Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Role Based Access Control on MLS Systems Without Kernel Changes

Published

Author(s)

David R. Kuhn

Abstract

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security systems that implement information flow policies. The construction from MLS to RBAC systems is significant because it shows that the enormous investment in MLS systems can be leveraged to produce RBAC systems. The method requires no changes to the existing MLS system kernel and allows implementation of hierarchical RBAC entirely through site configuration options. A single trusted process is used to map privileges of RBAC roles to MLS labels. Access is then mediated by the MLS kernel. Where C is the number of categories and d the depth of the role hierarchy, the number of roles that can be controlled is approximately ( C/d [over] C/2d )^d.
Proceedings Title
Proceedings of the 3rd ACM Workshop on Role-Based Access Control (RBAC '98)
Conference Dates
October 22-23, 1998
Conference Location
Fairfax, VA
Conference Title
3rd ACM Workshop on Role-Based Access Control (RBAC '98)

Keywords

multi-level security, RBAC, Role-Based Access Control, system kernel

Citation

Kuhn, D. (1998), Role Based Access Control on MLS Systems Without Kernel Changes, Proceedings of the 3rd ACM Workshop on Role-Based Access Control (RBAC '98), Fairfax, VA, [online], https://doi.org/10.1145/286884.286890 (Accessed April 17, 2024)
Created October 23, 1998, Updated November 10, 2018