ROLE-BASED ACCESS CONTROL MODELS

Role-based Access Control Models

Role-based Access Control Models

Introduction

Research on access control models was started in the 1960s and 1970s by the two thrusts of mandatory and discretionary access control. Mandatory access control (MAC) came from the military and national security arenas whereas discretionary access control (DAC) had its roots in academic and commercial research laboratories.

These two thrusts were dominant through the 1970s and 1980s almost to exclusion of any other approach to access control models. In the 1990s we have seen a dramatic shift towards pragmatism.

The dominant access-control model of the 1990s is role-based access control (RBAC). In this paper we make the case that RBAC will continue to be dominant for the next decade.

Current State of RBAC Models

To my knowledge the first use of the term RBAC is due to Ferraiolo and Kuhn [FK92] although there has been prior mention in the security literature of "roles" and "role-based security." Sandhu et al [SAN96] subsequently published a seminal paper defining a family of models that has since come to be called RBAC96. A crucial insight of RBA96 was the realization that RBAC can range from very simple to very sophisticated so we need a family of models rather than a single model. A single model is too complex for some needs and simple for others. A graded family of models enables selection of the "correct" model for a particular situation. Publication of RBAC96 was followed by a flurry of research that has clearly established RBAC as the dominant access control model. Remarkably the basic concepts of RBAC96 have proved to be robust and no significant omissions have been identified. In many years of research following publication of RBAC96 we have had occasion to introduce only one new concept (role activation hierarchies [SAN98]) which was not already present in RBAC96.

Let us now briefly review important achievements in recent RBAC research. The perspective given here is necessarily a personal one. As such the papers cited are those with greatest direct impact on our own understanding of RBAC models. There simply is not enough room to cite many other papers of considerable significance.

We feel that RBAC models have advanced in at least three respects in recent years, discussed below in turn.

Firstly, an important recent development is emergence of a consensus standard model which is supported by a major standards organization (the US National Institute of Standards and Technology or NIST). Following the publication of RBAC96 it became clear that many authors were pursuing very similar ideas but with differences in detail leading to confusion about the nature of RBAC. RBAC96 was unique in proposing the concept of a graded family of models. Once this family notion was accepted by the RBAC community consensus on a core set of RBAC concepts became feasible. To this end an initial attempt at a family of standard models was presented at the Berlin RBAC Workshop by Sandhu et al [SFK00].

Workshop attendees reacted to this proposal with heated discussion ...