The ARBAC97 model for role-based administration of roles

TLDR

Role‑based access control assigns permissions to roles and users to those roles to simplify authorization, and the idea of using RBAC to administer itself offers further convenience and scalability, with the foundational components URA97, PRA97, and RRA97 defined in 1997–1998. This paper describes the motivation, intuition, and formal definition of a new role‑based model for RBAC administration. The ARBAC97 model comprises URA97, RPA97, and RRA97 components for user‑role, permission‑role, and role‑role assignments, and the paper also discusses potential extensions. ARBAC97 is described completely in this paper for the first time.

Abstract

In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience and scalability, especially in decentralizing administrative authority, responsibility, and chores. This paper describes the motivation, intuition, and formal definition of a new role-based model for RBAC administration. This model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignment '97), and RRA97 (role-role assignment '97) dealing with different aspects of RBAC administration. URA97, PRA97, and an outline of RRA97 were defined in 1997, hence the designation given to the entire model. RRA97 was completed in 1998. ARBAC97 is described completely in this paper for the first time. We also discusses possible extensions of ARBAC97.

References

Page 1

	Year	Citations
Role-based access control models Ravi Sandhu, Edward J. Coyne, H.L. Feinstein, Computer EngineeringInformation SecuritySoftware EngineeringHardware SecurityLogical Access Control	1996	5.8K
Protection in operating systems Michael A. Harrison, Walter L. Ruzzo, Jeffrey D. Ullman Communications of the ACM EngineeringInformation SecurityVerificationSoftware AnalysisFormal Verification	1976	1K
The NIST model for role-based access control Ravi Sandhu, David Ferraiolo, Richard Kühn Hardware SecurityFlat RbacAuthentication AuthorizationEngineeringLogical Access Control	2000	867
The specification and enforcement of authorization constraints in workflow management systems Elisa Bertino, Elena Ferrari, Vijayalakshmi Atluri ACM Transactions on Information and System Security EngineeringBusiness ProcessesInformation SecurityVerificationWorkflow Modelling	1999	543
A role-based access control model and reference implementation within a corporate intranet David F. Ferraiolo, John Barkley, D. Richard Kuhn ACM Transactions on Information and System Security Authentication AuthorizationEngineeringBusiness IntelligenceInformation SecurityRbac Model	1999	435
Proceedings of IEEE Symposium on Research in Security and Privacy EngineeringInformation SecurityComputer EngineeringSecurityData Privacy	1993	309
The role graph model and conflict of interest Matunda Nyanchama, Sylvia L. Osborn ACM Transactions on Information and System Security EngineeringRole GraphInformation SecurityRole Graph ModelOrganizational Behavior	1999	278
The typed access matrix model Ravi Sandhu EngineeringComputational ComplexityStrong TypingMatrix TheoryFormal Verification	2003	241
How to do discretionary access control using roles Ravi Sandhu, Qamar Munawer EngineeringInformation SecurityCommunicationAuthentication Access ControlAuditing	1998	158
Rationale for the RBAC96 family of access control models Ravi Sandhu	1996	125

Page 1