1

Programming Assignment Unit 4

Malan Grobler

University of the People

CS 3306 Databases 2:

Security Mechanisms

Rich Hoo (Instructor)

13 December 2023
 2

Role Based Access Controls (RBAC)

Two different access control models are used to govern and restrict user access to

resources within an information system: Role-Based Access Control (RBAC) and Label-

Based Access Control (LBAC). Let's investigate these ideas and contrast RBAC with LBAC.

Role-Based Access Control (RBAC)

A popular access control approach that links permissions to roles and simplifies

administration while cutting maintenance costs is called role-based access control (RBAC)

(Sandhu et al., 1997; Sinclair et al., 2008). According to RBAC, roles are linked to access

privileges, and users are allocated to roles according to the duties of their jobs. By enabling

administrators to manage permissions at a higher level, linked to roles, as opposed to

managing permissions for specific users, this streamlines the management of access control.

Key features of RBAC include:

Roles

Users are assigned specific roles based on their job functions.

Flexibility

Because of its security and versatility, RBAC is a well-liked access control model that

works well in sophisticated and complicated information systems (Chen & Zhang, 2009; He

et al., 2008).

Permissions

Permissions are associated with roles, determining what actions users in a specific

role can perform.

 3

Scalability

Particularly in large businesses with varied user groups, RBAC is manageable and

scalable. According to Ferraiolo et al. (1999), it offers a productive way to oversee access

control policies in expansive and dispersed environments.

Simplicity

The process of access control is made simpler by giving roles priority over specific

user rights.

Since the mid-1990s, groups like the NIST have promoted RBAC schemes, and a

variety of frameworks are available to apply access control based on this concept (Gupta et

al., n.d.).

Label-Based Access Control (LBAC)

In contrast, the LBAC paradigm links information resources with sensitivity labels.

The labels indicate the level of sensitivity or classification of the data, and the labels applied

to the data and users determine whether access is allowed or prohibited. LBAC attempts to

grant appropriate access privileges based on assigned labels and is especially significant in

situations where various users require varying levels of access to resources.

Key features of LBAC include:

Labels

Sensitivity labels are assigned to both users and data.

Mandatory Access Control (MAC)

LBAC is often associated with Mandatory Access Control, where access is

determined by predefined rules and labels.

 4

Granularity

LBAC provides a more granular control over data access based on sensitivity levels.

Comparison

Granularity

• RBAC focuses on managing access at a higher level based on job roles.

• LBAC provides finer granularity by associating access control directly with

the sensitivity of the data.

Scalability

• RBAC is highly scalable and well-suited for large organizations.

• LBAC may be more complex to implement and manage, especially in

environments with extensive data classification requirements.

Flexibility

• RBAC is flexible for managing user access based on job responsibilities.

• LBAC is rigid in its approach, with access determined by predefined labels

and rules.

Conclusion

Both RBAC and LBAC have different functions, and how well they work is

determined by the particular security needs of the company. RBAC is a useful tool for role-

centric user access management that is simple to set up and expand. Because of its emphasis

on data sensitivity, LBAC works effectively in settings where stringent data management and

classification are essential. The type of data to be secured, the organization's security policy,

and the required level of access control granularity all influence the decision between RBAC
 5

and LBAC. Organizations frequently use a combination of the two models to fulfill various

facets of their security requirements.

The well-liked and extensively used RBAC access control architecture offers a

flexible and safe way to manage access control policies while also making administration

easier and maintenance costs lower. RBAC is thought to be more widely used and

appropriate in complicated and distributed situations, even if LBAC also has a function in

controlling access based on labels.

 6

Chen, J. and Zhang, T. (2009). Research and implementation of role-based access control

model based on partition number.. https://doi.org/10.1109/iscid.2009.150

Ferraiolo, D., Barkley, J., & Kuhn, D. (1999). A role-based access control model and

reference implementation within a corporate intranet. Acm Transactions on

Information and System Security, 2(1), 34-64. https://doi.org/10.1145/300830.300834

Gupta, S., Mukheriee, T., Venkatasubramanian, K., & Taylor, T. Proximity based access

control in smart-emergency departments.. https://doi.org/10.1109/percomw.2006.113

He, Y., Han, Z., & Du, Y. (2008). Context active rbac and its applications..

https://doi.org/10.1109/isecs.2008.195

Sandhu, R., Bhamidipati, V., Coyne, E., Ganta, S., & Youman, C. (1997). The arbac97 model

for role-based administration of roles.. https://doi.org/10.1145/266741.266752

Sinclair, S., Smith, S., Trudeau, S., Johnson, M., & Portera, A. (2008). Information risk in

financial institutions: field study and research roadmap., 165-180.

https://doi.org/10.1007/978-3-540-78550-7_11