14th Annual Computer Security Applications Conference
December 7-11, 1998
Phoenix, Arizona


Role Based Access Control Framework for Network Enterprises

D. Thomsen, R. O'Brien, J. Bogle.

A business's success depends on its ability to protect valuable business assets in an increasingly hostile environment. Protecting information requires a cost, not only in purchasing security components, but also in ensuring that those security components are properly managed. Role Based Access Control (RBAC) shows promise for making security administration easier, thus reducing the cost of managing security components.

RBAC provides a convenient layer of abstraction by describing access control patterns. This paper presents an RBAC framework comprised of seven abstract layers. Multiple layers allow users to work with a layer they understand. Thus a balance can be struck between fine grained access control and ease of management. The goal is to provide easy security management for a wide variety of network applications. The NAPOLEON tool which implements parts of the framework is also described.