Role-Based Access Controls
David F. Ferraiolo, D. Richard Kuhn
TL;DR
This paper advocates for role-based access control (RBAC) as a more suitable and secure alternative to discretionary access controls (DAC) for commercial and civilian government systems, emphasizing its importance over traditional methods.
Contribution
It introduces RBAC as a non-discretionary access control model that better addresses the security needs of non-military organizations compared to DAC.
Findings
RBAC provides a more centralized and manageable security framework.
DAC is inadequate for complex commercial security requirements.
RBAC aligns with organizational roles and responsibilities.
Abstract
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control - role-based access control (RBAC) - that is more central to the secure processing needs of non-military systems than DAC.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Security and Verification in Computing · Cryptography and Data Security