David F. Ferraiolo
Ravi Sandhu
Abstract
In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in support of session attribute management and an access control decision process.
- AHN,G.AND SANDHU, R. 2000. Role-based authorization constraints specification. ACMTrans. Inf. Syst. Sec. 3, 4 (Nov.). Google Scholar
Digital Library
- BALDWIN, R. W. 1990. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 116-132.Google ScholarCross Ref
- BELL,D.AND LAPADULA. 1976. Secure computer systems: Unified exposition and MULTICS. Tech. Rep. ESD-TR-75-306, The MITRE Corporation, Bedford, Mass., March.Google Scholar
- BERTINO, E., BONATTI,P.,AND FERRARI, E. 2000. TRBAC: A temporal role-based access control model. In Proceedings of the Fifth ACM Workshop on Role Based Access Control, 21-30. Google ScholarDigital Library
- BREWER,D.AND NASH, M. 1989. The Chinese wall security policy. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 215-228.Google ScholarCross Ref
- CHANDRAMOULI,R.AND SANDHU, R. 1998. Role-based access control features in commercial database management systems. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 503-511.Google Scholar
- CLARK,D.AND WILSON, D. 1987. A comparison of commercial and military computer security policies. In proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 184-194.Google ScholarCross Ref
- FADEN, G. 1999. Rbac in Unix administration. In Proceedings of the Fourth ACM Workshop on Role Based Access Control, 95-101. Google ScholarDigital Library
- FEINSTEIN, H. 1996. Final report: NIST small business innovative research (SBIR) grant: Role based access control: phase 2. SETA Corp., October.Google Scholar
- FERRAIOLO,D.AND KUHN, R. 1992. Role-based access control. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 554-563.Google Scholar
- FERRAIOLO, D., BARKLEY,J.,AND KUHN, R. 1999. A role-based access control model and reference implementation within a corporate internet. ACM Trans. Inf. Syst. Sec. 2,1. Google ScholarDigital Library
- FERRAIOLO, D., CUGINI,J.,AND KUHN, R. 1995. Role-based access control: Features and motivations. In Proceedings of the Annual Computer Security Applications Conference, IEEE Press, Los Alamitos, Calif.Google Scholar
- FERRAIOLO, D., GILBERT,D.,AND LYNCH, N. 1993. An examination of federal and commercial access control policy needs. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 107-116.Google Scholar
- GAVRILA,S.AND BARKLEY, J. 1998. Formal specification for RBAC user/role and role relationship management. In Proceedings of the Third ACM Workshop on Role Based Access Control, 81-90. Google ScholarDigital Library
- GIURI,L.AND IGLIO, P. 1996. A formal model for role based access control with constraints. In Proceedings of the Computer Security Foundations Workshop, IEEE Press, Los Alamitos, Calif., 136-145. Google ScholarDigital Library
- GLIGOR, V. D., GAVRILA,S.I.,AND FERRAIOLO, D. F. 1998. On the formal definition of separation-ofduty policies and their composition. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif.Google Scholar
- HUANG,W.AND ATLURI, V. 1999. A secure web-based workflow management system. In Proceedings of the Fourth ACM Workshop on Role Based Access Control, 83-84. Google ScholarDigital Library
- JAEQER, T. 1999. On the increased importance of constraints. In Proceedings of the Fourth ACM Workshop on Role-Based Access Control (Oct.), 33-42. Google ScholarDigital Library
- JAEGER,T.AND TIDSWELL, J. 2000. Rebuttal to the NIST RBAC model proposal. In proceedings of the Fifth ACM Workshop on Role-Based Access Control (Berlin, July), 65-66. Google ScholarDigital Library
- JOSHI,J.B.D.,AREF,W.G.,GHAFOOR, A., AND SPAFFORD, E.H. 2001a. Security models for web-based applications. Commun. ACM, 44, 2, Feb. 38-44. Google ScholarDigital Library
- JOSHI, J., GHAFOOR, A., AREF,W.G.,AND SPAFFORD, E. H. 2001b. Digital government security infrastructure design challenges. IEEE Comput. 33, 2, Feb. 66-72. Google ScholarDigital Library
- KUHN, D. R. 1998. Role based access control on MLS systems without kernel changes. In Proceedings of the ACM Workshop on Role Based Access Control (Oct. 22-23), 25-32. Google ScholarDigital Library
- KUHN, R. 1997. Mutual exclusion as a means of implementing separation of duty requirements in role based access control systems. In Proceedings of the Second ACM Workshop on Role Based Access Control, 23-30. Google ScholarDigital Library
- LAMPSON, B. 1974. Protection. ACM Oper. Syst. Rev. 8, 1, 18-24. Google ScholarDigital Library
- MCCOLLUM, C., MESSING,J.,AND NOTARGIACOMO, L. 1990. Beyond the pale of MAC and DAC- Defining new forms of access control. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 190-900.Google ScholarCross Ref
- MOFFETT., J. D. 1998. Control principles and role hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control (Fairfax, V., Oct. 22-23), 63-69. Google ScholarDigital Library
- NYANCHAMA,M.AND OSBORN, S. 1994. Access rights administration in role-based security systems. In Database Security, VIII: Status and Prospects, J. Biskup, M. Morgenstern, and C. E. Landwehr, Eds., North-Holland, 37-56. Google ScholarDigital Library
- NYANCHAMA,M.AND OSBORN, S. 1999. The graph model and conflicts of interest. ACM Trans. Inf. Syst. Sec. 2,1. Google ScholarDigital Library
- OSBORN, S., SANDHU, R., AND MUNAWER, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Sec. 3,2. Google ScholarDigital Library
- SANDHU,R.AND BHAMIDIPATI, V. 1997. Role-based administration of user-role assignment: The URA97 model and its oracle implementation. J. Compu. Sec. 7. Google ScholarDigital Library
- SANDHU, R. 1998a. Role activation hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control (Fairfax, V., Oct. 22-23), 33-40. Google ScholarDigital Library
- SANDHU, R. 1998b. Role-based access control. In Advances in Computers, vol. 46, M. Zelkowitz Eds. Academic, 237-286.Google Scholar
- SANDHU, R. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Aerospace Computer Security Applications Conference (Orlando, Fla.). IEEE Computer Society Press, Dec. Los Alamitos, Calif., 282-286.Google ScholarCross Ref
- SANDHU, R., BHAMIDIPATI,V.,AND MUNAWER, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Sys. Sec. 2, 1, (Feb.), 105-135. Google ScholarDigital Library
- SANDHU, R., COYNE, E., FEINSTEIN, H., AND YOUMAN, C. 1996. Role-based access control models. IEEE Comput., 29, (2), (Feb). Google ScholarDigital Library
- SANDHU, R., FERRAIOLO,D.,AND KUHN, R. 2000. The NIST model for role-based access control: Towards a unified standard. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control (Berlin, July), 47-63. Google ScholarDigital Library
- SIMON,R.AND ZURKO, R. 1997. Separation of duty in role based access control environments. In Proceedings of New Security Paradigms Workshop, (Sept.).Google Scholar
- SMITH, C., COYNE, E., YOUMAN,C.,AND GANTA, S. 1996. Market analysis report: NIST small business innovative research (SBIR) grant: Role based access control: Phase 2. A marketing survey of civil federal government organizations to determine the need for role-based access control security product, SETA Corp., July.Google Scholar
- THOMSEN, D. J. 1991. Role-based application design and enforcement. In Database Security, IV: Status and Prospects, S. Jajodia and C. E. Landwehr, Eds., North-Holland, 151-168.Google Scholar
- TING,T.C.,DEMURJIAN,S.A.,AND HU, M. Y. 1992. Requirements capabilities and functionalities of user-role based security for an object-oriented design model. In Database Security, IV: Status and Prospects, S. Jajodia and C. E. Landwehr, Eds., North-Holland, 275-296. Google ScholarDigital Library
Index Terms
- Proposed NIST standard for role-based access control
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
A Critique of the ANSI Standard on Role-Based Access Control
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Comments