Role-based access control and the access control matrix

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

2 Citations (Scopus)

Abstract

The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real systems is usually based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) models. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relationships between the two explicit. In the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed. In particular, we outline a proof that RBAC and the ACM are equivalent with respect to the policies they can represent. From this we conclude that, in a similar way to access lists and capabilities, RBAC is a derivation of the Access Matrix model.

Original languageEnglish
Title of host publicationInformation and communications security
Subtitle of host publication5th International Conference, ICICS 2003, Huhehaote, China, October 10-13, 2003, Proceedings
EditorsSihan Qing, Dieter Gollmann, Jianying Zhou
Place of PublicationHeidelberg, Germany
PublisherSpringer, Springer Nature
Pages145-157
Number of pages13
ISBN (Electronic)9783540399278
ISBN (Print)9783540201502
DOIs
Publication statusPublished - 2003
EventFifth International Conference on Information and Communications Security - Huhehaote, China
Duration: 10 Oct 200313 Oct 2003

Publication series

NameLecture notes in computer science
PublisherSpringer
Volume2836
ISSN (Print)0302-9743

Conference

ConferenceFifth International Conference on Information and Communications Security
Country/TerritoryChina
CityHuhehaote
Period10/10/0313/10/03

Fingerprint

Dive into the research topics of 'Role-based access control and the access control matrix'. Together they form a unique fingerprint.

Cite this