Implementing RBAC on a Type Enforced System

J. Hoffman

Role Based Access Control (RBAC) has gathered much attention in recent literature. Much of this discussion has focused on theoretical issues, potential features, or on web or security database implementations. We describe a straight forward implementation of RBAC we have performed on LOCK6, a secure operating system. Our implementation satisfies many of the RBAC needs necessary for problems in our application domain (that of firewall construction) while providing a path to many of the more advanced RBAC features desired by other application domains. In addition, we argue that RBAC alone is not a sufficient mechanism to produce secure systems, but an additional lower level mechanism is required.