scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Proposed NIST standard for role-based access control

David F. Ferraiolo1, Ravi Sandhu2, Serban I. Gavrila, D. Richard Kuhn1, Ramaswamy Chandramouli1 
National Institute of Standards and Technology1, George Mason University2
01 Aug 2001-ACM Transactions on Information and System Security (ACM)-Vol. 4, Iss: 3, pp 224-274
TL;DR: Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers.
Abstract: In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in support of session attribute management and an access control decision process.

Content maybe subject to copyright    Report

Citations
More filters
Book ChapterDOI
SecureUML: A UML-Based Modeling Language for Model-Driven Security

[...]

Torsten Lodderstedt1, David Basin1, Jürgen Doser1
University of Freiburg1
30 Sep 2002-Lecture Notes in Computer Science
TL;DR: The approach is based on role-based access control with additional support for specifying authorization constraints and can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.
Abstract: We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UMLcan be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.

862 citations

Cites methods from "Proposed NIST standard for role-bas..."

  • ...Such constraints are also defined in [4]....

    [...]

  • ...It is based on the standard for RBAC as proposed in [4]....

    [...]

Journal ArticleDOI
Business Process Management: A Comprehensive Survey

[...]

Wmp Wil van der Aalst1, van der
Eindhoven University of Technology1
12 Feb 2013-International Scholarly Research Notices
TL;DR: The practical relevance of BPM and rapid developments over the last decade justify a comprehensive survey and an overview of the state-of-the-art in BPM.
Abstract: Business Process Management (BPM) research resulted in a plethora of methods, techniques, and tools to support the design, enactment, management, and analysis of operational business processes. This survey aims to structure these results and provide an overview of the state-of-the-art in BPM. In BPM the concept of a process model is fundamental. Process models may be used to configure information systems, but may also be used to analyze, understand, and improve the processes they describe. Hence, the introduction of BPM technology has both managerial and technical ramifications and may enable significant productivity improvements, cost savings, and flow-time reductions. The practical relevance of BPM and rapid developments over the last decade justify a comprehensive survey.

739 citations

Cites methods from "Proposed NIST standard for role-bas..."

  • ...Role-Based Access Control (RBAC, [115]) techniques can be applied in this setting....

    [...]

Proceedings ArticleDOI
Organization based access control

[...]

Anas Abou El Kalam1, Rania El Baida2, Philippe Balbiani2, Salem Benferhat3, Frédéric Cuppens2, Yves Deswarte1, A. Miege4, C. Saurel4, G. Trouessin5 
Centre national de la recherche scientifique1, Paul Sabatier University2, Artois University3, Office National d'Études et de Recherches Aérospatiales4, Ernst & Young5
04 Jun 2003
TL;DR: A new model is suggested that provides solutions to specify contextual security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations in the health care domain.
Abstract: None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. We suggest a new model that provides solutions to specify such contextual security policies. This model, called organization based access control, is presented using a formal language based on first-order logic.

651 citations

Cites methods from "Proposed NIST standard for role-bas..."

  • ...Several access control models have been proposed: DAC[1], MAC[2, 3], RBAC[4, 5, 6], TBAC[7] or TMAC[8]....

    [...]

Journal ArticleDOI
A generalized temporal role-based access control model

[...]

James Joshi1, Elisa Bertino, U. Latif2, Arif Ghafoor
University of Pittsburgh1, Purdue University2
01 Jan 2005-IEEE Transactions on Knowledge and Data Engineering
TL;DR: This work proposes a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints and allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments.
Abstract: Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In This work, we propose a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics.

619 citations

Cites background from "Proposed NIST standard for role-bas..."

  • ...Information systems security refers to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against denial of service to authorized users, including measures necessary to detect, document, and counter such threats....

    [...]

  • ...Accountability: Information accountability ensures that every action of an entity can be uniquely traced back to it....

    [...]

  • ...Availability: Information availability ensures that information is available when needed and is not made inaccessible by malicious data denial activities....

    [...]

  • ...CERIAS Tech Report 2003-23 A GENERALIZED TEMPORAL ROLE BASED ACCESS MODEL FOR DEVELOPING SECURE SYSTEMS by James B. D. Joshi Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907...

    [...]

  • ...I would also like to express my gratitude to Professors Mary P. Harper, Eugene H. Spafford and Hong Z. Tan for their participation in my PhD committee....

    [...]

Journal ArticleDOI
Security and privacy in electronic health records: A systematic literature review

[...]

José Luis Fernández-Alemán1, Inmaculada Carrión Señor1, Pedro Ángel Oliver Lozoya1, Ambrosio Toval1
University of Murcia1
01 Jun 2013-Journal of Biomedical Informatics
TL;DR: A systematic literature review concerning the security and privacy of electronic health record (EHR) systems found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems.

526 citations

Cites methods from "Proposed NIST standard for role-bas..."

  • ...RBAC has been implemented in many commercial systems [45], and an RBAC-standard has therefore been created to ensure that the main principles remain equal across different implementations [46,119]....

    [...]

References
More filters
Journal ArticleDOI
Role-based access control models

[...]

Ravi Sandhu1, Edward J. Coyne, H.L. Feinstein, Charles E. Youman
George Mason University1
01 Feb 1996-IEEE Computer
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Abstract: Security administration of large systems is complex, but it can be simplified by a role-based access control approach. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models developed to better understand RBAC and categorizes different implementations, and discusses the use of RBAC to manage itself.

5,418 citations

"Proposed NIST standard for role-bas..." refers background in this paper

  • ...[Ferraiolo et al. 1995; Nyanchama and Osborn 1999; Sandhu et al. 1996]....

    [...]

  • ...common to the early formal definitions of RBAC proposed by various authors [Ferraiolo et al. 1995; Sandhu et al. 1996; Nyanchama and Osborn 1994]....

    [...]

  • ...This feature has often been mentioned in the literature [Ferraiolo et al. 1995; Sandhu et al. 1996; Moffett 1998] and has precedence in existing RBAC implementations....

    [...]

  • ...ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001. common to the early formal definitions of RBAC proposed by various authors [Ferraiolo et al. 1995; Sandhu et al. 1996; Nyanchama and Osborn 1994]....

    [...]

ReportDOI
Secure Computer System: Unified Exposition and Multics Interpretation

[...]

D. Elliott Bell, Leonard J. La Padula
01 Mar 1976
TL;DR: A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report.
Abstract: : A unified narrative exposition of the ESD/MITRE computer security model is presented. A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report. A full, formal presentation of the model is included in the Appendix.

2,093 citations

Proceedings ArticleDOI
A Comparison of Commercial and Military Computer Security Policies

[...]

David D. Clark, David R. Wilson
27 Apr 1987
TL;DR: It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.
Abstract: Most discussions of computer security focus on control of disclosure. In Particular, the U.S. Department of Defense has developed a set of criteria for computer mechanisms to provide control of classified information. However, for that core of data processing concerned with business operation and control of assets, the primary security concern is data integrity. This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.

1,230 citations

"Proposed NIST standard for role-bas..." refers background or methods in this paper

  • ...1992], and separation of duty concepts described in earlier papers [Clark and Wilson 1987; Sandhu 1988; Brewer and Nash 1989]....

    [...]

  • ...The roots of RBAC include the use of groups in UNIX and other operating systems, privilege groupings in database management systems [Baldwin 1990; Thomsen 1991; Ting et al. 1992], and separation of duty concepts described in earlier papers [Clark and Wilson 1987; Sandhu 1988; Brewer and Nash 1989]....

    [...]

  • ...As a security principle, SOD has long been recognized for its wide application in business, industry, and government [Brewer and Nash 1989; Clark and Wilson 1987]....

    [...]

Proceedings ArticleDOI
The Chinese Wall security policy

[...]

D.F.C. Brewer, M.J. Nash
01 May 1989
TL;DR: The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions and concludes that it is perhaps as significant to the financial world as Bell-LaPadula's policies are to the military.
Abstract: The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy correctly permits a market analyst to talk to any corporation which does not create a conflict of interest with previous assignments. The Chinese Wall policy combines commercial discretion with legally enforceable mandatory controls. It is required in the operation of many financial services organizations; the authors conclude that it is, therefore, perhaps as significant to the financial world as Bell-LaPadula's policies are to the military. >

1,001 citations

"Proposed NIST standard for role-bas..." refers background or methods in this paper

  • ...1992], and separation of duty concepts described in earlier papers [Clark and Wilson 1987; Sandhu 1988; Brewer and Nash 1989]....

    [...]

  • ...The roots of RBAC include the use of groups in UNIX and other operating systems, privilege groupings in database management systems [Baldwin 1990; Thomsen 1991; Ting et al. 1992], and separation of duty concepts described in earlier papers [Clark and Wilson 1987; Sandhu 1988; Brewer and Nash 1989]....

    [...]

  • ...As a security principle, SOD has long been recognized for its wide application in business, industry, and government [Brewer and Nash 1989; Clark and Wilson 1987]....

    [...]

Proceedings ArticleDOI
The NIST model for role-based access control: towards a unified standard

[...]

Ravi Sandhu1, David F. Ferraiolo2, D. Richard Kuhn2
George Mason University1, National Institute of Standards and Technology2
26 Jul 2000
TL;DR: The NIST model focuses on those aspects of RBAC for which consensus is available and is organized into four levels of increasing functional capabilities called flat RBAC, hierarchicalRBAC, constrained RBAC and symmetric RBAC.
Abstract: This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called flat RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising flat and hierarchical RBAC in an ordered sequence and two unordered features—constraints and symmetry—is also presented. The paper furthermore identifies important attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.

967 citations

"Proposed NIST standard for role-bas..." refers background in this paper

  • ...A first effort at defining a consensus standard for RBAC was proposed at the 2000 ACM Workshop on Role-Based Access Control [Sandhu et al. 2000]....

    [...]

Related Papers (5)
Role-based access control models

[...]

01 Feb 1996-IEEE Computer
Ravi Sandhu, Edward J. Coyne, H.L. Feinstein, Charles E. Youman 
Role-based access control

[...]

01 Jan 2003
David F. Ferraiolo, D. Richard Kuhn, Ramaswamy Chandramouli
TRBAC: A temporal role-based access control model

[...]

01 Aug 2001-ACM Transactions on Information and System Security
Elisa Bertino, Piero A. Bonatti, Elena Ferrari
Access control: principle and practice

[...]

01 Sep 1994-IEEE Communications Magazine
Ravi Sandhu, Pierangela Samarati
Protection in operating systems

[...]

01 Aug 1976-Communications of The ACM
Michael A. Harrison, Walter L. Ruzzo, Jeffrey D. Ullman