Fast Exact and Heuristic Methods for Role Minimization Problems Alina Ene, William Horne, Nikola Milosavljevic, Prasad Rao, Robert Schreiber, Robert E. Tarjan HP Laboratories, Palo Alto HPL-2008-33 April 14, 2008* role mining, role-based access control We describe several bottom-up approaches to problems in role engineering for Role-Based Access Control (RBAC). The salient problems are all NP-complete, even to approximate, yet we find that in instances that arise in practice these problems can be solved in minutes. We first consider role minimization, the process of finding a smallest collection of roles that can be used to implement a pre-existing user-to- permission relation. We introduce fast graph reductions that allow recovery of the solution from the solution to a problem on a input graph. For our test cases, these reductions either solve the problem, or reduce the problem enough that we find the optimum solution with a (worst-case) exponential method. We introduce lower bounds that are sharp for seven of nine test cases and are within 3.4% on the other two. We introduce and test a new polynomial-time approximation that on average yields 2% more roles than the optimum. We next consider the related problem of minimizing the number of connections between roles and users or permissions, and we develop effective heuristic methods for this problem as well. Finally, we propose methods for several related problems. Internal Accession Date Only Approved for External Publication To be published and presented at 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), Estes Part, CO, June 11-13, 2008 © Copyright 2008 ACM Symposium on Access Control Models and Technologies (SACMAT 2008)