Research on Uniform Model of RBAC and MAC

The solutions and problems of Sandhu method and ISandhu method for enforcing BLP in RBAC model are researched and analyzed.It reveals that these solutions don't take the advantages of Role-based Access Control into accout when enforcing Mandatory Access Control and therefore result in some problems as following:the number of roles subjects to that of security labels;the semanteme of some roles is vague;the hierarchy can not be extended;and it lacks the ability of supporting the well-known security principles of least privilege and separation of duties.All of these problems weaken the flexibility and practicability of the model seriously.A new extended model named URBAC is proposed,on the basis of which Role-based Access Control and Mandatory Access Control can be enforced with different constrains respectively.This approach not only preserves the advantage of both RBAC and MAC,but also can make the model shift between different security policy by adjusting the constrains,and still raises up a new perspective of Muti-Security-Policy supporting.