Simulation of the Augmented Typed Access Matrix Model (ATAM) using Roles

Role-based Access Control (RBAC) is a promising alternative to traditional discretionary (DAC) and mandatory access (MAC) controls. In RBAC permissions are associated with roles, and users are made members of the roles thereby acquiring the roles’ permissions. RBAC is policy neutral and flexible enough to accommodate diverse security policies. Access matrix models define another mechanism for enforcing the security policy. The Augmented Typed Access Matrix model (ATAM), an extension of Typed Access Matrix (TAM) model, defined by Sandhu is well known from this class of models. ATAM is defined by introducing strong typing (i.e., each subject or object created is to be of particular type which thereafter does not change). The ATAM is recognized as the current state of the art with respect to formal models for generalized access control policies. In this paper we formally show that ATAM can be simulated by appropriate configuration of RBAC components. Our results attest to the flexibility of RBAC and its ability to accommodate a wide range of decentralized administrative models.