Role-based Access Control,9781596931138

Role-based Access Control

by ; ;
Edition: 2nd
ISBN13: 9781596931138
ISBN10: 1596931132
Format: Paperback
Pub. Date: 2007-02-01
Publisher(s): Artech House on Demand
List Price: $119.00

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$114.00
*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.
$114.00*
Add to Cart

New Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $119.45

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

This revised edition of the Artech House bestseller, Role-Based Access Control, offers the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications. This unique resource covers all facets of RBAC, from its solid model-theoretic foundations to its implementation within commercial products.

Table of Contents

Prefacep. xv
Acknowledgmentsp. xix
Introductionp. 1
The purpose and fundamentals of access controlp. 2
Authorization versus authenticationp. 3
Users, subjects, objects, operations, and permissionsp. 4
Least privilegep. 5
A brief history of access controlp. 6
Access control in the mainframe erap. 6
Department of Defense standardsp. 8
Clark-Wilson modelp. 9
Origins of RBACp. 9
Comparing RBAC to DAC and MACp. 17
RBAC and the enterprisep. 18
Economics of RBACp. 19
Authorization management and resource provisioningp. 20
Referencesp. 24
Access Control: Properties, Policies, and Modelsp. 27
Access control: objectives and enforcement artifactsp. 27
Access control: core entities and principlesp. 30
Subjects and objectsp. 30
Principles of secure designp. 31
Reference monitor and security kernelp. 33
Completenessp. 34
Isolationp. 35
Verifiabilityp. 36
The reference monitor-necessary, but not sufficientp. 37
Access control matrixp. 37
Access control data structuresp. 42
Capability lists and access control lists (ACLs)p. 42
Protection bitsp. 44
Discretionary access control (DAC) policiesp. 44
MAC policies and modelsp. 45
Bell-LaPadula modelp. 46
Biba's integrity modelp. 47
The Clark-Wilson modelp. 48
The Chinese wall policy modelp. 50
The Brewer-Nash modelp. 51
Domain-type enforcement (DTE) modelp. 52
Referencesp. 54
Core RBAC Featuresp. 57
Roles versus ACL groupsp. 59
Core RBACp. 61
Administrative supportp. 61
Permissionsp. 62
Role activationp. 64
Mapping the enterprise view to the system viewp. 65
Global users and roles and indirect role privilegesp. 68
Mapping permissions into privilegesp. 69
Role Hierarchiesp. 73
Building role hierarchies from flat rolesp. 74
Inheritance schemesp. 75
Direct privilege inheritancep. 75
Permission and user membership inheritancep. 76
User containment and indirect privilege inheritancep. 78
Hierarchy structures and inheritance formsp. 81
Connector rolesp. 82
Organization chart hierarchiesp. 85
Geographical regionsp. 87
Accounting for role typesp. 89
General and limited role hierarchiesp. 90
Accounting for the Stanford modelp. 93
Referencesp. 95
SoD and Constraints in RBAC Systemsp. 97
Types of SoDp. 100
Static SoDp. 100
Dynamic SoDp. 104
Operational SoDp. 105
History and object-based SoDp. 106
Using SoD in real systemsp. 107
SoD in role hierarchiesp. 108
Static and dynamic constraintsp. 109
Mutual exclusionp. 110
Effects of privilege assignmentp. 111
Assigning privileges to rolesp. 113
Assigning roles to usersp. 114
Temporal constraints in RBACp. 118
Need for temporal constraintsp. 118
Taxonomy of temporal constraintsp. 119
Associated requirements for supporting temporal constraintsp. 122
Referencesp. 123
RBAC, MAC, and DACp. 127
Enforcing DAC using RBACp. 128
Configuring RBAC for DACp. 129
DAC with grant-independent revocationp. 130
Additional considerations for grant-dependent revocationp. 131
Enforcing MAC on RBAC systemsp. 131
Configuring RBAC for MAC using static constraintsp. 132
Configuring RBAC for MAC using dynamic constraintsp. 133
Implementing RBAC on MLS systemsp. 135
Roles and privilege setsp. 138
Assignment of categories to privilege setsp. 139
Assignment of categories to rolesp. 140
Example of MLS to RBAC mappingp. 141
Running RBAC and MAC simultaneouslyp. 143
Referencesp. 144
Privacy and Regulatory Issuesp. 147
Privacy requirement and access control Frameworkp. 148
Incorporating privacy policies into the policy specification modulep. 148
Enhance RBAC model with privacy-related entities and relationshipsp. 151
Justifications for additional entities in the RBAC modelp. 151
Business purpose entityp. 153
Data usage entityp. 154
Privacy-aware RBAC modelp. 155
Integrate privacy policy support in the role engineering processp. 155
Identifying business purposes and role-business purpose relationship instancesp. 157
Identifying business purpose-task relationship instancesp. 157
Identifying data usage entities and data usage-data object relationship instancesp. 158
Authorization using privacy-RBAC-ACFp. 160
RBAC and regulatory compliancep. 162
Sarbanes-Oxley Act compliancep. 164
Gramm-Leach-Bliley Act and HIPAA compliancep. 166
Compliance and the RBAC modelp. 166
Considerations in using RBAC in regulatory compliancep. 167
Referencesp. 168
RBAC Standards and Profilesp. 171
The ANSI/INCITS RBAC standardp. 171
Overviewp. 171
The RBAC reference modelp. 172
Functional specification overviewp. 173
Functional specification for core RBACp. 174
Functional specification for hierarchical RBACp. 176
Functional specification for static separation of duty (SSD) relationp. 179
Functional specification for a DSD relationp. 180
Options and packagingp. 181
Other RBAC standardsp. 183
XACML profile for role-based access controlp. 185
Referencesp. 186
Role-Based Administration of RBACp. 189
Background and terminologyp. 189
URA02 and PRA02p. 192
Crampton-Loizou administrative modelp. 196
Flexibility of administrative scopep. 197
Decentralization and autonomyp. 198
A family of models for hierarchical administrationp. 198
Role control centerp. 203
Inheritance and the role graphp. 204
Constraintsp. 206
Role viewsp. 206
Delegation of administrative permissionsp. 207
Decentralization and autonomyp. 210
Referencesp. 212
Role Engineeringp. 213
Scenario-driven role-engineering approachp. 215
Scenarios and rolesp. 216
Steps in the scenario-driven processp. 217
Goal driven/hybrid role engineering approachp. 220
Tools for role discovery and role managementp. 224
Sage DNAp. 226
Role Minerp. 227
SmartRolesp. 228
Contouring Enginep. 229
Example RBAC installationsp. 229
Role engineering: health care examplep. 232
Identify and model usage scenariosp. 232
Derive permissions from scenariosp. 234
Identify permission constraintsp. 236
Refine scenario modelp. 236
Additional process activitiesp. 237
Referencesp. 237
Enterprise Access Control Frameworks Using RBAC and XML Technologiesp. 239
Conceptual view of EAFsp. 239
Enterprise Access Central Model Requirementsp. 242
EAM's multiple-policy support requirementp. 243
EAM's ease of administration requirementp. 243
EAM specification and XML schemasp. 244
Specification of the ERBAC model in the XML schemap. 246
XML schema specifications for ERBAC model elementsp. 247
XML schema specifications for ERBAC model relationsp. 250
Encoding of enterprise access control data in XMLp. 253
Verification of the ERBAC model and data specificationsp. 257
Limitations of XML schemas for ERBAC model constraint representationp. 258
Using XML-encoded enterprise access control data for enterprisewide access control implementationp. 262
Conclusionsp. 268
Referencesp. 268
Integrating RBAC with Enterprise IT Infrastructuresp. 271
RBAC for WFMSsp. 272
Workflow concepts and WFMSsp. 272
WFMS components and access control requirementsp. 273
Access control design requirementsp. 274
RBAC model design and implementation requirements for WFMSsp. 276
RBAC for workflows-research prototypesp. 279
RBAC integration in Web environmentsp. 280
Implementing RBAC entirely on the Web serverp. 281
Implementing RBAC for Web server access using cookiesp. 282
RBAC on the Web using attribute certificatesp. 284
RBAC for UNIX environmentsp. 291
RBAC for UNIX administrationp. 291
RBAC implementation within the NFSp. 296
RBAC in Javap. 299
Evolution of Java security modelsp. 300
JDK 1.2 security model and enhancementp. 301
Incorporating RBAC into JDK 1.2 security model with JAASp. 304
RBAC for FDBSsp. 306
IRO-DB architecturep. 307
RBAC model implementation in IRO-DBp. 308
RBAC in autonomous security service modulesp. 309
Conclusionsp. 311
Referencesp. 311
Migrating to RBAC-Case Study: Multiline Insurance Companyp. 315
Backgroundp. 316
Benefits of using RBAC to manage extranet usersp. 316
Simplifying systems administration and maintenancep. 318
Enhancing organizational productivityp. 319
Benefits of using RBAC to manage employees (intranet users)p. 319
Reduction in new employee downtimep. 319
Simplified systems administration and maintenancep. 320
RBAC implementation costsp. 320
Software and hardware expensesp. 321
Systems administrators' labor expensesp. 321
Role engineering expensesp. 321
Time series of benefits and costsp. 322
Referencep. 324
RBAC Features in Commercial Productsp. 325
RBAC in relational DBMS productsp. 326
Informix Dynamic Server version 9.3 (IBM)p. 327
Oracle Database 10g Release (10.2) (Oracle Corporation)p. 329
Sybase Adaptive Server Enterprise 15.0 (Sybase)p. 333
RBAC in enterprise security administration softwarep. 340
CONTROL-SA (BMC software)p. 342
DirX Identity V7.0 (Siemens)p. 346
SAM Jupiter (Beta Systems)p. 351
Tivoli Identity Manager version 1.1 (IBM)p. 356
Conclusionsp. 359
Referencesp. 360
XML Schema for the RBAC Modelp. 361
XML-Encoded Data for RBAC Modelp. 365
About the Authorsp. 369
Indexp. 371
Table of Contents provided by Ingram. All Rights Reserved.

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.