Skip to main content
SpringerLink
Log in

Future Directions in Role-Based Access Control Models

  • Conference paper
  • First Online:
Information Assurance in Computer Networks (MMM-ACNS 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2052))

Abstract

In the past five years there has been tremendous activity in role-based access control (RBAC) models. Consensus has been achieved on a standard core RBAC model that is in process of publication by the US National Institute of Standards and Technology (NIST). An early insight was that RBAC cannot be encompassed by a single model since RBAC concepts range from very simple to very sophisticated. Hence a family of models is more appropriate than a single model. The NIST model reflects this approach. In fact RBAC is an open-ended concept which can be extended in many different directions as new applications and systems arise. The consensus embodied in the NIST model is a substantial achievement. All the same it just a starting point. There are important aspects of RBAC models, such as administration of RBAC, on which consensus remains to be reached. Recent RBAC models have studied newer concepts such as delegation and personalization, which are not captured in the NIST model. Applications of RBAC in workflow management systems have been investigated by several researchers. Research on RBAC systems that cross organizational boundaries has also been initiated. Thus RBAC models remain a fertile area for future research. In this paper we discuss some of the directions which we feel are likely to result in practically useful enhancements to the current state of art in RBAC models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gail Ahn and Ravi Sandhu: Role-Based Authorization Constraints Specification. ACM Trans. on Information and System Security, V. 3,No 4 (November 2000)

    Google Scholar 

  2. Ezedin Barka and Ravi Sandhu: Framework for Role-Based Delegation Models. Proc. 16th Annual Computer Security Applications Conference, New Orleans (Dec., 2000)

    Google Scholar 

  3. Bertino, E., Bonatti, P., and Ferrari, E.: TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Info. and System Security, 4:3, (Aug. 2001) to appear

    Google Scholar 

  4. Damianou, N., Dulay, N., Lupu, E., and Sloman, M.: The Ponder Policy Specification Language. Int. Workshop on Policy, Jan. 2001, Springer LNCS 1995

    Google Scholar 

  5. Ferraiolo, D. and Kuhn, R.: Role-Based Access Control. In Proc. of the NIST-NSA National Computer Security Conference. (1992) 554–563

    Google Scholar 

  6. Ferraiolo, D.F., Sandhu, R., Gavrila, D., Kuhn, D.R. and Chandramouli, R.: A Proposed Standard for Role-Based Access Control. ACM Transactions on Information and System Security, V. 4,No 3, (August 2001) to appear

    Google Scholar 

  7. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D. and Ravid, Y.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. IEEE Symposium on Security and Privacy, Oakland (May 2000)

    Google Scholar 

  8. Hildmann, T. and Barholdt, J.: Managing trust between collaborating companies using outsourced role based access control. In Proc. of 4th ACM Workshop on Role-Based Access Control. 1999 (105–111)

    Google Scholar 

  9. Hitchens, M. and Varadharajan, V.: Tower: A Language for Role Based Access Control. Int. Workshop on Policy, Bristol, UK, January 2001, Springer LNCS 1995

    Google Scholar 

  10. Huang, W., and Atluri, V.: A secure web-based workflow management system. In Proc. of 4th ACM Workshop on Role-Based Access Control. (1999)

    Google Scholar 

  11. Jaeger, T.: On the Increasing Importance of Constraints. Proc. 4th ACM Workshop on Role-Based Access Control, Fairfax, Virginia (Oct. 28–29, 1999) 33–42

    Google Scholar 

  12. Jaeger, T. and Tidswell, J.: Rebuttal to the NIST RBAC model proposal. Proc. 5th ACM Workshop on Role-Based Access Control, Berlin, Germany. (July 26–28, 2000) 65–66

    Google Scholar 

  13. Osborn, S., Sandhu, R. and Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. on Information and System Security, V. 3,No 2, (May 2000) 85–106

    Article  Google Scholar 

  14. Sandhu, R., Coyne, E., Feinstein, H. and Youman, C.: Role-Based Access Control Models. IEEE Computer, V. 29,No 2. (Feb. 1996) 38–47

    Google Scholar 

  15. Sandhu, R.: Role Activation Hierarchies. Proc. 3rd ACM Workshop on Role-Based Access Control, Fairfax, Virginia. (October 22–23, 1998) 33–40

    Google Scholar 

  16. Sandhu, R., Bhamidipati, V. and Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Trans. on Info. and System Security, 2:1, (Feb. 99) 105–135

    Google Scholar 

  17. Sandhu, R.: Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way. Proc. 5th ACM Workshop on RBAC, Berlin. (July 26–28, 2000) 111–119

    Google Scholar 

  18. Sandhu, R., Ferraiolo, D. and Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. Proc. 5th ACM Workshop on RBAC. 47–63

    Google Scholar 

  19. Thomas, R. and Sandhu, R.: Task-based Authorization Controls (TBAC): Models for Active and Enterprise-Oriented Authorization Management. In Database Security XI: Status and Prospects, Chapman & Hall 1998. 262–275

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. George Mason University, Fairfax, VA, 22030, USA

    Ravi Sandhu (Chief Scientist, Professor of Information Technology and Engineering)

  2. SingleSignOn.Net Inc., 11417 Sunset Hills Road, Reston, VA, 20190, USA

    Ravi Sandhu (Chief Scientist, Professor of Information Technology and Engineering)

Authors
  1. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), SPIIRAS, 39, 14th Liniya, St. Petersburg, Russia, 199178

    Vladimir I. Gorodetski

  2. Watson Schoolof Engineering, Binghamton University, Binghamton, NY, 13902, USA

    Victor A. Skormin

  3. Air Force Research Laboratory, Defensive Information Warfare Branch, 525 Brooks Road, Rome, NY, 13441-4505, Italy

    Leonard J. Popyack

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sandhu, R. (2001). Future Directions in Role-Based Access Control Models. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_4

Download citation

  • DOI: https://doi.org/10.1007/3-540-45116-1_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42103-0

  • Online ISBN: 978-3-540-45116-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation