Digital Review dblp.uni-trier.de

Review - Role Hierarchies and Constraints for Lattice-Based Access Controls.

Elisa Bertino: Review - Role Hierarchies and Constraints for Lattice-Based Access Controls. ACM SIGMOD Digital Review 2: (2000) BibTeX

Review

Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. In a role-based access control model, roles represent functions within a given organization and authorizations are granted to roles. Authorizations granted to a role are strictly related to the data objects and resources that are needed by a user in order to exercise the functions of the role. Users are thus simply authorized to "play" the appropriate roles, thereby acquiring the roles' authorizations. When a user logs in he/she can activate a subset of the roles he/she is authorized to play. The use of roles has several, well recognized advantages. Because roles represent organizational functions, a role-based model can directly support security policies of the organization. Authorization administration is also greatly simplified. If a user moves to a new function within the organization, there is no need to revoke the authorizations he/she had in the previous function and grant the authorizations he/she needs in the new function. The security administrator simply needs to revoke and grant the appropriate role membership. Last, but not least, RBAC models have been shown to be able to support multiple access control policies; in particular, by appropriately configuring a role system, one can support different policies, including the mandatory and discretionary ones.

This paper by Sandhu provides an important milestone in research concerning RBAC models. It is reading this paper that I got interested in research on this approach to access control. The major contribution of this paper is to show how different variations of lattice based access control models can be simulated in a RBAC model. In particular, the paper very clearly identifies the major extensions to the role hierarchy and constraints required to support lattice based access control models.

Copyright © 2000 by the author(s). Review published with permission.


References

[1]
Ravi S. Sandhu: Role Hierarchies and Constraints for Lattice-Based Access Controls. ESORICS 1996: 65-79 BibTeX
BibTeX
Digital Review - DBLP: [Home | Search: Author, Title | Conferences | Journals]
Digital Review: Copyright © by ACM (info@acm.org),
DBLP: Copyright © by Michael Ley (ley@uni-trier.de), last change: Sat May 16 23:57:26 2009