Published: October 13, 1992
Author(s)
David Ferraiolo (NIST), Richard Kuhn (NIST)
Conference
Name: 15th National Computer Security Conference (NCSC)
Dates: 10/13/1992 - 10/16/1992
Location: Baltimore, Maryland, United States
Citation: Proceedings of the 15th National Computer Security Conference, pp. 554-563
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control: role-based access control (RBAC) that is more central to the secure processing needs of non-military systems than DAC.
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of...
See full abstract
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control: role-based access control (RBAC) that is more central to the secure processing needs of non-military systems than DAC.
Hide full abstract
Keywords
computer security; discretionary access control; integrity; mandatory access control; role; RBAC; Role-Based Access Control; access control; TCSEC
Control Families
Access Control