Ravi S. Sandhu

Learn More
This article introduces a family of reference models for rolebased access control (RBAC) in which permissions are associated with roles, and users are made members of appropriate roles. This greatly simpli es management of permissions. Roles are closely related to the concept of user groups in access control. However, a role brings together a set of users(More)
In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted(More)
In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience and scalability, especially(More)
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research(More)
In this paper, we introduce the family of UCON<sub>ABC</sub> models for usage control (UCON), which integrate <i>Authorizations (A), oBligations (B), and Conditions (C)</i>. We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage(More)
The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, as well what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity which could lead to breach of security. This article(More)
Lattice-based access control models were developed in the early 1970s to deal with the confidentiality of military information. In the late 1970s and early 1980s, researchers applied these models to certain integrity concerns. Later, application of the models to the Chinese Wall policy, a confidentiality policy unique to the commercial sector, was(More)
The basic concept of role-based access control (RBAC) is that permissions are associated with roles, and users are made members of appropriate roles, thereby acquiring the roles’ permissions. This idea has been around since the advent of multi-user computing. Until recently, however, RBAC has received little attention from the research community. This(More)
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various(More)