Configuring role-based access control to enforce mandatory and discretionary access control policies

Top Cited Papers

1 May 2000

journal article
Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security

Vol. 3 (2) , 85-106
https://doi.org/10.1145/354876.354878

Abstract

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various common forms of both of the traditional access control paradigms using the role-based access control (RBAC) models of Sandhu et al., commonly called RBAC96. We see that all of the features of the RBAC96 model are required, and that although for the manatory access control simulation, only one administrative role needs to be assumed, for the discretionary access control simulations, a complex set of administrative roles is required.

Keywords

This publication has 9 references indexed in Scilit:

The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security, 1999
The role graph model and conflict of interest
ACM Transactions on Information and System Security, 1999
How to do discretionary access control using roles
Published by Association for Computing Machinery (ACM) ,1998
On the Interaction Between Role-Based Access Control and Relational Databases
Published by Springer Nature ,1997
Role hierarchies and constraints for lattice-based access controls
Published by Springer Nature ,1996
Role-based access control models
Computer, 1996
Access control: principle and practice
IEEE Communications Magazine, 1994
Lattice-based access control models
Computer, 1993
A lattice model of secure information flow
Communications of the ACM, 1976