A NEW MODEL FOR ADMINISTRATION IN ROLE-BASED ACCESS CONTROL
Jason Crampton, Department of Computer Science, Birkbeck College, London

Abstract: Role-based access control models have received considerable attention in recent years because they can simplify the onerous task of assigning privileges to users in a computer system. A natural extension has been to model the administration of a role-based system using role-based access control techniques. The most significant attempt in this challenging area has been the ARBAC97 model.

While ARBAC97 has provided a valuable insight into the problems in this area, there are many aspects of the model that are unsatisfactory: it has limited applicability, it is difficult to implement and it has little intuitive appeal.

We have developed an alternative administrative model for role-based access control based on some rather elementary and intuitive observations about how such a model should operate. The application of basic mathematical definitions to these observations yields a model that can be applied in any role-based access control environment. In addition, it is far simpler to implement than ARBAC97 and is easily understood.

Furthermore, discretionary access control features have proved rather awkward to incorporate into a role-based framework. Our model provides a natural way to "do" discretionary access control in the context of role-based access control.

The first part of the talk will consist of a brief survey of the ARBAC97 model. In the remainder of the talk we will present an overview of our model, explaining the basic motivation and definitions, and demonstrate its operation through a simple example.

This seminar was held at the Department of Computer Science, Royal Holloway, University of London on 6 November 2001.

back