Role-based access control: a multi-dimensional view

Recently there has been considerable interest in role-based access control (RBAC) as an alternative, and supplement, to the traditional discretionary and mandatory access controls (DAC and MAC) embodied in the Orange Book. The roots of RBAC can be traced back to the earliest access control systems. Roles have been used in a number of systems for segregating various aspects of security and system administration. Recent interest in RBAC has been motivated by the use of roles at the application level to control access to application data. This is an important innovation which o ers the opportunity to realize bene ts in securing an organization's information assets, similar to the bene ts of employing databases instead of les as the data repository. A number of proposals for RBAC have been published in the literature, but there is no consensus on precisely what is meant by RBAC. This paper lays the groundwork for developing this consensus. In our view RBAC is a concept which has several dimensions, all of which may not be present in a given system or product. We envisage each dimension as being linearly ordered with respect to the sophistication of features provided. This leads us to the idea of a multi-dimension model for RBAC. Achieving agreement on what these dimensions are, and how the features in each dimension should be ordered, will take debate and time. Our contribution here is to lay out a vision on how to approach a common understandThis paper is funded in part by a contract (50-DKNA-400122) from the National Oceanic and Atmospheric Administration. The views expressed herein are those of the authors and do not necessarily re ect the views of NOAA or any of its subagencies. The authors are grateful to David Ferraiolo and Janet Cugini of the National Institute of Standards and Technology for their support and encouragement inmaking this work possible. Ravi S. Sandhu is also a liated with the Department of Information and Software Systems Engineering at George Mason University, Fairfax, VA 22030. ing of RBAC, and take a rst cut at identifying the dimensions of RBAC. A major bene t of such a multidimensional RBAC would be to allow comparison of di erent products and assess their appropriateness for various system requirements.