This newly revised edition of the Artech House bestseller,
Role-Based Access Control, offers you the very latest details on this
sophisticated security model aimed at reducing the cost and complexity of
security administration for large networked applications. The second edition
provides more comprehensive and updated coverage of access control models, new RBAC
standards, new in-depth case studies and discussions on role engineering and
the design of role-based systems. The book shows you how RBAC simplifies
security administration by using roles, hierarchies, and constraints to manage
the review and control of organizational privileges. Moreover, it explains how
RBAC makes it possible to specify many types of enterprise security policies.
This unique resource covers all facets of RBAC, from its solid model-theoretic
foundations to its implementation within commercial products. You learn how to
use RBAC to emulate other access control models and find frameworks and tools
for administering RBAC. Research prototypes that have incorporated RBAC into
various classes of software like WFMS, Web server, OS (Unix) and Java (JEE) are
reviewed. Products implementing RBAC
features such as relational DBMS and Enterprise Security Administration (ESA)
systems are described to serve as a guide to the state of practice of RBAC.
Artech House is pleased to offer you this title in a special In-Print-Forever® (IPF®) hardbound edition.
This book is not available from inventory but can be printed at your request and delivered within 2–4 weeks of receipt of order.
Please note that because IPF® books are printed on demand, returns cannot be accepted.
Section I: Access Control Concepts & RBAC
Introduction. Purpose and Fundamental of Access Control. A Brief History of Access Control. Reference Monitor and Security Kernel. RBAC and the Enterprise.
Access Control Definitions and Enforcement Framework – Policy, Models, and Mechanisms. Safety Properties. New Privacy Controls. Comparing RBAC to DAC and MAC. DAC Policies. Access Control Structures. MAC Policies and Models. Biba’s Integrity Model. Clark-Wilson Model. The Chinese Wall Policy. The Brewer-Nash Model. Domain-Type Enforcement Model.
Section II: RBAC Framework – Models & Contraints
Core RBAC Features - Roles versus ACL Groups. Core RBAC. Mapping the Enterprise View to the System View.
Role Hierarchies – Building Role Hierarchies from Flat Roles. Inheritance Schemes. Hierarchy Structures and Inheritance Forms. Accounting for Role Types. General and Limited Role Hierarchies. Accounting for the Stanford Model.
SoD and Constraints in RBAC Systems – Types of SoD. Using SoD in Real Systems. Temporal Constraints in RBAC.
RBAC, MAC and DAC – Enforcing DAC Using RBAC. Enforcing MAC on RBAC Systems. Implementing RBAC on MLS Systems. Running RBAC and MAC Simultaneously.
RBAC and Privacy – Privacy and Access Control. Regulation Requirements. Privacy Constructs in RBAC Models.
Section III: RBAC Standardization>
RBAC Standards – ANSI/INCITS 359 RBAC Standard. XACML RBAC Profiles. RBAC Requirements in Other Standards.
Section IV: Enterprise Security Administration in RBAC
Role-Based Administration of RBAC – Background and Terminology. URA02 and PRA02.
Crampton-Loizou Administrative Model. Role Control Center.
Role Engineering – Theory and Practice. Migrating from Legacy Systems. Best
Practices and Tools.
Enterprise Access Control Frameworks Using RBAC and XML Technologies – Conceptual View of EAFs. Enterprise Access Central Model Requirements. EAM Specification and XML Schemas. Encoding of Enterprise Access Control Data in XML. Verification of the ERBAC Model and Data Specifications. Limitation of XML Schemas for ERBAC Model Constraint Representation. Using XML-Encoded Enterprise Access Control Data for Enterprise Wide Access Control Implementation.
Section V: RBAC in IT Systems Applications
Integrating RBAC with Enterprise IT Infrastructures – RBAC for WFMSs. RBAC Integration in Web Environments. RBAC for UNIX Environments. RBAC in Java. RBAC for FDBSs. RBAC in Autonomous Security Service Modules. Conclusions.
RBAC Implementation Case Studies – RBAC in a Large Commercial Bank. RBAC in a
Defense Application. Multiline Insurance Company.
RBAC Features in Commerical Products – RBAC in Web Services. RBAC in Relational DBMS Products. RBAC In Enterprise Security Administration Software. Conclusion.
Appendices. About the Authors. Index.
David F. Ferraiolo is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST), Gaithersburg, MD. In addition to managing three access control and security management projects, he is leading research to improve operational assurance, security authentication, intrusion detection, and authorization.
D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST. His primary technical interests are information security and software testing and
assurance. He developed, in conjunction with David Ferraiolo, the first formal model for role based access control, and is overseeing NIST’s proposed standard for RBAC.
Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years experience in design and development of IT solutions in industry and government, and coauthored the first international security protection profile for RBAC. His current work focuses on automated security testing tools, and he is coauthor of NIST’s proposed RBAC standard.
Click here to download a sample chapter from this title in PDF format.