Skip to Main Content
Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.