The ARBAC97 model for role-based administration of roles: preliminary description and outline

In role-based access control (RBAC) permissions are associated with roles, and users are made members of roles thereby acquiring the roles’ permissions. The motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience, especially in decentralizing administrative authority, responsibility and chores. This paper describes the motivation, intuition and outline of a new model for RBAC administration called ARBAC97 (administrative RBAC ‘97). ARBAC97 has three components: URA97 (user-role assignment ‘97), PRA97 (permissionrole assignment ‘97) and RRA97 (role-role assignment ‘97). URA97 was recently defined by Sandhu and Bhamidipati [SB97]. ARBAC97 incorporates URA97, builds upon it to define PRA97 and some components of RRA97, and introduces additional concepts in developing RRA97. *This work is partially supported by the National Science Fmmdation at the Laboratory for Information Security Technology at George Mason University and the National Institute of Standards and Technology at SETA Corporation. All correspondence should be addressed to Ravi Sandhu, ISSE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, sandhu@isse.gmu.edu, wvw.list.gmu.edu.

[1]  Imtiaz Mohammed,et al.  Design for dynamic user-role-based security , 1994, Comput. Secur..

[2]  Ramaswamy Chandramouli,et al.  Role-Based Access Control Features in Commercial Database Management Systems , 1998 .

[3]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[4]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[5]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[6]  Sylvia L. Osborn,et al.  Access Rights Administration in Role-Based Security Systems , 1994, DBSec.

[7]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[8]  Ravi S. Sandhu,et al.  On the minimality of testing for rights in transformation models , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Ravi S. Sandhu,et al.  Role-based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation , 1999, J. Comput. Secur..

[10]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[11]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[12]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[13]  Ravi S. Sandhu,et al.  Rationale for the RBAC96 family of access control models , 1996, RBAC '95.

[14]  Sebastiaan H. von Solms,et al.  The management of computer security profiles using a role-oriented approach , 1994, Comput. Secur..

[15]  Ravi S. Sandhu Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[16]  Ravi S. Sandhu,et al.  Roles versus groups , 1996, RBAC '95.

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[19]  Sylvia L. Osborn,et al.  Modeling Mandatory Access Control in Role-Based Security Systems , 1995, DBSec.

[20]  Ravi S. Sandhu,et al.  Decentralized user-role assignment for Web-based intranets , 1998, RBAC '98.

[21]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Pietro Iglio,et al.  A formal model for role-based access control with constraints , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[23]  Ravi Sandhu,et al.  Group Hierarchies With Decentralized User Assignment In Windows Nt , 1998 .

[24]  Ravi S. Sandhu,et al.  An Oracle implementation of the PRA97 model for permission-role assignment , 1998, RBAC '98.