A Critique of the ANSI Standard on Role-Based Access Control

Authors:
Ninghui Li;Ji-Won Byun;Elisa Bertino
Affiliations:
Purdue University;Purdue University;Purdue University
Venue:
IEEE Security and Privacy
Year:
2007

Citing 11
Cited 10

A user-role based data security approach

on Database Security: Status and Prospects
Role-Based Access Control Models

Computer
Rationale for the RBAC96 family of access control models

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Control principles and role hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Rebuttal to the NIST RBAC model proposal

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Administrative scope: A foundation for role-based administrative models

ACM Transactions on Information and System Security (TISSEC)

UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

Proceedings of the 13th ACM symposium on Access control models and technologies
RBAC administration in distributed systems

Proceedings of the 13th ACM symposium on Access control models and technologies
BusiROLE: A Model for Integrating Business Roles into Identity Management

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
An efficient framework for user authorization queries in RBAC systems

Proceedings of the 14th ACM symposium on Access control models and technologies
A formal framework to elicit roles with business meaning in RBAC systems

Proceedings of the 14th ACM symposium on Access control models and technologies
Refinement for administrative policies

SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Fuzzy Role-Based Access Control

Information Processing Letters
Access Control for Databases: Concepts and Systems

Foundations and Trends in Databases
A relational database integrity framework for access control policies

Journal of Intelligent Information Systems
Access control for semantic data federations in industrial product-lifecycle management

Computers in Industry

Quantified Score

Hi-index	0.01

Visualization

Abstract

Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.