|
Abstract : |
In this paper we reexamine the interaction between role-based access control and mandatory access control. We examine the question: from the perspective of a given role graph in which the objects have been assigned security classications, can its roles be assigned to subjects without violating mandatory access control rules? A detailed study of the structure of individual roles and edges in a role graph is undertaken. We show that the combination of the structure imposed by the role graphs and the MAC rules means that the possible structure of a role graph in which roles are assignable to subjects without violating MAC rules is greatly restricted. 1, |
