The Community for Technology Leaders
RSS Icon
Issue No.06 - June (2012 vol.45)
pp: 81-88
Virginia N.L. Franqueira , VF InfoSec Consulting
Roel J. Wieringa , University of Twente, Netherlands
A review of the state of the art of role-based access control can help practitioners assess RBAC's applicability to their organization and indicates where more research is needed to improve the RBAC model.
RBAC, access control, identity and access management, role engineering, role management, security management
Virginia N.L. Franqueira, Roel J. Wieringa, "Role-Based Access Control in Retrospect", Computer, vol.45, no. 6, pp. 81-88, June 2012, doi:10.1109/MC.2012.38
1. R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed., John Wiley & Sons, 2008.
2. A.C. O'Connor and R.J. Loomis, 2010 Economic Analysis of Role-Based Access Control, RTI project no. 0211876, Nat'l Inst. of Standards and Technology, 2010; 20101219_RBAC2_Final_Report.pdf.
3. B. Schneier and M. Ranum, "Schneier-Ranum Face-Off: Is Perfect Access Control Possible?," Information Security, Sept. 2009, Schneier-Ranum-Face-Off-Is-Perfect-Access-Control-Possible.
4. M.P. Gallaher, A.C. O'Connor, and B. Kropp, The Economic Impact of Role-Based Access Control, RTI project no. 07007.012, Nat'l Inst. of Standards and Technology, 2002;
5. M. Kuhlmann, D. Shohat, and G. Schimpf, "Role Mining—Revealing Business Roles for Security Administration using Data Mining Technology," Proc. 8th ACM Symp. Access Control Models and Technologies (SACMAT 03), ACM, 2003, pp. 179-186.
6. C.L. Smith et al., A Marketing Survey of Civil Federal Government Organizations to Determine the Need for a Role-Based Access Control (RBAC) Security Product, SETA Corp., 1996;
7. A.H. Karp, H. Haury, and M.H. Davis, "From ABAC to ZBAC: The Evolution of Access Control Models," Information Systems Security Assoc. J., Apr. 2010, pp. 22-30.
8. D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-Based Access Control, Artech House, 2003.
9. B. Hilchenbach, "Observations on the Real-World Implementation of Role-Based Access Control," Proc. 20th Nat'l Information Systems Security Conf., Nat'l Inst. of Standards and Technology, 1997, pp. 341-352; 341.pdf.
10. AHIMA/HIMSS HIE Privacy & Security Joint Work Group, "The Privacy and Security Gaps in Health Information Exchange," white paper, American Health Information Management Assoc./Healthcare Information and Management System Soc., 2011;
11. K.D. Gordon et al., "Accounting Data Security at JEA," presentation, American Accounting Assoc. Ann. Meeting, 2011;
12. N. Li, J.-W. Byun, and E. Bertino, "A Critique of the ANSI Standard on Role-Based Access Control," IEEE Security and Privacy, Nov./Dec. 2007, pp. 41-49.
13. ANSI/INCITS 459-2011, Information Technology—Requirements for the Implementation and Interoperability of Role-Based Access Control, American Nat'l Standards Inst./Int'l Committee for Information Technology Standards, 2011.
14. E. Coyne and T. Weil, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model," IEEE Security and Privacy, Jan./Feb. 2008, pp. 84-87.
15. D.R. Kuhn, E.J. Coyne, and T.R. Weil, "Adding Attributes to Role-Based Access Control," Computer, June 2010, pp. 79-81.
16. R. Fernandez, Enterprise Dynamic Access Control Version 2 Overview, US Navy, 2006;
17. A. Ferreira et al., "How to Securely Break into RBAC: The BTG-RBAC Model," Proc. Ann. Computer Security Applications Conf. (ACSAC 09), IEEE, 2009, pp. 23-31.
18. B. Stepien, S. Matwin, and A. Felty, "Advantages of a Non-Technical XACML Notation in Role-Based Models," Proc. 9th Ann. Int'l Conf. Privacy, Security, and Trust (PST 11), IEEE, 2011, pp. 193-200.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool