Rule-Based RBAC with Negative Authorization

Mohammad Al-Kahtani
Ministry of Defense
Saudi Arabia

Ravi Sandhu
George Mason University

RBAC has proven to be a flexible and useful access control model in practice. Rule-Based RBAC family of models was developed based on RBAC to overcome some of its limitations. One particular model of this family, which we call RB-RBAC-ve, introduces the concept of negative authorization to the RBAC arena. This paper provides a thorough analysis of RB-RBAC-ve. The analysis includes user authorization, conflict among rules, conflict resolution polices, the impact of negative authorization on role hierarchies and enforcement architecture.

Keywords: RBAC, RB-RBAC, Access Control

Read Paper Read Paper (in PDF)