Role Based Access Control – Frequently Asked Questions
[This material is a contribution of the National Institute of Standards and Technology and is not subject to U.S copyright.]
Ferraiolo and Kuhn (1992) gave a formal definition of roles as sets of permissions, role hierarchies, subject-role activation, subject-object mediation, as well as constraints on user/role membership and role activation.
Nyanchama and Osborn (1994) developed a role graph model for RBAC, providing efficient algorithms for analyzing role relationships.
Ferraiolo, Kuhn, and colleagues developed a prototype RBAC implementation and a 1995 paper further developing the RBAC model with formal definitions of static and dynamic separation of duty.
Sandhu, Coyne, Feinstein, and Youman (1996) introduced a framework of RBAC models, breaking down RBAC into four conceptual models that can be combined to provide a variety of RBAC systems.
Sandhu (1996) showed that RBAC could be used to implement traditional multilevel security policies.
Kuhn (1997) provided theorems on necessary and sufficient conditions to ensure separation safety. These results were extended by Li et al. in 2004.
Osborn (1997) provided a role lemma that must hold in a system supporting both multilevel security and RBAC.
Kuhn (1998) showed that a multilevel-secure system can implement RBAC, when the role hierarchy is a tree rather than a partial order.
Sandhu and Munawer (1998) provided a method of implementing discretionary access control using RBAC.
Role Based Access Control – Theory and Practice Timeline
Summary of early theoretical results for RBAC models that evolved into RBAC standard
- 1992 – Ferraiolo and Kuhn paper defining RBAC model, with access permitted only through roles. Formally defined role hierarchies and constraints including separation of duty.
- 1994 – DTOS based RBAC prototype developed by Ferraiolo, Kuhn, Gavrila
- 1994 – Nyanchama and Osborn paper defined role graph model
- 1994 – IBM files (in Europe) first patent application in RBAC area, cites Ferraiolo, Kuhn work as “closest prior art”
- 1995 – Ferraiolo, Cugini, Kuhn publish extended formal model, defined separation of duty forms
- 1996 – Sandhu, Coyne, Feinstein, Youman paper defining family of RBAC models
- 1996 – Sandhu method for implementing MLS/MAC model on RBAC system
- 1997 – Kuhn paper on separation of duty; necessary and sufficient conditions for separation safety
- 1997 – Osborn paper on relationship between RBAC and multilevel security mandatory access (MLS/MAC) security policy models; role lemma relating RBAC and multilevel security
- 1997 – Ferraiolo and Barkley paper on economic advantages of RBAC
- 1998 – Kuhn method for implementing hierarchical RBAC model on MLS/MAC system
- 1999 – Prototype RBAC for web servers developed by Barkley, Ferraiolo, Kuhn, Cincotta and distributed as open source
- 2000 – Sandhu, Ferraiolo, Kuhn define consolidated RBAC model for proposed industry standard
- 2001 – Research Triangle Institute study on economic impact of RBAC attributes 44% of RBAC impact to NIST research
- 2004 – American National Standards Institute, International Committee for Information Technology Standards (ANSI/INCITS) adopts Sandhu, Ferraiolo, Kuhn RBAC proposal as an industry consensus standard INCITS 359:2004