|
Abstract : |
Abstract Role-based access control (RBAC) is a promising alternative to traditional discretionary and mandatory access controls. In RBAC permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles ' permissions. In this paper we formally show that latticebased mandatory access controls can be enforced by appropriate con guration of RBAC components. Our constructions demonstrate that role hierarchies and constraints are required to effectively achieve this result. We show that variations of the lattice-based?-property, such as write-up (liberal?-property) and no-write-up (strict?-property), can be easily accommodated in RBAC. Our results attest to the exibility ofRBAC and its ability toaccommodate di erent policies by suitable con guration of role hierarchies and constraints. 1, |
