/W2138683527","https://openalex.org/W2140965492","https://openalex.org/W2141752622","https://openalex.org/W2148548837","https://openalex.org/W2148615815","https://openalex.org/W2154765153","https://openalex.org/W2161358272","https://openalex.org/W2163328802","https://openalex.org/W2277593056","https://openalex.org/W2286632445","https://openalex.org/W2302640900","https://openalex.org/W2344934367","https://openalex.org/W2562751797","https://openalex.org/W2752228602","https://openalex.org/W2793789686","https://openalex.org/W2902703717","https://openalex.org/W2964075550","https://openalex.org/W3029579966"],"related_works":["https://openalex.org/W2372156812","https://openalex.org/W2374393728","https://openalex.org/W2386545329","https://openalex.org/W2382286253","https://openalex.org/W2356011375","https://openalex.org/W1795360416","https://openalex.org/W2392979115","https://openalex.org/W1969771171","https://openalex.org/W2354198089","https://openalex.org/W819284483"],"abstract_inverted_index":{"Role-Based":[0],"Access":[1],"Control":[2],"(RBAC)":[3],"has":[4],"the":[5,31,84,111,129,154,175,184,196],"potential":[6],"both":[7],"to":[8,30,83,89,128,157,164],"simplify":[9,40],"administration":[10,41],"and":[11,36,93,148,153,181],"improve":[12],"an":[13,70,77],"organization's":[14],"security.":[15],"But":[16],"for":[17,172],"non-trivial":[18],"configurations,":[19],"there":[20],"is":[21,110],"a":[22,52,64,167,202],"conflict":[23],"between":[24],"defining":[25],"fine-grained":[26],"roles":[27,38],"which":[28,39,57,177],"adhere":[29],"principle":[32,85],"of":[33,60,81,86,101,107,113,116,131,170,183,187,198,205],"least":[34,87],"privilege,":[35],"coarse-grained":[37],"by":[42,174],"reducing":[43],"configuration":[44,102],"complexity.":[45,103],"In":[46],"this":[47,124,199],"paper":[48],"we":[49,144],"propose":[50],"OnPar,":[51],"multi-objective":[53],"role":[54,65,158],"mining":[55,66],"approach":[56,109,200],"introduces":[58],"minimization":[59,100],"unnecessary":[61,72],"privilege":[62,73,88],"as":[63],"objective,":[67],"along":[68],"with":[69],"associated":[71],"metric.":[74],"These":[75],"allow":[76],"RBAC":[78],"configuration's":[79],"level":[80],"adherence":[82],"be":[90],"reasoned":[91],"about":[92],"traded":[94],"off":[95],"against":[96],"other":[97],"objectives,":[98],"including":[99],"A":[104],"key":[105],"feature":[106],"our":[108],"elimination":[112],"user":[114],"tuning":[115,125],"global":[117],"optimization":[118],"weights.":[119],"We":[120],"show":[121],"experimentally":[122],"that":[123,189],"typically":[126],"leads":[127],"evaluation":[130,173],"sub-optimal":[132],"candidates,":[133],"while":[134],"still":[135],"missing":[136],"many":[137],"optimal":[138],"candidates.":[139],"To":[140],"avoid":[141],"these":[142],"issues":[143],"leverage":[145],"Pareto":[146,151],"optimality":[147],"introduce":[149],"multi-stage":[150],"filtering":[152],"hypervolume":[155],"indicator":[156],"mining.":[159],"Their":[160],"use":[161],"allows":[162],"OnPar":[163],"efficiently":[165],"select":[166],"small":[168],"set":[169],"candidates":[171],"administrator,":[176],"are":[178],"equal":[179],"best":[180],"representative":[182],"full":[185],"range":[186,204],"trade-offs":[188],"were":[190],"found.":[191],"Our":[192],"experimental":[193],"results":[194],"demonstrate":[195],"effectiveness":[197],"across":[201],"wide":[203],"input":[206],"configurations.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}