ISBN 1-58053-370-1
David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli
338 pages.
Role-based access control (RBAC) is a security mechanism that can greatly
lower the cost and complexity of security administration for large networked
applications. RBAC simplifies security administration by using roles, hierarchies,
and constraints to organize privileges. This book explains these components
of RBAC, as well as how to support and administer RBAC in a networked environment
and how to integrate it with existing infrastructure.
Because role hierarchies and role engineering are crucial
to RBAC, you learn how to effectively implement them to ensure total access
control. Specialized topics covered in detail include separation of duties,
combining RBAC with military security models, and recent efforts toward
standardization. This book also guides you through the various RBAC products
available on the market and along the migration path to deploying RBAC for
enterprise-wide security.
Introduction - Purpose and Fundamental of Access Control. Authorization
Management and Access Control. Administration and Scalability Issues. Access
Control Policies, Models, and Mechanisms. Brief History of Access Controls.
Origins of Role-Based Access Controls (RBACs).
Access Control Methods - Access Control Matrix. Discretionary Access
Control. Lattice Based Models. Mandatory Access Control. Domain Type Enforcements.
Clark-Wilson. Chinese Wall.
Overview of RBAC - Roles v. Groups. Users, Roles, and Permissions.
User/Role Assignments. Role/Permission Assignments. Role Hierarchies. Static
Constraints. Session Management. Dynamic Constraints. Cost, Policy, and Administrative
Benefits.
Role Hierarchies - Inheritance. Limited Hierarchies. General Hierarchies.
Separation of Duty Policies - Static Separation of Duty Policies.
Dynamic Separation of Duty Policies. History-Based Separation of Duty Policies.
Using RBAC to Implement Military Policies - Implementing Multi-Level
Security (MLS) Models with RBAC. Implementing Discretionary Access Control
with RBAC. Implementing RBAC with MLS. Operation RBAC and MLS Policies Simultaneously.
Standard RBAC - Proposed NIST Standard. Common Criteria RBAC Protection
Profile. Standards Conformance Issues.
Integrating RBAC with Existing Infrastructure - XML Schemas and Related
Models for RBAC. RBAC Implementation in a PKI Environment.
Research Prototypes - RBAC/Web. Role Control Center.
Commercial RBAC Products - SUN Solaris. Sybase SQL Server. BMC INCONTROL
for Security Management. Sysor Security Administration Manager. Tivoli TME
Security Management. Computer Associates Protect IT. Siemens rbacDirX.
Migrating to RBAC - Determining Roles and Role Hierarchies from Existing
Access Control Structures. Top Down and Bottom Up Approach. User/Role Ratios.
Role Engineering Tools.