Role-Based Access Controls
by Ferraiolo, David F.; Kuhn, D. Richard; Chandramouli, RamaswamyFormat: Hardcover
Pub. Date: 2003-04-01
Publisher(s): Artech House
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $85.00
Rent Textbook
Select for Price
New Textbook
We're Sorry
Sold Out
Used Textbook
We're Sorry
Sold Out
eTextbook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Role-based access control (RBAC) is a security mechanism that can greatly lower the cost and complexity of security administration for large networked applications. RBAC simplifies security administration by using roles, hierarchies, and constraints to organize privileges. This book explains these components of RBAC, as well as how to support and administer RBAC in a networked environment and how to integrate it with existing infrastructure.
Author Biography
David F. Ferraiolo is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, with over 19 years of experience in the design D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST, with 18 years of experience Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years of experience
Table of Contents
| Preface | p. xv |
| Acknowledgments | p. xvii |
| Introduction | p. 1 |
| The purpose and fundamentals of access control | p. 2 |
| Authorization versus authentication | p. 3 |
| Users, subjects, objects, operations, and permissions | p. 4 |
| Least privilege | p. 5 |
| A brief history of access control | p. 6 |
| Access control in the mainframe era | p. 6 |
| Department of Defense standards | p. 8 |
| Clark-Wilson model | p. 9 |
| Origins of RBAC | p. 9 |
| Comparing RBAC to DAC and MAC | p. 16 |
| RBAC and the enterprise | p. 18 |
| Economics of RBAC | p. 18 |
| Authorization management and resource provisioning | p. 20 |
| References | p. 23 |
| Access Control Policy, Models, and Mechanisms--Concepts and Examples | p. 27 |
| Policy, models, and mechanisms | p. 27 |
| Subjects and objects | p. 30 |
| Reference monitor and security kernel | p. 31 |
| Completeness | p. 33 |
| Isolation | p. 33 |
| Verifiability | p. 34 |
| The reference monitor--necessary, but not sufficient | p. 35 |
| DAC policies | p. 35 |
| Access control matrix | p. 36 |
| ACLs and capability lists | p. 37 |
| Protection bits | p. 38 |
| MAC policies and models | p. 39 |
| Biba's integrity model | p. 41 |
| Clark-Wilson model | p. 42 |
| The Chinese wall policy | p. 44 |
| The Brewer-Nash model | p. 45 |
| Domain-type enforcement model | p. 46 |
| References | p. 48 |
| Core RBAC Features | p. 51 |
| Roles versus ACL groups | p. 53 |
| Core RBAC | p. 55 |
| Administrative support | p. 55 |
| Permissions | p. 56 |
| Role activation | p. 58 |
| Mapping the enterprise view to the system view | p. 59 |
| Global users and roles and indirect role privileges | p. 62 |
| Mapping permissions into privileges | p. 63 |
| Role Hierarchies | p. 67 |
| Building role hierarchies from flat roles | p. 68 |
| Inheritance schemes | p. 69 |
| Direct privilege inheritance | p. 69 |
| Permission and user membership inheritance | p. 70 |
| User containment and indirect privilege inheritance | p. 72 |
| Hierarchy structures and inheritance forms | p. 75 |
| Connector roles | p. 76 |
| Organization chart hierarchies | p. 79 |
| Geographical regions | p. 81 |
| Accounting for role types | p. 83 |
| General and limited role hierarchies | p. 84 |
| Accounting for the Stanford model | p. 87 |
| References | p. 89 |
| SoD and Constraints in RBAC Systems | p. 91 |
| Types of SoD | p. 94 |
| Static SoD | p. 94 |
| Dynamic SoD | p. 98 |
| Operational SoD | p. 99 |
| History and object-based SoD | p. 100 |
| Using SoD in real systems | p. 101 |
| SoD in role hierarchies | p. 102 |
| Static and dynamic constraints | p. 103 |
| Mutual exclusion | p. 104 |
| Effects of privilege assignment | p. 105 |
| Assigning privileges to roles | p. 107 |
| Assigning roles to users | p. 108 |
| Temporal constraints in RBAC | p. 112 |
| Need for temporal constraints | p. 112 |
| Taxonomy of temporal constraints | p. 113 |
| Associated requirements for supporting temporal constraints | p. 116 |
| References | p. 117 |
| RBAC, MAC, and DAC | p. 121 |
| Enforcing DAC using RBAC | p. 122 |
| Configuring RBAC for DAC | p. 123 |
| DAC with grant-independent revocation | p. 124 |
| Additional considerations for grant-dependent revocation | p. 125 |
| Enforcing MAC on RBAC systems | p. 125 |
| Configuring RBAC for MAC using static constraints | p. 126 |
| Configuring RBAC for MAC using dynamic constraints | p. 127 |
| Implementing RBAC on MLS systems | p. 130 |
| Roles and privilege sets | p. 132 |
| Assignment of categories to privilege sets | p. 133 |
| Assignment of categories to roles | p. 134 |
| Example of MLS to RBAC mapping | p. 134 |
| Running RBAC and MAC simultaneously | p. 136 |
| References | p. 138 |
| NIST's Proposed RBAC Standard | p. 141 |
| Overview | p. 141 |
| Functional specification packages | p. 142 |
| The RBAC reference model | p. 144 |
| Functional specification overview | p. 145 |
| Functional specification for core RBAC | p. 146 |
| Administrative functions | p. 146 |
| Supporting system functions | p. 146 |
| Review functions | p. 147 |
| Functional specification for hierarchical RBAC | p. 147 |
| Hierarchical administrative functions | p. 147 |
| Supporting system functions | p. 149 |
| Review functions | p. 149 |
| Functional specification for SSD relation | p. 150 |
| Administrative functions | p. 150 |
| Supporting system functions | p. 151 |
| Review functions | p. 151 |
| Functional specification for a DSD relation | p. 152 |
| Administrative functions | p. 152 |
| Supporting system functions | p. 152 |
| Review functions | p. 153 |
| Reference | p. 153 |
| Role-Based Administration of RBAC | p. 155 |
| Background and terminology | p. 155 |
| URA02 and PRA02 | p. 158 |
| Crampton-Loizou administrative model | p. 162 |
| Flexibility of administrative scope | p. 163 |
| Decentralization and autonomy | p. 164 |
| A family of models for hierarchical administration | p. 164 |
| Role control center | p. 169 |
| Inheritance and the role graph | p. 170 |
| Constraints | p. 172 |
| Role views | p. 172 |
| Delegation of administrative permissions | p. 173 |
| Decentralization and autonomy | p. 176 |
| References | p. 178 |
| Enterprise Access Control Frameworks Using RBAC and XML Technologies | p. 179 |
| Conceptual view of EAFs | p. 179 |
| Enterprise Access Central Model Requirements | p. 182 |
| EAM's multiple-policy support requirement | p. 183 |
| EAM's ease of administration requirement | p. 183 |
| EAM specification and XML schemas | p. 184 |
| Specification of the ERBAC model in the XML schema | p. 186 |
| XML schema specifications for ERBAC model elements | p. 187 |
| XML schema specifications for ERBAC model relations | p. 190 |
| Encoding of enterprise access control data in XML | p. 193 |
| Verification of the ERBAC model and data specifications | p. 197 |
| Limitations of XML schemas for ERBAC model constraint representation | p. 198 |
| Using XML-encoded enterprise access control data for enterprisewide access control implementation | p. 202 |
| Conclusion | p. 208 |
| References | p. 208 |
| Integrating RBAC with Enterprise IT Infrastructures | p. 211 |
| RBAC for WFMSs | p. 212 |
| Workflow Concepts and WFMSs | p. 212 |
| WFMS components and access control requirements | p. 213 |
| Access control design requirements | p. 214 |
| RBAC model design and implementation requirements for WFMSs | p. 216 |
| RBAC for workflows--research prototypes | p. 219 |
| RBAC integration in Web environments | p. 220 |
| Implementing RBAC entirely on the Web server | p. 221 |
| Implementing RBAC for Web server access using cookies | p. 222 |
| RBAC on the Web using attribute certificates | p. 224 |
| RBAC for UNIX environments | p. 231 |
| RBAC for UNIX administration | p. 231 |
| RBAC implementation within the NFS | p. 236 |
| RBAC in Java | p. 239 |
| Evolution of Java security models | p. 240 |
| JDK 1.2 security model and enhancement | p. 241 |
| Incorporating RBAC into JDK 1.2 security model with JAAS | p. 244 |
| RBAC for FDBSs | p. 246 |
| IRO-DB architecture | p. 247 |
| RBAC model implementation in IRO-DB | p. 248 |
| RBAC in autonomous security service modules | p. 249 |
| Conclusions | p. 251 |
| References | p. 251 |
| Migrating to RBAC--Case Study: Multiline Insurance Company | p. 255 |
| Background | p. 256 |
| Benefits of using RBAC to manage extranet users | p. 256 |
| Simplifying systems administration and maintenance | p. 258 |
| Enhancing organizational productivity | p. 259 |
| Benefits of using RBAC to manage employees (intranet users) | p. 259 |
| Reduction in new employee downtime | p. 259 |
| Simplified systems administration and maintenance | p. 260 |
| RBAC implementation costs | p. 260 |
| Software and hardware expenses | p. 261 |
| Systems administrators' labor expenses | p. 261 |
| Role engineering expenses | p. 261 |
| Time series of benefits and costs | p. 262 |
| Reference | p. 264 |
| RBAC Features in Commercial Products | p. 265 |
| RBAC in relational DBMS products | p. 266 |
| Informix Dynamic Server version 9.3 (IBM) | p. 267 |
| Oracle Enterprise Server version 8i (Oracle) | p. 269 |
| Sybase adaptive server version 12.5 (Sybase) | p. 271 |
| RBAC in enterprise security administration software | p. 274 |
| Control-SA (BMC software) | p. 276 |
| DirXmetaRole version 1.0 (Siemens) | p. 280 |
| SAM Jupiter (Systor) | p. 284 |
| Tivoli Identity Manager version 1.1 (IBM) | p. 289 |
| Conclusions | p. 292 |
| References | p. 293 |
| Appendix A | p. 295 |
| Appendix B | p. 299 |
| About the Authors | p. 303 |
| Index | p. 305 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.