15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

The ARBAC99 Model for Administration of Roles

Ravi Sandhu, sandhu@gmu.edu
Qamar Munawer

George Mason Univ.

Role-Based Access Control (RBAC) is a flexible and policy-neutral access control technology. For large systems---with hundreds of roles, thousands of users and millions of permissions---managing roles, users, permissions and their interrelationships is a formidable task that cannot realistically be centralized in a small team of security administrators. An appealing possibility is to use RBAC itself to facilitate decentralized administration of RBAC. The ARBAC97 (administrative RBAC '97) model was recently introduced for this purpose. ARBAC97 has three sub-models called URA97 (for user-role administration), PRA97 (for permission-role administration) and RRA97 (for role-role administration).

In this paper we define enhancements to ARBAC97 to give us the new ARBAC99 model. Specifically the URA and PRA sub-models of ARBAC99 introduce significant new features relative to their counterparts in ARBAC97 (while RRA is left unchanged). ARBAC99 incorporates the concept of mobile and immobile users and permissions for the first time in this arena. This paper gives a formal definition of ARBAC99, motivates these enhancements and analyzes several subtle issues that arise in this context.