Issues in the Design of a Language for Role Based Access Control

  • Michael Hitchens
  • Vijay Varadharajan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1726)


In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.


Access Control Access Control Policy Access Control Model Role Base Access Control Access Control Mechanism 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bai, Y., Varadharajan, V.: A Logic for State Transformations in Authorisation Policies. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp. 173–183 (1997)Google Scholar
  2. 2.
    Brewer, D., Nash, M.: The Chinese Wall Security Policy. IEEE Proceedings on Security and Privacy, 206–214 (1989)Google Scholar
  3. 3.
    Ferraiolo, D., Kuhn, R.: Role based Access Controls. In: 15th NIST-NCSC National Computer Security Conference (1992)Google Scholar
  4. 4.
    Giuri, L., Iglio, P.: Role Templates for Content-Based Access Control. In: 2nd ACM RBAC Workshop, pp. 153–159 (1997)Google Scholar
  5. 5.
    Goh, C.: Towards a more Complete Model of Role. In: 3rd ACM RBAC Workshop, pp. 55–61 (1998)Google Scholar
  6. 6.
    Hilchenbach, B.: Observations on the Real-World Implementation of Role-Based Access Control. In: National Information Systems Security Conference, pp. 341–352 (1997)Google Scholar
  7. 7.
    Hitchens, M., Varadharajan, V.: Specifying Role Based Access Control Policies for Object Systems (submitted for publication)Google Scholar
  8. 8.
    Jajodia S., Smarati, P., Subrahmanian, V.: A Logical Language for Expressing Authorizations. IEEE Proceedings on Security and Information Privacy (1997) Google Scholar
  9. 9.
    Karger, P.: Implementing Commercial Data Integrity with Secure Capabilities. In: IEEE Symposium on Security and Privacy, pp. 130–139 (1988)Google Scholar
  10. 10.
    Lupu E., Sloman, M.: Reconciling Role Based Management and Role Based Access control. In: 2nd ACM RBAC Workshop, pp. 135–141 (1997) Google Scholar
  11. 11.
    Moffett, J.: Control Principles and Role Hierarchies. In: 3rd ACM RBAC Workshop, pp. 63–69 (1998)Google Scholar
  12. 12.
    Object Management Group (OMG) : Security Services in Common Object Request Broker Architecture (1996) Google Scholar
  13. 13.
    Object Management Group (OMG), CORBAservices: Common Object Services Specification, OMG Document 97-07-04 (1997) Google Scholar
  14. 14.
    Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice-Hall, Englewood Cliffs (1997)Google Scholar
  15. 15.
    Sandhu, R.: Transaction Control Expressions For Separation of Duties. In: Fourth Aerospace Computer Security Applications Conference, pp. 282–286 (1988)Google Scholar
  16. 16.
    Sandhu, R.: Lattice-Based Access Control Models. IEEE Computer 11, 9–19 (1993)Google Scholar
  17. 17.
    Sandhu, R., Feinstein, H.: A Three Tier Architecture for Role-Based Access Control. In: 17th National Computer Security Conference, pp. 34–46 (1994)Google Scholar
  18. 18.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control: A Multi- Dimensional View. In: 10th Annual Computer Security Applications Conference, pp. 54–61 (1994)Google Scholar
  19. 19.
    Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role based Access Control Models. IEEE Computer 2, 38–47 (1996)Google Scholar
  20. 20.
    Sandhu, R.: Role Activation Hierarchies. In: 3rd ACM RBAC Workshop, pp. 33–40 (1998)Google Scholar
  21. 21.
    Simon, R., Zurko, M.: Separation of Duty in Role-Based Environments. In: 10th Computer Security Foundations Workshop, pp. 183–194 (1997)Google Scholar
  22. 22.
    Varadharajan, V., Allen, P., Black, S.: Analysis of Proxy Problem in Distributed Systems. IEEE Proceedings on Security and Privacy (1991)Google Scholar
  23. 23.
    Varadharajan, V., Allen, P.: Joint Action based Authorisation Schemes. ACM Operating Systems Review 7 (1996)Google Scholar
  24. 24.
    Varadharajan, V., Crall, C., Pato, J.: Authorisation for Enterprise wide Distributed Systems: Design and Application. In: IEEE Computer Security Applications Conference (1998)Google Scholar
  25. 25.
    Zurko, M., Simon, R., Sanfilippo, T.: A User-Centred, Modular Authorisation Service Built on an RBAC Foundation. In: IEEE Symposium on Security and Privacy (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Michael Hitchens
    • 1
  • Vijay Varadharajan
    • 2
  1. 1.Basser Department of Computer ScienceUniversity of SydneyAustralia
  2. 2.School of Computing and Information TechnologyUniversity of Western Sydney, NepeanAustralia

Personalised recommendations