Mohammad Al-Kahtani
Ministry of Defense
Saudi Arabia
Ravi Sandhu
George Mason University
USA
RBAC has proven to be a flexible and useful access control model in practice. Rule-Based RBAC family of models was developed based on RBAC to overcome some of its limitations. One particular model of this family, which we call RB-RBAC-ve, introduces the concept of negative authorization to the RBAC arena. This paper provides a thorough analysis of RB-RBAC-ve. The analysis includes user authorization, conflict among rules, conflict resolution polices, the impact of negative authorization on role hierarchies and enforcement architecture.
Keywords: RBAC, RB-RBAC, Access Control