Sandhu, 1996

Role hierarchies and constraints for lattice-based access control

Type

Article

Year

1996

Authors

Sandhu, R.

Identifiers

Abstract

Role-based access control (RBAC) is a promising alternative to traditional discretionary and mandatory access controls. In RBAC permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. In this paper we formally show that lattice based mandatory access controls can be enforced by appropriate configuration of RBAC components. Our constructions demonstrate that role hierarchies and constraints are required to effectively achieve this result. We show that variations of the lattice-based *-property, such as write-up (liberal *-property) and no-write-up (strict ,-property), can be easily accommodated in RBAC. Our results attest to the flexibility of RBAC and its ability to accommodate different policies by suitable configuration of role hierarchies and constraints.

(Sandhu, 1996, p. 1)

Links

Citation

Sandhu, R., 1996. Role hierarchies and constraints for lattice-based access controls, in: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (Eds.), Computer Security — ESORICS 96, Lecture Notes in Computer Science. Springer, Berlin, Heidelberg, pp. 65–79. https://doi.org/10.1007/3-540-61770-1_28

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.