Role based access control on MLS systems without kernel changes

  title={Role based access control on MLS systems without kernel changes},
  author={D. Richard Kuhn},
  booktitle={RBAC '98},
  • D. R. Kuhn
  • Published in RBAC '98 1 October 1998
  • Computer Science
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security systems that implement information flow policies. The construction from MLS to RBAC systems is significant because it shows that the enormous investment in MLS systems can be leveraged to produce RBAC systems. The method requires no changes to the… 

Figures and Tables from this paper

Cryptographic Roles in the Age of Wikileaks: Implementation Models for Cryptographically Enforced RBAC

  • M. Kiviharju
  • Computer Science
    MILCOM 2013 - 2013 IEEE Military Communications Conference
  • 2013
It is shown that it is feasible to implement at least the Core RBAC with standard XACML architecture and ABE models, and that the expressiveness of the ABE-schemes can reach nearly all the way in terms of symmetric RBAC commands and functions, such as Dynamic Separation of Duty.

An Integrated Model for Access Control and Information Flow Requirements

DTE model is formalized in order to use it as a solution for a flexible information flow control and is integrated into an unique access control model expressive enough to handle access and flow control security rules.

Policy Machine: Features, Architecture, and Specification

An access control framework, referred to as the Policy Machine (PM), is described, which fundamentally changes the way policy is expressed and enforced and the range of policies that can be specified and enacted.

Token and Session Compatibility in Role Based Access Control with Privileges Management

The Token security system framework proposed in this paper reduces the gap between Session management and Token, and further improves the older models which are not agile enough to handle the granularity of the user roles provided.

An Introduction to Role-Based Access Control

  • I. Clark
  • Computer Science
    Information Security Management Handbook, 6th ed.
  • 2007
Today's large organization’s information technology infrastructure is a mix of complex incompatible operating systems, applications, and databases spread over a large geographical area that creates an enormous administrative overhead, with each group of administrators often implementing their own policies and procedure.

Proposed NIST standard for role-based access control

Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers.

A Feature-Based Modeling Approach for Building Hybrid Access Control Systems

This work presents a feature-based modeling approach for developing hybrid access control systems that enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases.

Reflection on Building Hybrid Access Control by Configuring RBAC and MAC Features

  • Dae-Kyoo KimMing HuaL. Lu
  • Computer Science
    2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER)
  • 2020
An ongoing effort for a new approach is described to address the weaknesses of the publication with expected impact and its position in the current state of the arts since the publication is discussed.

On permissions, inheritance and role hierarchies

A role-based access control model is introduced that contains a novel approach to permission inheritance and it is illustrated how this model can be used to derive a role- based model with multi-level secure properties.



RBAC emulation on trusted DG/UX

This paper discusses three candidate mechanisms that are available in DG/UX@ B2 Security Option, a high security commercial off-the-shelfoperating system.

Modeling Mandatory Access Control in Role-Based Security Systems

A means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems that incorporates secrecy which is an essential component of mandatory access control is proposed.

Role-Based Access Control Models

Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.

Mandatory access control and role-based access control revisited

It is shown that the combinai,ion of the structure imposed by the role graphs and the MAC rules means that the possible structure of a role graph in which roles are assignable to subjects without violating MAC rules is greatly restricted.

Naming and grouping privileges to simplify security management in large databases

  • R. Baldwin
  • Computer Science
    Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1990
The main conclusion is that the naming and abstraction mechanism provided by NPDs can simplify security management in much the same way that procedures can simplify programming.

Role Hierarchies and Constraints for Lattice-Based Access Controls

This paper formally show that lattice-based mandatory access controls can be enforced by appropriate configuration of RBAC components and constructions demonstrate that role hierarchies and constraints are required to effectively achieve this result.

Security in computing

Building a Secure Computer System

This paper aims to clarify the role of encryption in the development of knowledge representation and provides some examples of how the model has changed over time from simple to complex to understandable.

Secure Computer Systems: Mathematical Foundations

The first results of an investigation into solutions to problems of security in computer systems are reported, establishing the basis for rigorous investigation by providing a general descriptive model of a computer system.

Secure computer systems. In Proceedings, 3rd annual computer security application conference

  • 1987