Role-Based Access Controls

While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access c ontrol is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access contro l - role-based access control (RBAC) that is more central to the secure processing needs of non-military systems than DAC.

[1]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[2]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Simon R. Wiseman,et al.  A 'new' security policy model , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[5]  John M. Boone,et al.  Integrity in Automated Information Systems , 1991 .

[6]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.