Issue No. 06 - November/December (2007 vol. 5)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.158
Ji-Won Byun , Purdue University
Ninghui Li , Purdue University
Elisa Bertino , Purdue University
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.
role-based access control, security, authorization management, standards
Ji-Won Byun, Ninghui Li, Elisa Bertino, "A Critique of the ANSI Standard on Role-Based Access Control", IEEE Security & Privacy, vol. 5, no. , pp. 41-49, November/December 2007, doi:10.1109/MSP.2007.158