LnRBAC: A Multiple-Levelled Role-Based Access Control Model for Protecting Privacy in Object-Oriented Systems.

Abstract

Role-based access control (RBAC) is useful in information security. It is a super set of discretionary access control (DAC) and mandatory access control (MAC). Since DAC and MAC are useful in information flow control (which protects privacy within an application), RBAC can certainly be used in that control. Our research reveals that different control granularity is needed in different cases when controlling information flows within an application. An information flow control model should thus simultaneously offer different levels of control granularity. We designed a multipleleveled RBAC model to offer multiple levels of control granularity, in which a level of RBAC controls a level of granularity. We called the model L n RBAC (n-leveled RBAC), which offer the following features: (1) it allows different control granularity in different cases, (2) it solves the covert channel problems caused by abnormal program stopping, (3) it adapts to dynamic object state change, (4) it controls method invocation through argument sensitivity (5) it allows purpose-oriented method invocation, (6) it controls write access precisely, and (7) it avoids Trojan horses. We implemented a prototype for L n RBAC and evaluated it. This paper presents L n RBACL.