Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,

Transcription

1 Preface p. xv Acknowledgments p. xvii Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations, and permissions p. 4 Least privilege p. 5 A brief history of access control p. 6 Access control in the mainframe era p. 6 Department of Defense standards p. 8 Clark-Wilson model p. 9 Origins of RBAC p. 9 Comparing RBAC to DAC and MAC p. 16 RBAC and the enterprise p. 18 Economics of RBAC p. 18 Authorization management and resource provisioning p. 20 References p. 23 Access Control Policy, Models, and Mechanisms--Concepts and Examples p. 27 Policy, models, and mechanisms p. 27 Subjects and objects p. 30 Reference monitor and security kernel p. 31 Completeness p. 33 Isolation p. 33 Verifiability p. 34 The reference monitor--necessary, but not sufficient p. 35 DAC policies p. 35 Access control matrix p. 36 ACLs and capability lists p. 37 Protection bits p. 38 MAC policies and models p. 39 Biba's integrity model p. 41 Clark-Wilson model p. 42 The Chinese wall policy p. 44 The Brewer-Nash model p. 45 Domain-type enforcement model p. 46 References p. 48 Core RBAC Features p. 51 Roles versus ACL groups p. 53 Core RBAC p. 55 Administrative support p. 55 Permissions p. 56

2 Role activation p. 58 Mapping the enterprise view to the system view p. 59 Global users and roles and indirect role privileges p. 62 Mapping permissions into privileges p. 63 Role Hierarchies p. 67 Building role hierarchies from flat roles p. 68 Inheritance schemes p. 69 Direct privilege inheritance p. 69 Permission and user membership inheritance p. 70 User containment and indirect privilege inheritance p. 72 Hierarchy structures and inheritance forms p. 75 Connector roles p. 76 Organization chart hierarchies p. 79 Geographical regions p. 81 Accounting for role types p. 83 General and limited role hierarchies p. 84 Accounting for the Stanford model p. 87 References p. 89 SoD and Constraints in RBAC Systems p. 91 Types of SoD p. 94 Static SoD p. 94 Dynamic SoD p. 98 Operational SoD p. 99 History and object-based SoD p. 100 Using SoD in real systems p. 101 SoD in role hierarchies p. 102 Static and dynamic constraints p. 103 Mutual exclusion p. 104 Effects of privilege assignment p. 105 Assigning privileges to roles p. 107 Assigning roles to users p. 108 Temporal constraints in RBAC p. 112 Need for temporal constraints p. 112 Taxonomy of temporal constraints p. 113 Associated requirements for supporting temporal constraints p. 116 References p. 117 RBAC, MAC, and DAC p. 121 Enforcing DAC using RBAC p. 122 Configuring RBAC for DAC p. 123 DAC with grant-independent revocation p. 124 Additional considerations for grant-dependent revocation p. 125

3 Enforcing MAC on RBAC systems p. 125 Configuring RBAC for MAC using static constraints p. 126 Configuring RBAC for MAC using dynamic constraints p. 127 Implementing RBAC on MLS systems p. 130 Roles and privilege sets p. 132 Assignment of categories to privilege sets p. 133 Assignment of categories to roles p. 134 Example of MLS to RBAC mapping p. 134 Running RBAC and MAC simultaneously p. 136 References p. 138 NIST's Proposed RBAC Standard p. 141 Overview p. 141 Functional specification packages p. 142 The RBAC reference model p. 144 Functional specification overview p. 145 Functional specification for core RBAC p. 146 Administrative functions p. 146 Supporting system functions p. 146 Review functions p. 147 Functional specification for hierarchical RBAC p. 147 Hierarchical administrative functions p. 147 Supporting system functions p. 149 Review functions p. 149 Functional specification for SSD relation p. 150 Administrative functions p. 150 Supporting system functions p. 151 Review functions p. 151 Functional specification for a DSD relation p. 152 Administrative functions p. 152 Supporting system functions p. 152 Review functions p. 153 Reference p. 153 Role-Based Administration of RBAC p. 155 Background and terminology p. 155 URA02 and PRA02 p. 158 Crampton-Loizou administrative model p. 162 Flexibility of administrative scope p. 163 Decentralization and autonomy p. 164 A family of models for hierarchical administration p. 164 Role control center p. 169 Inheritance and the role graph p. 170

4 Constraints p. 172 Role views p. 172 Delegation of administrative permissions p. 173 Decentralization and autonomy p. 176 References p. 178 Enterprise Access Control Frameworks Using RBAC and XML Technologies p. 179 Conceptual view of EAFs p. 179 Enterprise Access Central Model Requirements p. 182 EAM's multiple-policy support requirement p. 183 EAM's ease of administration requirement p. 183 EAM specification and XML schemas p. 184 Specification of the ERBAC model in the XML schema p. 186 XML schema specifications for ERBAC model elements p. 187 XML schema specifications for ERBAC model relations p. 190 Encoding of enterprise access control data in XML p. 193 Verification of the ERBAC model and data specifications p. 197 Limitations of XML schemas for ERBAC model constraint representation p. 198 Using XML-encoded enterprise access control data for enterprisewide access control implementation p. 202 Conclusion p. 208 References p. 208 Integrating RBAC with Enterprise IT Infrastructures p. 211 RBAC for WFMSs p. 212 Workflow Concepts and WFMSs p. 212 WFMS components and access control requirements p. 213 Access control design requirements p. 214 RBAC model design and implementation requirements for WFMSs p. 216 RBAC for workflows--research prototypes p. 219 RBAC integration in Web environments p. 220 Implementing RBAC entirely on the Web server p. 221 Implementing RBAC for Web server access using cookies p. 222 RBAC on the Web using attribute certificates p. 224 RBAC for UNIX environments p. 231 RBAC for UNIX administration p. 231 RBAC implementation within the NFS p. 236 RBAC in Java p. 239 Evolution of Java security models p. 240 JDK 1.2 security model and enhancement p. 241 Incorporating RBAC into JDK 1.2 security model with JAAS p. 244 RBAC for FDBSs p. 246 IRO-DB architecture p. 247 RBAC model implementation in IRO-DB p. 248

5 RBAC in autonomous security service modules p. 249 Conclusions p. 251 References p. 251 Migrating to RBAC--Case Study: Multiline Insurance Company p. 255 Background p. 256 Benefits of using RBAC to manage extranet users p. 256 Simplifying systems administration and maintenance p. 258 Enhancing organizational productivity p. 259 Benefits of using RBAC to manage employees (intranet users) p. 259 Reduction in new employee downtime p. 259 Simplified systems administration and maintenance p. 260 RBAC implementation costs p. 260 Software and hardware expenses p. 261 Systems administrators' labor expenses p. 261 Role engineering expenses p. 261 Time series of benefits and costs p. 262 Reference p. 264 RBAC Features in Commercial Products p. 265 RBAC in relational DBMS products p. 266 Informix Dynamic Server version 9.3 (IBM) p. 267 Oracle Enterprise Server version 8i (Oracle) p. 269 Sybase adaptive server version 12.5 (Sybase) p. 271 RBAC in enterprise security administration software p. 274 Control-SA (BMC software) p. 276 DirXmetaRole version 1.0 (Siemens) p. 280 SAM Jupiter (Systor) p. 284 Tivoli Identity Manager version 1.1 (IBM) p. 289 Conclusions p. 292 References p. 293 Appendix A p. 295 Appendix B p. 299 About the Authors p. 303 Index p. 305 Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.