Abstract
Rolebased access control (RBAC) can effectively guarantee the security of user system data. With its good flexibility and security, RBAC occupies a mainstream position in the field of access control. However, the complexity and timeconsuming of the role establishment process seriously hinder the development and application of the RBAC model. The introduction of the assistant interactive question answering algorithm based on attribute exploration (semiautomatic heuristic way to build an RBAC system) greatly reduces the complexity of building a role system. However, there are some defects in the auxiliary interactive Q&A algorithm based on attribute exploration. The algorithm is not only unable to support multiperson collaborative work but also difficult to find qualified Q&A experts in practical work. Aiming at the above problems, this paper proposes a model collaborative learning and exploration of RBAC roles under the framework of attribute exploration. In this model, after interactive Q&A with experts in different permissions systems by using attribute exploration, the obtained results are merged and calculated to get the correct role system. This model not only avoids the timeconsuming process of role requirement analysis but also provides a feasible scheme for collaborative role discovery in multidepartment permissions.
1. Introduction
With the development of the information system, information sharing among people becomes more and more convenient and fast. However, the “explosive” growth of the information system brings people convenient and quick access to information, and it also brings the problem of information security. It is not only the sharing of information between people that needs to be protected but also the information between industrial systems. For example, when computing matrix in the research field of Kalman filtering, multiple computing contents need to be encrypted [1, 2].
To prevent the intrusion of illegal users or leakage caused by the careless operation of legal users, many solutions have been proposed [3, 4]. For example, Lihua proposes a new privacy protection scheme, which plays a good role in protecting privacy [5]. Access control allows users to access system resources only according to their permissions setting and may not exceed their permissions. To ensure flexibility and security, rolebased access control (RBAC) [6] has been widely studied and applied due to its good applicability and occupies a mainstream position in the access control model [7]. The RBAC model introduces roles between users and permissions; connects users and permissions with roles and grants and revokes access permissions to users by assigning and canceling roles to users; and realizes the logical separation of users and access permissions [8]. Flexibility in permission management and its high correlation with an enterprise’s organizational structure greatly facilitate permission management [9].
However, the increasing complexity of the information system leads to the increasing complexity of the RBAC model system construction [10]. In the design and use of a traditional RBAC system, the relationship between “users and roles” and “roles and permissions” is dependent on the acquisition of system requirement information and the personal experience of administrators. With the increasing complexity and diversification of the information system, the number of users, resources, and permissions in access control is increasing, and the business process and related domain knowledge of information systems are becoming complex. As a result, designing and managing an RBAC system that meets the functional and security needs of users solely relying on human beings is challenging [11]. With the development and prosperity of machine learning has given us more ways and methods to solve problems, machine learning is applied in various fields [12]. Many scholars have also applied machine learning to information security, Sun proposes an ESSbased algorithm of balancing the QoS and privacy risk, which reaches a stable state of maintaining longterm service by multiple iterations [13], and Yin uses a recursive neural network for intrusion detection [14]. In addition, machine learning is also applied to various fields, such as hyperspectral image processing and classification [15, 16]. With the prosperity and development of information system, information security combined with many research fields has been widely discussed and studied [17, 18].
Among them, zhang Lei [19] proposed an auxiliary interactive question answering algorithm based on attribute exploration and used the attribute exploration algorithm to interact with experts to get the required roles and the partial order relationship between roles in the RBAC system. The reason why the attribute exploration algorithm [20] can obtain the roles and the partial order relationship between roles is that the attribute exploration algorithm is an important tool in the formal concept analysis [21]. Formal concept analysis is considered as a favorable tool for data analysis and knowledge description and has been widely used in data analysis [22], knowledge discovery [23], rule extraction [24], concept cognitive learning [25], and other fields. Among them, the important data structureconcept lattice [26] can well represent the partial order structure among data. Each lattice node on the concept lattice is composed of a group of intent and extent which have a natural correspondence with roles and permissions in role engineering. The role system mined by the concept lattice theory can not only reflect the hierarchical relationship between the roles but also ensure the correctness of the roles mined [27].
Although the auxiliary interactive question answering algorithm based on attribute exploration can accomplish the role design of RBAC with heuristic assistance, the traditional attribute algorithm relies on the complete system permissions knowledge. In practice, it is difficult to find people who have a good knowledge of all permissions, especially when the permissions are involved in multiple departments. For example, it is difficult to find an expert who knows all the permissions information well when constructing the role of the administration system in conjunction with the faculty system. This defect severely limits the development and application of the RBAC model.
In this paper, it is found that the Duquenne–Guigues and the set of roles obtained by the auxiliary interactive question answering algorithm based on attribute exploration have a close relationship with the whole system, but also have a close relationship with the local subsystem. Therefore, we can find an interactive domain expert in each one and merge the roles and Duquenne–Guigues of each system after the interaction of multiple systems is completed, to obtain the set of the Duquenne–Guigues and roles of the entire system.
Therefore, this paper proposes a model collaborative learning and exploration of RBAC roles (). Under the framework of interactive Q&A of property exploration, a method is designed to support the role discovery of the same group of users under different permission systems. This model not only avoids the timeconsuming process of role demand analysis and questionnaire survey in the process of role construction but also avoids the defects of the auxiliary interactive question and answer algorithm of attribute exploration in the construction of role system across departments.
2. Basic Definition
The relevant definitions used in this article are as follows [23, 25, 26]:
Definition 1. An access security context = is composed of two sets , , and (the relationship between and ). The element of is called user (object), and the element of is called permission (attribute). or means that user has permission . We use, which means that user does not have permission .
Definition 2. Set = that is an access security context, if,, then write
If and satisfy that and , then we call the binary group a . is the of the concept , and is the of the concept .
The computation of Definition 2 is carried out throughout the text. Definition 2 shows how to compute concepts in a given access security context. Since more than one formal context will be involved in the following paragraphs, for the convenience of distinguishing, and represent the calculation of and on the formal context .
The concept of access security context= has the following basic properties (∀⊆,∀⊆):
Property 3. ⊆⇒⊆; ⊆⇒⊆; ⊆; ⊆; if =, then is intent on the access security contextK.
Definition 4. Set is an access security context, , and satisfies (1)(2)Each pseudointent has. Then, is a pseudointent.Definition 4 provides the conditions for the establishment of pseudointent. To prove whether an attribute set is a pseudointent, we only need to verify whether it meets the two conditions of Theorem 14.
Definition 5. Set = is an access security context, , ⊆. if , then is true in.
Definition 6. If = is an access security context, then the value dependency set { is the pseudointent of } which is the Duquenne–Guigues of .
Definition 7. Given access security context =, implication set , and implication formula , the attribute set if and only if ⊆ or ⊆, called , is associated with. If is related to all the implication forms in , then is related to .
According to the value dependence theory of concept lattice, the Duquenne–Guigues can produce all value dependence held in an access security context, namely, the implication relation of an attribute. It can be seen from definition 6 that the Duquenne–Guigues of access security context can be obtained as long as all pseudointents are found. The correlation judgment between attribute set and implication set in Definition 7 can be used in the calculation of pseudointent.
Definition 8. Let = be an access security context,, and the permission (attribute) in satisfies the basic linear order relationship . For any if and only if there is and , the lexicographical order of attribute set is less than the lexicographical order of permission (attribute)set , denoted as .
Definition 8 describes the lexicographical order relation of the property set < which is a linear order relation of . All property sets can be generated one by one according to the lexicographical order and tested one by one to see if the property set is a pseudointent or intent.
3. A Model for Collaborative Learning and Exploration of RBAC Roles
The attribute exploration algorithm interacts with domain experts by asking questions, traverses the attribute set in lexicographical order, and tests whether the set is pseudointent or intent. The use is the attribute set of the pseudointent to produce the implication, so as to construct the Duquenne–Guigues of the access security context and obtain the relevant context knowledge. Lexicographical order < is a linear order on the power set of all permission (attribute), which guarantees the completeness of the attribute exploration algorithm. In other words, the set of roles obtained by the traditional role discovery algorithm based on attribute exploration is complete. However, due to the lack of cooperation mechanism, traditional role discovery algorithms based on attribute exploration cannot build a role system across departments.
The key to the above problem is how to discover the set of roles and the implication relationship between permissions under multiple permission systems (Duquenne–Guigues). In this paper, we found that after the attribute exploration among different departments, we further analyzed and summarized the roles and Duquenne–Guigues under different permissions systems, so as to obtain the role construction of the crossdepartment permission system.
3.1. Basic Theorem
To facilitate the elaboration, we first make the following definition.
Definition 9. Given an access security context and , , and that meet then called is consistent with.
Definition 10. A model for collaborative learning and exploration of RBAC roles ,, , , and , , represents the relationship between and . and are consistent in and , , ,, and , respectively, and represent the Duquenne–Guigues and intent of and .
Based on the above definition, we have the following findings, which can be used as the theoretical basis of the model.
Theorem 11. Given an access security context , the Duquenne–Guigues , and implication formula , if the attribute set isand if , , the attribute set in the access security context is neither intent nor pseudointent.
Proof. Firstly, proof is not intent. , , we knew from property 3 that , then , . Subtract from both ends of and get . And because , then . Because , then . Add to both ends of , get . Because , therefore, , , is not intent.
(2) Lastly, proof is not pseudointent. If satisfies the definition of the pseudointent (2), then each pseudointent must meet, because. Thus, in , is a pseudointent. Because of ,. Therefore, does not satisfy the definition of pseudointent (2) that is not a pseudointent in .
Theorem 11 shows that the set of permissions (attributes) is neither intent nor pseudointent if it is not related to any implication in the Duquenne–Guigues. Because in the attribute exploration, only the set of permissions (attributes) that are intent or pseudointent are considered, and the set of permissions (attributes) that satisfy theorem 11 can be ignored and not calculated.
Theorem 12. , , , access security context, and the Duquenne–Guigues ofis. The permission set is related to, . If then . If , then .
Proof. Because is related to, so by definition 7, we know that is intent or pseudointent. , then in , the users that coown the permission set are . According to definition 10,. Because , so . If , then is a pseudointent; so, . If , then is an intent, so .
Inference 13. , , , access security context, and the Duquenne–Guigues of are . The permission set is related to, . If , then . If , then .
Theorem 14. , , , access security context, and the Duquenne–Guigues of are . The permission set is related to,. If , then . If , then .
Proof. Because is related to, so by definition 7, we know that is intent or pseudointent. , and then in , the users that coown the permission set are . According to definition 10,. Because , so . If , then is a pseudointent, so . If , then is an intent, so .
Inference 15. , , , access security context, and the Duquenne–Guigues of are . The permission set is related to, . If , then . If , then .
Theorems 12 and 14 show that in the model, if a permission set is related to the Duquenne–Guigues of an access security context, then we can use the results obtained in the subdivision to carry out the union operation with the results calculated by other departments and judge whether the obtained results are intent or pseudointent.
4. RCLE Model Framework
Based on the above definitions and theorems, this section designs a model of RBAC role collaborative learning and exploration () by referring to the framework of traditional attribute exploration algorithm and expert questions. the algorithm uses the traditional attribute exploration framework to discover the roles of different permissions system, then automatically revises the set of roles and the Duquenne–Guigues according to the obtained knowledge and the proposed theorem. In this way, we can get the required roles and the implication relationship between permissions and permissions of the system after the fusion of multiple systems. The model architecture is shown in Figure 1.

Using the attribute exploration algorithm, the role discovery algorithm interacts with system security managers in different departments to obtain the required set of roles (intent) and the set of implications between permissions (Duquenne–Guigues) in each department. The following is the specific process of the attribute exploration role discovery algorithm:
At the beginning of the algorithm, the access security context is empty, the Duquenne–Guigues is empty, and the intent set is empty. Then, the set of attributes to be tested is continuously generated in lexicographic order, and an expert is asked if the implication with the attribute set as the preceding is true. If not, add a counterexample to the access security context and recalculate. If true, the attribute set is judged to be intent or pseudointent. If it is a pseudointent, then an implication form with the pseudointent added to the Duquenne–Guigues. If it is not a pseudointent, according to the value dependence of the concept lattice and the correlation theory of the attribute set, it must be intent, and then the attribute set is added to the intent set.
The set of roles and the Duquenne–Guigues obtained are substituted into the model, and the set of roles and the Duquenne–Guigues required in the system after multidepartment system fusion are calculated. At the initial stage of the algorithm, the access security context is the union of multiple access security contexts, the Duquenne–Guigues is empty, and the set of roles is empty. In line 1 of the algorithm to determine whether the algorithm has reached the end state. Inline 48 of the algorithm, it means that the permissions set belongs to the role set of departments 1; so, the permissions jointly owned by users in department 1 and department 2 are calculated. Line 913 of the algorithm indicates that the permission set belongs to the role set of department 2; so, the permissions jointly owned by users in department 2 who have permission set are calculated in department 1. Algorithm 1423 is the processing process of the permission set. Line 2428 of the algorithm is the process where does not exist in the set of roles of department 1 and department 2, nor in their Duquenne–Guigues, where the algorithm calculates the next permission set of according to the correlation definition.

5. Example of the Algorithm Process
This section illustrates the running process of the model with an example. Access security context and represents (dean of faculty, dean of teaching, dean of research, dean of academic affairs), and represents (student curriculum management, teacher information management, graduate employment information management, scientific research information management). The specific permission information is shown in Table 1. Access security context, , represents (student information management, student registration information management, student status management, student curriculum review, student curriculum development and modification). The specific permission information is shown in Table 2. The permissions 。
Get by using the attribute exploration role discovery algorithm , , , and and plug , , , into the algorithm. (1)The algorithm starts at =.(2)Because , calculate ==, add to the set , calculate the next property set of to be, and make =.(3)Because , calculate =, add to the set , calculate the next property set of to be, and make =.(4)Because does not exist in , , , and ,. calculate =, add to the set , calculate the next property set of to be, and make =.(5)Because does not exist in, , , . calculate =, add to the set , calculate the next property set of to be, and make =.(6)Because does not exist in , , , , calculate =, add to the set , calculate the next property set of is , and make =.(7)Because , calculate =, add to the set , calculate the next property set of which is, and make =.(8)Because , calculate =, add to the set , calculate the next property set of is, and make =.(9)Because , calculate =, add to the set , calculate the next property set of is, and make =.(10)Because , calculate =, add to the set , calculate the next property set of is, and make =.(11)Because does not exist in , , ,and calculate =, add to the set , calculate the next property set of is , and make =.(12)……(13)This article will not repeat the process because of the limited space.At the end of the algorithm, ={}, ={}.
It can be seen from the above algorithm example process that the model utilizes the traditional attribute exploration role discovery algorithm to interact with the system managers of multiple departments, so as to obtain the set of roles and the implication relation between permissions under the combination of multiple departments.
6. Experiment and Analysis
6.1. Experimental Design
In order to verify the performance of the model proposed in this paper, the random function simulation in the JAVA language MATH library is used to generate two sets of access security context as test data. The experimental design is divided into two aspects. The first aspect is to observe the change in the number of the implication relation (Duquenne–Guigues) by changing the experimental conditions. The second aspect is to change the experimental conditions to observe the changes in the number of roles (intent).
In the experiment, the algorithm traverses the access security context to answer the questions instead of the experts. The algorithm takes the randomly generated access security context as the objective access security context and traverses the entire access security context when judging whether the implication relation is true. If all users in the access security context meet the implication relation of this implication, the implication is considered to be true. Otherwise, it is considered that this implication relation is not valid, and a user is taken from the access security context and provided to the algorithm as a counterexample. The test platform hardware is 3.4GHZ CPU, and the 16GB memory operating system is Windows X10.
The first group of experiments sets the access security context with the same number of users (objects) and the number of permissions (attributes) from 0 to 30 at an interval of 5 to test. The purpose of the test is to fix the number of users to change the number of permissions and observe the change in the number of implications. The test results are shown in Figure 2.
The second group sets the number of access security context with the same number of permissions (attributes), and the number of users (objects) is tested from 0 to 300 at intervals of 50. The purpose of testing is to fix the number of permissions, change the number of users, and observe the change of the number of implications. The test results are shown in Figure 3.
The third group of experiments sets access security context with the same number of users (objects) and the number of permissions (attributes) from 0 to 30 at an interval of 5 to test. The purpose of the test is to fix the number of users, change the number of permissions, and observe the change in the number of roles. The test results are shown in Figure 4.
The fourth group sets the number of access security context with the same number of permissions (attributes), and the number of users (objects) is tested from 0 to 300 at intervals of 50. The purpose of the test is to fix the number of permissions, change the number of users, and watch the number of roles change. The test results are shown in Figure 5.
6.2. Experimental Analysis
The first, second, third, and fourth groups of experiments show that whether the number of fixed objects, changing the number of attributes, or the number of fixed attributes, changing the number of objects, the implication relationship, and role (intent) increase with the scale expansion of the access security context.
The model proposed in this paper not only avoids the timeconsuming and laborconsuming process of role requirement analysis and questionnaire survey in the process of role construction but also solves the defects of the traditional auxiliary interactive question and answer algorithm based on attribute exploration, which does not support crossdepartments.
7. Conclusion
Because of the defect that the traditional semiautomatic heuristic method for constructing the RBAC system cannot construct a role system in different permission system departments, this paper proposes a model of RBAC role cooperative learning and exploration. Based on the local access security context, three theorems are summarized from the local point of view, and the proposed theorems are proved by mathematical rigor. Finally, a model of is given according to the theorems. The model uses the traditional attribute exploration role discovery method to construct the role system of different permission systems, and then according to the theorem proposed in this paper, calculates the role system of the multiple departments. Because the model greatly saves the timeconsuming steps in the process of role to formulate and has characteristic of the interdepartmental build role, and so here we will further the development of tools for easier operation and makes the model able to get the more extensive application and development.
Data Availability
The data used to support the findings of this study are included within the article.
Conflicts of Interest
The authors declare that there is no conflict of interest regarding the publication of this paper.
Acknowledgments
This work was supported by the Scientific and Technological Project of Henan Province (Grant No. 202102310340), Foundation of University Young Key Teacher of Henan Province (Grant Nos. 2019GGJS040 and 2020GGJS027), and Key Scientific Research Projects of Colleges and Universities in Henan Province (Grant No. 21A110005).