Role-Based Access Control, Second Edition

  • 6h 29m
  • D. Richard Kuhn, David F. Ferraiolo, Ramaswamy Chandramouli
  • Artech House
  • 2007

Role-based access control (RBAC) is a security mechanism that has gained wide acceptance in the field because it can greatly lower the cost and complexity of securing large networked and Web-based systems. Written by leading experts, this newly revised edition of the Artech House bestseller, Role-Based Access Control, offers practitioners the very latest details on this popular network security model.

The second edition provides more comprehensive and updated coverage of access control models, new RBAC standards, new case studies and discussions on role engineering and the design of role-based systems. This authoritative book offers professionals an in-depth understanding of role hierarchies and role engineering that are so crucial to ensuring total access control with RBAC. The book guides security administrators through the various RBAC products available on the market and along the migration path to implementing RBAC. This unique resource also covers the RBAC standard proposed by the National Institute of Standards and Technology.

About the Authors

David F. Ferraiolo is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST), Gaithersburg, MD. In addition to managing three access control and security management projects, he is leading research to improve operational assurance, security authentication, intrusion detection, and authorization.

D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST. His primary technical interests are information security and software testing and assurance. He developed, in conjunction with David Ferraiolo, the first formal model for role based access control, and is overseeing NIST's proposed standard for RBAC.

Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years experience in design and development of IT solutions in industry and government, and coauthored the first international security protection profile for RBAC. His current work focuses on automated security testing tools, and he is coauthor of NIST's proposed RBAC standard.

In this Book

  • Introduction
  • Access Control: Properties, Policies, and Models
  • Core RBAC Features
  • Role Hierarchies
  • SoD and Constraints in RBAC Systems
  • RBAC, MAC, and DAC
  • Privacy and Regulatory Issues
  • RBAC Standards and Profiles
  • Role-Based Administration of RBAC
  • Role Engineering
  • Enterprise Access Control Frameworks Using RBAC and XML Technologies
  • Integrating RBAC with Enterprise IT Infrastructures
  • Migrating to RBAC—Case Study: Multiline Insurance Company
  • RBAC Features in Commercial Products
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Course Certified in Cybersecurity (CC): Business Continuity Planning
Rating 4.5 of 44 users Rating 4.5 of 44 users (44)
Course Certified in Cybersecurity (CC): Security Governance, Policies, & Controls
Rating 4.6 of 123 users Rating 4.6 of 123 users (123)
Course Information Security for Leaders: Elements of InfoSec
Rating 4.6 of 5 users Rating 4.6 of 5 users (5)