Skip to content
Menu
Technical University of Munich
Technical University of Munich

Synthetic Test Data Generation for Role Based Access Control (RBAC) Experiments

Thesis (MA)

Advisor(s):  Maximilian Niedermeier

Motivation

Role-Based Access Control (RBAC) (1) does not directly grant permissions to users, but to different company roles. Users are then associated with one-to-many roles. For example, a company could assign the roles Software Engineer and Testing Engineer to an employee. When utilizing a well-defined Identity and Access Management (IAM) tool, the employee should then automatically be granted all permissions needed for daily work routines. Today, companies often work in a distributed IT landscape, for example consisting of multiple cloud applications, each having its own RBAC system.

The IRBAC 2000 model (2) introduces interoperability to RBAC as it translates roles from one company domain to another. For the future, we plan to conduct similar experiments which are to map roles between different cloud applications. In order to conduct a reliable testing and evaluation process, this thesis aims to dynamically generate synthetic test data based on fictional organizations.

Research Objectives

  • Writing a systematic literature review answering the question which data about employee permissions different RBAC systems may store, e.g. what does a LDAP usually store? What do RBAC systems for different SaaS cloud application store?
  • Building an algorithm which automatically creates test-data for RBAC experiments based on input parameters (e.g. company size, existing departments, …)

(Possible) Tasks

  • Review scientific literature in the specific field
  • Understand, how RBAC systems work in detail
  • Development of an algorithm which allows scientists to dynamically create different data sets for RBAC experiments
  • Evaluation of the results, e.g. by conducting a focus group with IAM consultants

Requirements

  • High degree of autonomy and individual responsibility
  • Structured, reliable, and self-motivated work style
  • Ability to write maintainable and clean code, e.g. in C# or Python
  • High Interest to work with scientific literature
  • Interest in Identity and Access Management (IAM)
  • Good language skills in either German or English

Further Information

Please send your application (including a motivation why you are suited for working in this project), your "Notenauszug" from TUMonline, and your CV to max.niedermeier@tum.de. Please note that we can only consider applications with complete documents. Please send your application with your tum/cit.tum e mail address (emails from other addresses will not be anserewed).

To top