Generating role-based access control policies based on discovered risk-averse roles

What is claimed is: 1. A computer system for generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles, the computer system comprising: a bus system; a storage device connected to the bus system, wherein the storage device stores computer readable program code; and a processor unit connected to the bus system, wherein the processor unit executes the computer readable program code to generate a user-permission relation from a stored access control policy by extracting users and permissions assigned to each of the users from the stored access control policy, wherein the user-permission relation defines a relationship between the users and their assigned permissions to access secure resources connected to a network to perform their assigned duties, and wherein a permission grants a user assigned to that permission an ability to at least one of read a secure document, write to a secure document, delete a secure document, modify a secure document, access a secure hardware device, access a secure software application, and access a secure network; generate a user-attribute relation by mapping the users to attributes describing each of the users; generate a permission-attribute relation by mapping the permissions to attributes describing each of the permissions; determine a set of risk-averse roles, assignment of the set of risk-averse roles to the users, and assignment of the permissions to the set of risk-averse roles based on applying a risk-optimization function to the generated user-permission relation, the generated user-attribute relation, and the generated permission-attribute relation, wherein a risk-averse role includes a set of users with their assigned permissions to perform their assigned duties on the secure resources and has a level of risk associated with the risk-averse role; generate a role-based access control policy that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles; wherein risk of misuse of user-permission assignments in a risk-averse role is calculated based on an aggregation of the attributes describing each of the users and the attributes describing each of the permissions assigned to the risk-averse role, and wherein the attributes describing each of the users used in calculating the risk of misuse of user-permission assignments in the risk-averse role include a security clearance level of a user that corresponds to a security clearance value for the user, and wherein the attributes describing each of the permissions used in calculating the risk of misuse of user-permission assignments in the risk-averse role include a sensitivity level of a permission that defines a level of damage caused by at least one of an abuse and a misuse of the permission by the user; and control the access to the secure resources by the users using the generated role-based access control policy to mitigate the risk to the secure resources. 2. The computer system of claim 1 , wherein the risk-optimization function is a multiple-objective optimization function that minimizes risk of misuse of user-permission assignments while minimizing complexity of the generated role-based access control policy and a number of changes to the user-permission assignments from the stored access control policy to the generated role-based access control policy, wherein the complexity of the generated role-based access control policy is determined by a number of permissions, a number of users, a number of risk-averse roles, a number of user-role assignments, and a number of permission-role assignments within the generated role-based access control policy. 3. The computer system of claim 2 , wherein the risk-optimization function is a weighted combination of the risk of misuse of user-permission assignments, the complexity of the generated role-based access control policy, and the number of changes to the user-permission assignments from the stored access control policy to the generated role-based access control policy. 4. The computer system of claim 3 , wherein risk of the generated role-based access control policy is calculated using an aggregation function that aggregates a risk of each risk-averse role in the set of risk-averse roles. 5. The computer system of claim 4 , wherein the aggregation function is a monotonically non-decreasing function. 6. The computer system of claim 5 , wherein the risk of the generated role-based access control policy is calculated based on aggregating a risk of each of the users in the generated role-based access control policy given all risk-averse roles assigned to each of the users. 7. The computer system of claim 1 , wherein the risk-optimization function maps the attributes describing each of the users and the attributes describing each of the permissions to a specific risk level. 8. The computer system of claim 1 , wherein risk of a role assignment is calculated using an aggregation of sensitivity levels of the permissions assigned to the risk-averse role and an aggregation of security clearance levels of the users assigned to the risk-averse role. 9. The computer system of claim 8 , wherein the aggregation of the sensitivity levels of the permissions and the aggregation of the security clearance levels of the users is calculated using a monotonically non-decreasing function that cannot decrease a risk of the generated role-based access control policy in response to a user being assigned more permissions by at least one of assignment of more risk-averse roles to the user and assignment of more permissions to risk-averse roles already assigned to the user. 10. The computer system of claim 9 , wherein the monotonically non-decreasing function is defined by applying a normalized integral to an existing membership function. 11. A computer program product stored on a computer readable storage medium having computer readable program code encoded thereon that is executable by a computer for generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles, the computer program product comprising: computer readable program code for generating a user-permission relation from a stored access control policy by extracting users and permissions assigned to each of the users from the stored access control policy, wherein the user-permission relation defines a relationship between the users and their assigned permissions to access secure resources connected to a network to perform their assigned duties, and wherein a permission grants a user assigned to that permission an ability to at least one of read a secure document, write to a secure document, delete a secure document, modify a secure document, access a secure hardware device, access a secure software application, and access a secure network; computer readable program code for generating a user-attribute relation by mapping the users to attributes describing each of the users; computer readable program code for generating a permission-attribute relation by mapping the permissions to attributes describing each of the permissions; computer readable program code for determining a set of risk-averse roles, assignment of the set of risk-averse roles to the users, and assignment of the permissions to the set of risk-averse roles based on applying a risk-optimization function to the generated user-permission relation, the generated user-attribute relation, and the generated permission-attribute relation, wherein a risk-averse role includes a set of users with