Read about Role Base Access Control (RBAC) models in the two foundation papers by Sandhu and its implementation in the NIST Standard. Shortly discuss proposed RBAC models in relation to user, role...

1 answer below »

Read about Role Base Access Control (RBAC) models in the two foundation papers by Sandhu and its implementation in the NIST Standard. Shortly discuss proposed RBAC models in relation to user, role management and policies with possible examples from the real life. Discuss which components are still required to implement RBAC for protecting services and resource. Look at the XACML operational model that is claimed to be a generic RBAC implementation. Do you agree with the last statement?


[1] Sandhu, R. & Samarati, P., 1994. “Access Control: Principles and Practice”, IEEE Communication Magazine, September 1994, pp. 40-48. - http://www.cs.vu.nl/~chandag/spring2006/AC_principles.pdf


[2] Sandhu, R., Coyne, E. J., Feinstein, H. L. & Youman, C.E. 1996, "Role-Based Access Control Models", IEEE Computer, February 1996, pp. 38-47 - http://csrc.nist.gov/rbac/sandhu96.pdf


[3] Information Technology - Role Based Access Control, Document Number: ANSI/INCITS 359-2004, InterNational Committee for Information Technology Standards, February 2004, 56 p.



Answered Same DayDec 29, 2021

Answer To: Read about Role Base Access Control (RBAC) models in the two foundation papers by Sandhu and its...

Robert answered on Dec 29 2021
124 Votes
RBAC models
1. Base Model - It forms the minimum requirement a system should satisfy the implementation

of RBAC. This model defines user as the human being or a computer. In other words, it can be
defined as the action doer. The action performed by the user is termed as Role. Role is a job
function or a job title in an organization. For performing any role, user must be given some set of
privileges. These privileges are called Permissions which are defined as an approval of particular
mode access or denial to different objects in the organization. For example: In a database, the
developer and the database administrator are users, the developer has a role of modifying the
database by insertion but the deletion role is performed by DBA only. This is made possible by
assigning only a specific set of queries to them which means they can only execute those specific
set of queries and nothing else.
2. Role hierarchies - This model describes the role hierarchy which means who have the highest
level of access and who has the lowest level of access. It...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?