A Model Study on Collaborative Learning and Exploration of RBAC Roles

Role-based access control (RBAC) can effectively guarantee the security of user system data. With its good flexibility and security, RBAC occupies a mainstream position in the field of access control. However, the complexity and time-consuming of the role establishment process seriously hinder the development and application of the RBAC model. The introduction of the assistant interactive question answering algorithm based on attribute exploration (semiautomatic heuristic way to build an RBAC system) greatly reduces the complexity of building a role system. However, there are some defects in the auxiliary interactive Q&A algorithm based on attribute exploration. The algorithm is not only unable to support multiperson collaborative work but also difficult to find qualified Q&A experts in practical work. Aiming at the above problems, this paper proposes a model collaborative learning and exploration of RBAC roles under the framework of attribute exploration. In this model, after interactive Q&A with experts in different permissions systems by using attribute exploration, the obtained results are merged and calculated to get the correct role system. This model not only avoids the time-consuming process of role requirement analysis but also provides a feasible scheme for collaborative role discovery in multidepartment permissions.


Introduction
With the development of the information system, information sharing among people becomes more and more convenient and fast. However, the "explosive" growth of the information system brings people convenient and quick access to information, and it also brings the problem of information security. It is not only the sharing of information between people that needs to be protected but also the information between industrial systems. For example, when computing matrix in the research field of Kalman filtering, multiple computing contents need to be encrypted [1,2].
To prevent the intrusion of illegal users or leakage caused by the careless operation of legal users, many solutions have been proposed [3,4]. For example, Lihua proposes a new privacy protection scheme, which plays a good role in protecting privacy [5]. Access control allows users to access system resources only according to their permissions setting and may not exceed their permissions. To ensure flexibility and security, role-based access control (RBAC) [6] has been widely studied and applied due to its good applicability and occupies a mainstream position in the access control model [7]. The RBAC model introduces roles between users and permissions; connects users and permissions with roles and grants and revokes access permissions to users by assigning and canceling roles to users; and realizes the logical separation of users and access permissions [8]. Flexibility in permission management and its high correlation with an enterprise's organizational structure greatly facilitate permission management [9].
However, the increasing complexity of the information system leads to the increasing complexity of the RBAC model system construction [10]. In the design and use of a traditional RBAC system, the relationship between "users and roles" and "roles and permissions" is dependent on the acquisition of system requirement information and the personal experience of administrators. With the increasing complexity and diversification of the information system, the number of users, resources, and permissions in access control is increasing, and the business process and related domain knowledge of information systems are becoming complex. As a result, designing and managing an RBAC system that meets the functional and security needs of users solely relying on human beings is challenging [11]. With the development and prosperity of machine learning has given us more ways and methods to solve problems, machine learning is applied in various fields [12]. Many scholars have also applied machine learning to information security, Sun proposes an ESS-based algorithm of balancing the QoS and privacy risk, which reaches a stable state of maintaining long-term service by multiple iterations [13], and Yin uses a recursive neural network for intrusion detection [14]. In addition, machine learning is also applied to various fields, such as hyperspectral image processing and classification [15,16]. With the prosperity and development of information system, information security combined with many research fields has been widely discussed and studied [17,18].
Among them, zhang Lei [19] proposed an auxiliary interactive question answering algorithm based on attribute exploration and used the attribute exploration algorithm to interact with experts to get the required roles and the partial order relationship between roles in the RBAC system. The reason why the attribute exploration algorithm [20] can obtain the roles and the partial order relationship between roles is that the attribute exploration algorithm is an important tool in the formal concept analysis [21]. Formal concept analysis is considered as a favorable tool for data analysis and knowledge description and has been widely used in data analysis [22], knowledge discovery [23], rule extraction [24], concept cognitive learning [25], and other fields. Among them, the important data structure-concept lattice [26] can well represent the partial order structure among data. Each lattice node on the concept lattice is composed of a group of intent and extent which have a natural correspondence with roles and permissions in role engineering. The role system mined by the concept lattice theory can not only reflect the hierarchical relationship between the roles but also ensure the correctness of the roles mined [27].
Although the auxiliary interactive question answering algorithm based on attribute exploration can accomplish the role design of RBAC with heuristic assistance, the traditional attribute algorithm relies on the complete system permissions knowledge. In practice, it is difficult to find people who have a good knowledge of all permissions, especially when the permissions are involved in multiple departments. For example, it is difficult to find an expert who knows all the permissions information well when constructing the role of the administration system in conjunction with the faculty system. This defect severely limits the development and application of the RBAC model.
In this paper, it is found that the Duquenne-Guigues and the set of roles obtained by the auxiliary interactive question answering algorithm based on attribute exploration have a close relationship with the whole system, but also have a close relationship with the local subsystem. Therefore, we can find an interactive domain expert in each one and merge the roles and Duquenne-Guigues of each system after the interaction of multiple systems is completed, to obtain the set of the Duquenne-Guigues and roles of the entire system. Therefore, this paper proposes a model collaborative learning and exploration of RBAC roles (RCLE). Under the framework of interactive Q&A of property exploration, a method is designed to support the role discovery of the same group of users under different permission systems. This model not only avoids the time-consuming process of role demand analysis and questionnaire survey in the process of role construction but also avoids the defects of the auxiliary interactive question and answer algorithm of attribute exploration in the construction of role system across departments.

Basic Definition
The relevant definitions used in this article are as follows [23,25,26]: Definition 1. An access security context K=ðU, M, IÞ is composed of two sets U, M, and I (the relationship between U and M). The element of U is called user (object), and the element of M is called permission (attribute). ðu, mÞ ∈ I or uIm means that user u has permission m. We use ðu, mÞ ∉ I, which means that user u does not have permission m.
If A and B satisfy that f ðAÞ = B and gðBÞ = A, then we call the binary group ðA, BÞ a concept. A is the extent of the concept ðA, BÞ, and B is the intent of the concept ðA, BÞ.
The computation of Definition 2 is carried out throughout the text. Definition 2 shows how to compute concepts in a given access security context. Since more than one formal context will be involved in the following paragraphs, for the convenience of distinguishing, f 1 ðAÞ and g 1 ðBÞ represent the calculation of f ðAÞ and gðBÞ on the formal context K 1 .
The concept of access security context K=ðU, M, IÞ has the following basic properties (∀A, A 1 , A 2 ⊆U,∀B, B 1 , B 2 ⊆M): is a pseudointent.

Wireless Communications and Mobile Computing
Definition 4 provides the conditions for the establishment of pseudointent. To prove whether an attribute set is a pseudointent, we only need to verify whether it meets the two conditions of Theorem 14.
Definition 5. Set K=ðU, M, IÞ is an access security context, According to the value dependence theory of concept lattice, the Duquenne-Guigues can produce all value dependence held in an access security context, namely, the implication relation of an attribute. It can be seen from definition 6 that the Duquenne-Guigues of access security context can be obtained as long as all pseudointents are found. The correlation judgment between attribute set and implication set in Definition 7 can be used in the calculation of pseudointent.
Definition 8. Let K=ðU, M, IÞ be an access security context, M = fm 1 , m 2 ⋯ m n g, and the permission (attribute) in M satisfies the basic linear order relationship ðm 1 < m 2 < · · < m n Þ. For any Definition 8 describes the lexicographical order relation of the property set < which is a linear order relation of 2 M . All property sets can be generated one by one according to the lexicographical order and tested one by one to see if the property set is a pseudointent or intent.

A Model for Collaborative Learning and Exploration of RBAC Roles
The attribute exploration algorithm interacts with domain experts by asking questions, traverses the attribute set in lexicographical order, and tests whether the set is pseudointent or intent. The use is the attribute set of the pseudointent to produce the implication, so as to construct the Duquenne-Guigues of the access security context and obtain the relevant context knowledge. Lexicographical order < is a linear order on the power set of all permission (attribute), which guarantees the completeness of the attribute exploration algorithm. In other words, the set of roles obtained by the traditional role discovery algorithm based on attribute exploration is complete. However, due to the lack of cooperation mecha-nism, traditional role discovery algorithms based on attribute exploration cannot build a role system across departments.
The key to the above problem is how to discover the set of roles and the implication relationship between permissions under multiple permission systems (Duquenne-Guigues). In this paper, we found that after the attribute exploration among different departments, we further analyzed and summarized the roles and Duquenne-Guigues under different permissions systems, so as to obtain the role construction of the crossdepartment permission system.

Basic Theorem.
To facilitate the elaboration, we first make the following definition.
Definition 9. Given an access security context K 1 = ðU 1 , M 1 , Definition 10. A model for collaborative learning and exploration of RBAC roles RCLE = ðK 1 , Based on the above definition, we have the following findings, which can be used as the theoretical basis of the RCLE model.
(2) Lastly, proof T is not pseudointent. If T satisfies the definition of the pseudointent (2), then each pseudointent Therefore, T does not satisfy the definition of pseudointent (2) that T is not a pseudointent in K.
Theorem 11 shows that the set of permissions (attributes) is neither intent nor pseudointent if it is not related to any implication in the Duquenne-Guigues. Because in the attribute exploration, only the set of permissions (attributes) that are intent or pseudointent are considered, and the set of permissions (attributes) that satisfy theorem 11 can be ignored and not calculated. Proof. Because D is related to JðKÞ, so by definition 7, we know that D is intent or pseudointent. D ∈ CðK 1 Þ, and then in K 1 , the users that coown the permission set D are g 1 ðDÞ.
According to definition 10,

RCLE Model Framework
Based on the above definitions and theorems, this section designs a model of RBAC role collaborative learning and exploration (RCLE) by referring to the framework of traditional attribute exploration algorithm and expert questions. the algorithm uses the traditional attribute exploration framework to discover the roles of different permissions system, then automatically revises the set of roles and the Duquenne-Guigues according to the obtained knowledge and the proposed theorem. In this way, we can get the required roles and the implication relationship between permissions and permissions of the system after the fusion of multiple systems. The model architecture is shown in Figure 1.

Wireless Communications and Mobile Computing
Using the attribute exploration algorithm, the role discovery algorithm interacts with system security managers in different departments to obtain the required set of roles (intent) and the set of implications between permissions (Duquenne-Guigues) in each department. The following is the specific process of the attribute exploration role discovery algorithm: At the beginning of the algorithm, the access security context is empty, the Duquenne-Guigues is empty, and the intent set is empty. Then, the set of attributes to be tested is continuously generated in lexicographic order, and an expert is asked if the implication with the attribute set as the preceding is true. If not, add a counterexample to the access security context and recalculate. If true, the attribute set is judged to be intent or pseudointent. If it is a pseudointent, then an implication form with the pseudointent added to the Duquenne-Guigues. If it is not a pseudointent, according to the value dependence of the concept lattice and the correlation theory of the attribute set, it must be intent, and then the attribute set is added to the intent set.
The set of roles and the Duquenne-Guigues obtained are substituted into the RCLE model, and the set of roles and the Duquenne-Guigues required in the system after multidepartment system fusion are calculated. At the initial stage of the algorithm, the access security context is the union of multiple access security contexts, the Duquenne-Guigues is empty, and the set of roles is empty. In line 1 of the algorithm to determine whether the algorithm has reached the end state. Inline 4-8 of the algorithm, it means that the permissions set belongs to the role set of departments 1; so, the permissions jointly owned by users in department 1 and department 2 are calculated. Line 9-13 of the algorithm indicates that the permission set belongs to the role set of department 2; so, the permissions jointly owned by users in department 2 who have B permission set are calculated in department 1. Algorithm 14-23 is the processing process of the B permission set. Line 24-28 of the algorithm is the process where B does not exist in the set of roles of department 1 and department 2, nor in their Duquenne-Guigues, where the findNextB algorithm calculates the next permission set of B ′ according to the correlation definition.

Example of the RCLE Algorithm Process
This section illustrates the running process of the RCLE model with an example. Access security context K 1 = ðU 1 , M 1 , I 1 Þ and U 1 = ð1, 2, 3, 4Þ represents (dean of faculty, dean of
It can be seen from the above algorithm example process that the RCLE model utilizes the traditional attribute exploration role discovery algorithm to interact with the system managers of multiple departments, so as to obtain the set of roles and the implication relation between permissions under the combination of multiple departments.

Experiment and Analysis
6.1. Experimental Design. In order to verify the performance of the model proposed in this paper, the random function simulation in the JAVA language MATH library is used to generate two sets of access security context as test data. The experimental design is divided into two aspects. The first aspect is to observe the change in the number of the implication relation (Duquenne-Guigues) by changing the experimental conditions. The second aspect is to change the experimental conditions to observe the changes in the number of roles (intent).
In the experiment, the algorithm traverses the access security context to answer the questions instead of the experts. The algorithm takes the randomly generated access security context as the objective access security context and traverses the entire access security context when judging whether the implication relation is true. If all users in the access security context meet the implication relation of this implication, the implication is considered to be true. Otherwise, it is considered that this implication relation is not valid, and a user is taken from the access security context and provided to the   The first group of experiments sets the access security context with the same number of users (objects) and the number of permissions (attributes) from 0 to 30 at an interval of 5 to test. The purpose of the test is to fix the number of users to change the number of permissions and observe the change in the number of implications. The test results are shown in Figure 2.
The second group sets the number of access security context with the same number of permissions (attributes), and the number of users (objects) is tested from 0 to 300 at intervals of 50. The purpose of testing is to fix the number of permissions, change the number of users, and observe the change of the number of implications. The test results are shown in Figure 3.
The third group of experiments sets access security context with the same number of users (objects) and the number of permissions (attributes) from 0 to 30 at an interval of 5 to test. The purpose of the test is to fix the number of users, change the number of permissions, and observe the change in the number of roles. The test results are shown in Figure 4.
The fourth group sets the number of access security context with the same number of permissions (attributes), and the number of users (objects) is tested from 0 to 300 at inter-vals of 50. The purpose of the test is to fix the number of permissions, change the number of users, and watch the number of roles change. The test results are shown in Figure 5.
6.2. Experimental Analysis. The first, second, third, and fourth groups of experiments show that whether the number of fixed objects, changing the number of attributes, or the number of fixed attributes, changing the number of objects, the implication relationship, and role (intent) increase with the scale expansion of the access security context.
The RCLE model proposed in this paper not only avoids the time-consuming and labor-consuming process of role requirement analysis and questionnaire survey in the process of role construction but also solves the defects of the traditional auxiliary interactive question and answer algorithm based on attribute exploration, which does not support crossdepartments.

Conclusion
Because of the defect that the traditional semiautomatic heuristic method for constructing the RBAC system cannot construct a role system in different permission system departments, this paper proposes a model of RBAC role cooperative learning and exploration. Based on the local access security context, three theorems are summarized from the local point of view, and the proposed theorems are proved by mathematical rigor. Finally, a model of RCLE is given according to the theorems. The model uses the traditional attribute exploration role    7 Wireless Communications and Mobile Computing discovery method to construct the role system of different permission systems, and then according to the theorem proposed in this paper, calculates the role system of the multiple departments. Because the RCLE model greatly saves the timeconsuming steps in the process of role to formulate and has characteristic of the interdepartmental build role, and so here we will further the development of tools for easier operation and makes the model able to get the more extensive application and development.

Data Availability
The data used to support the findings of this study are included within the article.

Conflicts of Interest
The authors declare that there is no conflict of interest regarding the publication of this paper.