Role-Based Access Control, 2/e

David F. Ferraiolo

  • 出版商: Artech House Publish
  • 出版日期: 2007-02-28
  • 售價: $4,500
  • 貴賓價: 9.5$4,275
  • 語言: 英文
  • 頁數: 418
  • 裝訂: Paperback
  • ISBN: 1596931132
  • ISBN-13: 9781596931138
  • 相關分類: Access資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Description

This newly revised edition of the Artech House bestseller, Role-Based Access Control, offers you the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition provides more comprehensive and updated coverage of access control models, new RBAC standards, new in-depth case studies and discussions on role engineering and the design of role-based systems. The book shows you how RBAC simplifies security administration by using roles, hierarchies, and constraints to manage the review and control of organizational privileges. Moreover, it explains how RBAC makes it possible to specify many types of enterprise security policies.

This unique resource covers all facets of RBAC, from its solid model-theoretic foundations to its implementation within commercial products. You learn how to use RBAC to emulate other access control models and find frameworks and tools for administering RBAC. Research prototypes that have incorporated RBAC into various classes of software like WFMS, Web server, OS (Unix) and Java (JEE) are reviewed.?Products implementing RBAC features such as relational DBMS and Enterprise Security Administration (ESA) systems are described to serve as a guide to the state of practice of RBAC.

 

Table of Contents

Section I: Access Control Concepts & RBAC

Introduction ‑ Purpose and Fundamental of Access Control. A Brief History of Access Control. Reference Monitor and Security Kernel. RBAC and the Enterprise.

Access Control Definitions and Enforcement Framework ? Policy, Models, and Mechanisms. Safety Properties. New Privacy Controls. Comparing RBAC to DAC and MAC. DAC Policies. Access Control Structures. MAC Policies and Models. Bibas Integrity Model. Clark-Wilson Model. The Chinese Wall Policy. The Brewer-Nash Model. Domain-Type Enforcement Model.

Section II: RBAC Framework ?Models & Contraints

Core RBAC Features ‑ Roles versus ACL Groups. Core RBAC. Mapping the Enterprise View to the System View.

Role Hierarchies ?Building Role Hierarchies from Flat Roles. Inheritance Schemes. Hierarchy Structures and Inheritance Forms. Accounting for Role Types. General and Limited Role Hierarchies. Accounting for the Stanford Model.

SoD and Constraints in RBAC Systems ?Types of SoD. Using SoD in Real Systems. Temporal Constraints in RBAC.

RBAC, MAC and DAC ?Enforcing DAC Using RBAC. Enforcing MAC on RBAC Systems. Implementing RBAC on MLS Systems. Running RBAC and MAC Simultaneously.

RBAC and Privacy ?Privacy and Access Control. Regulation Requirements. Privacy Constructs in RBAC Models.

Section III: RBAC Standardization

RBAC Standards ?ANSI/INCITS 359 RBAC Standard. XACML RBAC Profiles. RBAC Requirements in Other Standards.

Section IV: Enterprise Security Administration in RBAC

Role-Based Administration of RBAC ?Background and Terminology. URA02 and PRA02. Crampton-Loizou Administrative Model. Role Control Center.

Role Engineering ?Theory and Practice. Migrating from Legacy Systems. Best Practices and Tools.

Enterprise Access Control Frameworks Using RBAC and XML Technologies ?Conceptual View of EAFs. Enterprise Access Central Model Requirements. EAM Specification and XML Schemas. Encoding of Enterprise Access Control Data in XML. Verification of the ERBAC Model and Data Specifications. Limitation of XML Schemas for ERBAC Model Constraint Representation. Using XML-Encoded Enterprise Access Control Data for Enterprise Wide Access Control Implementation.

Section V: RBAC in IT Systems Applications

Integrating RBAC with Enterprise IT Infrastructures ?RBAC for WFMSs. RBAC Integration in Web Environments. RBAC for UNIX Environments. RBAC in Java. RBAC for FDBSs. RBAC in Autonomous Security Service Modules. Conclusions.

RBAC Implementation Case Studies ?RBAC in a Large Commercial Bank. RBAC in a Defense Application. Multiline Insurance Company.

RBAC Features in Commerical Products ?RBAC in Web Services. RBAC in Relational DBMS Products. RBAC In Enterprise Security Administration Software. Conclusion.

Appendices. About the Authors. Index.

商品描述(中文翻譯)

描述

這本Artech House暢銷書《基於角色的存取控制》的新修訂版,為您提供了關於這種複雜安全模型的最新資訊,旨在減少大型網絡應用的安全管理成本和複雜性。第二版提供了更全面和更新的存取控制模型、新的RBAC標準、新的深入案例研究和關於角色工程和基於角色系統設計的討論。本書向您展示了如何通過使用角色、層次結構和約束來管理組織特權的審查和控制,從而簡化安全管理。此外,它還解釋了RBAC如何能夠指定多種類型的企業安全策略。

這本獨特的資源涵蓋了RBAC的所有方面,從其堅實的模型理論基礎到其在商業產品中的實施。您將學習如何使用RBAC來模擬其他存取控制模型,並找到管理RBAC的框架和工具。評估了將RBAC納入各種軟件類別(如WFMS、Web服務器、操作系統(Unix)和Java(JEE))的研究原型。描述了實現RBAC功能的產品,如關聯式數據庫管理系統和企業安全管理(ESA)系統,以作為RBAC實踐狀態的指南。

目錄

第一部分:存取控制概念和RBAC
- 引言-存取控制的目的和基本原則
- 存取控制的簡要歷史
- 參考監控器和安全核心
- RBAC和企業

存取控制定義和執行框架
- 政策、模型和機制
- 安全屬性
- 新的隱私控制
- 將RBAC與DAC和MAC進行比較
- DAC政策
- 存取控制結構
- MAC政策和模型
- Bibas完整性模型
- Clark-Wilson模型
- 中國牆政策
- Brewer-Nash模型
- 域類型執行模型

第二部分:RBAC框架-模型和約束
- 核心RBAC功能-角色與ACL群組的比較
- 核心RBAC
- 將企業視圖映射到系統視圖

角色層次結構
- 從平面角色構建角色層次結構
- 繼承方案
- 層次結構和繼承形式
- 考慮角色類型
- 一般和有限角色層次結構
- 考慮斯坦福模型

RBAC系統中的SoD和約束
- SoD的類型
- 在實際系統中使用SoD
- RBAC中的時間約束

RBAC、MAC和DAC
- 使用RBAC執行DAC
- 在RBAC系統上執行MAC
- 在MLS系統上實現RBAC
- 同時運行RBAC和MAC

RBAC和隱私
- 隱私和存取控制
- 相關法規要求
- RBAC模型中的隱私構造

第三部分:RBAC標準化
- RBAC標準-ANSI/INCITS 359 RBAC標準