Modeling Mandatory Access Control in Role-Based Security Systems

  • Nyanchama M
  • Osborn S
  • 18


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic de nitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of informa- tion, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information ow among contexts in role-based protection systems. The acyclic information ows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.

Author-supplied keywords

  • Security level
  • information
  • mandatory access control
  • ow
  • role
  • role-based protection.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Matunda Nyanchama

  • Sylvia Osborn

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free