Role-Based Access Control, Second Edition
Published on 1. January 2006
418 pages
978-1-59693-114-5 (ISBN)
Description
This newly revised edition of the Artech House bestseller, Role-Based Access Control, offers you the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition provides more comprehensive and updated coverage of access control models, new RBAC standards, new in-depth case studies and discussions on role engineering and the design of role-based systems. The book shows you how RBAC simplifies security administration by using roles, hierarchies, and constraints to manage the review and control of organizational privileges. Moreover, it explains how RBAC makes it possible to specify many types of enterprise security policies. This unique resource covers all facets of RBAC, from its solid model-theoretic foundations to its implementation within commercial products. You learn how to use RBAC to emulate other access control models and find frameworks and tools for administering RBAC. Research prototypes that have incorporated RBAC into various classes of software like WFMS, Web server, OS (Unix) and Java (JEE) are reviewed. Products implementing RBAC features such as relational DBMS and Enterprise Security Administration (ESA) systems are described to serve as a guide to the state of practice of RBAC.
More details
Other editions
Additional editions
David F. Ferraiolo | D. Richard Kuhn | Ramaswamy Chandramouli
Role-based Access Control
Book
01/2007
2nd Edition
Artech House Publishers
€110.50
Shipment within 10-20 days
Content
- Intro
- Contents
- Preface
- Acknowledgments
- Chapter 1 Introduction
- 1.1 The purpose and fundamentals of access control
- 1.2 A brief history of access control
- 1.3 Comparing RBAC to DAC and MAC
- 1.4 RBAC and the enterprise
- References
- Chapter 2 Access Control: Properties, Policies, and Models
- 2.1 Access control: objectives and enforcement artifacts
- 2.2 Access control: core entities and principles
- 2.3 Reference monitor and security kernel
- 2.4 Access control matrix
- 2.5 Access control data structures
- 2.6 Discretionary access control (DAC) policies
- 2.7 MAC policies and models
- 2.8 Biba's integrity model
- 2.9 The Clark-Wilson model
- 2.10 The Chinese wall policy model
- 2.11 The Brewer-Nash model
- 2.12 Domain-type enforcement (DTE) model
- References
- Chapter 3 Core RBAC Features
- 3.1 Roles versus ACL groups
- 3.2 Core RBAC
- 3.3 Mapping the enterprise view to the system view
- Chapter 4 Role Hierarchies
- 4.1 Building role hierarchies from flat roles
- 4.2 Inheritance schemes
- 4.3 Hierarchy structures and inheritance forms
- 4.4 Accounting for role types
- 4.5 General and limited role hierarchies
- 4.6 Accounting for the Stanford model
- References
- Chapter 5 SoD and Constraints in RBAC Systems
- 5.1 Types of SoD
- 5.2 Using SoD in real systems
- 5.3 Temporal constraints in RBAC
- References
- Chapter 6 RBAC, MAC, and DAC
- 6.1 Enforcing DAC using RBAC
- 6.2 Enforcing MAC on RBAC systems
- 6.3 Implementing RBAC on MLS systems
- 6.4 Running RBAC and MAC simultaneously
- References
- Chapter 7 Privacy and Regulatory Issues
- 7.1 Privacy requirements and access control framework
- 7.2 Integrate privacy policy support in the role engineering process
- 7.3 Authorization using privacy-RBAC-ACF
- 7.4 RBAC and regulatory compliance
- References
- Selected Bibliography
- Chapter 8 RBAC Standards and Profiles
- 8.1 The ANSI/INCITS RBAC standard
- 8.2 XACML profile for role-based access control
- References
- Chapter 9 Role-Based Administration of RBAC
- 9.1 Background and terminology
- 9.2 URA02 and PRA02
- 9.3 Crampton-Loizou administrative model
- 9.4 Role control center
- References
- Chapter 10 Role Engineering
- 10.1 Scenario-driven role-engineering approach
- 10.2 Goal driven/hybrid role engineering approach
- 10.3 Tools for role discovery and role management
- 10.4 Example RBAC installations
- 10.5 Role engineering: health care example
- References
- Chapter 11 Enterprise Access Control Frameworks Using RBAC and XML Technologies
- 11.1 Conceptual view of EAFs
- 11.2 Enterprise Access Central Model Requirements
- 11.3 EAM specification and XML schemas
- 11.4 Specification of the ERBAC model in the XML schema
- 11.5 Encoding of enterprise access control data in XML
- 11.6 Verification of the ERBAC model and data specifications
- 11.7 Limitations of XML schemas for ERBAC model constraint representation
- 11.8 Using XML-encoded enterprise access control data for enterprisewide access control implementation
- 11.9 Conclusions
- References
- Chapter 12 Integrating RBAC with Enterprise IT Infrastructures
- 12.1 RBAC for WFMSs
- 12.2 RBAC integration in Web environments
- 12.3 RBAC for UNIX environments
- 12.4 RBAC in Java
- 12.5 RBAC for FDBSs
- 12.6 RBAC in autonomous security service modules
- 12.7 Conclusions
- References
- Chapter 13 Migrating to RBAC-Case Study: Multiline Insurance Company
- 13.1 Background
- 13.2 Benefits of using RBAC to manage extranet users
- 13.3 Benefits of using RBAC to manage employees (intranet users)
- 13.4 RBAC implementation costs
- 13.5 Time series of benefits and costs
- Reference
- Chapter 14 RBAC Features in Commercial Products
- 14.1 RBAC in relational DBMS products
- 14.2 RBAC in enterprise security administration software
- 14.3 Conclusions
- References
- Appendix A: XML Schema for the RBAC Model
- Appendix B: XML-Encoded Data for RBAC Model
