Skip to end of banner
Go to start of banner

Kuhn, 1998

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Role based access control on MLS systems without kernel changes

Type

Article

Year

1998

Authors

Kuhn, D.R.

Identifiers

Abstract

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security systems that implement information fow policies. The construction from MLS to RBAC systems is signifcant because it shows that the enormous investment in MLS systems can be leveraged to produce RBAC systems. The method requires no changes to the existing MLS system kernel and allows implementation of hierarchical RBAC entirely through site confguration options. A single trusted process is used to map privileges of RBAC roles to MLS labels. Access is then mediated by the MLS kernel. Where C is the number of categories and d the depth of the role hierarchy, the number of roles that can be controlled is approximately
(C /d C /2d )d

(Kuhn, 1998, p. 1)

Citation

Kuhn, D.R., 1998. Role based access control on MLS systems without kernel changes, in: Proceedings of the Third ACM Workshop on Role-Based Access Control  - RBAC ’98. Presented at the the third ACM workshop, ACM Press, Fairfax, Virginia, United States, pp. 25–32. https://doi.org/10.1145/286884.286890

  • No labels