Role-Based Access Control, Second Edition and over one million other books are available for Amazon Kindle. Learn more
Buy Used
CDN$ 38.93
Used: Good | Details
Condition: Used: Good
Comment: Ships from UK - will arrive in 1 - 3 weeks. Ships from UK in 48 hours or less (usually same day). Your purchase helps support the African Children's Educational Trust (A-CET). Ex-library, so some stamps and wear, but in good overall condition. 100% money back guarantee. We are a world class secondhand bookstore based in Hertfordshire, United Kingdom and specialize in high quality textbooks across an enormous variety of subjects. We aim to provide a vast range of textbooks, rare and collectible books at a great price. Through our work with A-CET we have helped give hundreds of young people in Africa the vital chance to get an education. We provide a 100% money back guarantee and are dedicated to providing our customers with the highest standards of service in the bookselling industry.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Role-Based Access Controls Hardcover – Apr 9 2003


See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Hardcover
"Please retry"
CDN$ 183.29 CDN$ 38.92

2014 Books Gift Guide
Yes Please is featured in our 2014 Books Gift Guide. More gift ideas

Special Offers and Product Promotions

  • Join Amazon Student in Canada


Customers Who Bought This Item Also Bought



Product Details

  • Hardcover: 338 pages
  • Publisher: Artech House Publishers; 1 edition (April 9 2003)
  • Language: English
  • ISBN-10: 1580533701
  • ISBN-13: 978-1580533706
  • Product Dimensions: 2.5 x 17.8 x 22.9 cm
  • Shipping Weight: 762 g
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: #2,193,689 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

About the Author

David F. Ferraiolo is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST), Gaithersburg, MD. In addition to managing three access control and security management projects, he is leading research to improve operational assurance, security authentication, intrusion detection, and authorization.

D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST. His primary technical interests are information security and software testing and assurance. He developed, in conjunction with David Ferraiolo, the first formal model for role based access control, and is overseeing NIST's proposed standard for RBAC.

Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years experience in design and development of IT solutions in industry and government, and coauthored the first international security protection profile for RBAC. His current work focuses on automated security testing tools, and he is coauthor of NIST's proposed RBAC standard. --This text refers to the Paperback edition.

Customer Reviews

5.0 out of 5 stars
5 star
1
4 star
0
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Most helpful customer reviews

By Mike Tarrani TOP 500 REVIEWER on July 11 2004
Format: Hardcover
The three authors are leaders in RBAC research and development, making this book one of the most authoritative and complete references to RBAC.
Chapters 1 through 3 give a solid foundation for understanding RBAC and how it evolved, starting with an introduction, an exhaustive survey of access control methods needed to fully understand the evolution, and a solid and detailed overview of RBAC itself.
In the subsequent chapters each aspect of RBAC is covered in depth. Topics include role hierarchies, separation of duty policies, administration, integrating RBAC into existing infrastructures, and migration to RBAC. In addition, there are chapters on related topics that give this book wide scope - "Using RBAC to Implement Military Policies" shows how to implement multi-level security models with RBAC. This information uses military policies, but the material is also of interest to any commercial organization seeking tightly integrated access controls and a high security posture. The chapter on the proposed NIST RBAC standard also covers key items of interest, including Common Criteria RBAC protection profiles and other conformance issues. There are also chapters on RBAC research and prototypes, and commercial products.
While this book is well written and uses illustrations to impart key concepts, you will need to be conversant with set theory in order to get the most from it, as well as understand RBAC itself. If you are a bit rusty I recommend refreshing your skills before diving into this book.
If you want to explore RBAC and the work of each of the authors visit NIST Computer Security Division and Computer Security Research by pasting the ASIN, B0001O48Y4, into the search box, selecting all products and clicking GO. Once you are on the site you'll find the RBAC section under Security Research/Emerging Technologies->Authorization Management and Advanced Access Control Models (AM&AACM) link.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 2 reviews
21 of 23 people found the following review helpful
Most complete RBAC reference July 11 2004
By Mike Tarrani - Published on Amazon.com
Format: Hardcover
The three authors are leaders in RBAC research and development, making this book one of the most authoritative and complete references to RBAC.
Chapters 1 through 3 give a solid foundation for understanding RBAC and how it evolved, starting with an introduction, an exhaustive survey of access control methods needed to fully understand the evolution, and a solid and detailed overview of RBAC itself.
In the subsequent chapters each aspect of RBAC is covered in depth. Topics include role hierarchies, separation of duty policies, administration, integrating RBAC into existing infrastructures, and migration to RBAC. In addition, there are chapters on related topics that give this book wide scope - "Using RBAC to Implement Military Policies" shows how to implement multi-level security models with RBAC. This information uses military policies, but the material is also of interest to any commercial organization seeking tightly integrated access controls and a high security posture. The chapter on the proposed NIST RBAC standard also covers key items of interest, including Common Criteria RBAC protection profiles and other conformance issues. There are also chapters on RBAC research and prototypes, and commercial products.
While this book is well written and uses illustrations to impart key concepts, you will need to be conversant with set theory in order to get the most from it, as well as understand RBAC itself. If you are a bit rusty I recommend refreshing your skills before diving into this book.
If you want to explore RBAC and the work of each of the authors visit NIST Computer Security Division and Computer Security Research by pasting the ASIN, B0001O48Y4, into the search box, selecting all products and clicking GO. Once you are on the site you'll find the RBAC section under Security Research/Emerging Technologies->Authorization Management and Advanced Access Control Models (AM&AACM) link.
11 of 18 people found the following review helpful
Role base management process Dec 14 2006
By I. Sh - Published on Amazon.com
Format: Hardcover
Hi

I am a consultant and analyst of role base projects and this book lays out the foundations of RBAC model.

i would like to add:

There are few ways to start a role base project. It depends on factors as # of users, # of systems , # of security Admins , budget, auditors, company needs and more.

Usually, companies are trying to approach this project, using the current resources and do this project manually, without any external consultancy or experience, best practices and methodologies

By taking the manual approach, you can generate few roles, usually, the basic enterprise roles or departmental roles, but then , you will find that you need to generate many other roles, by analyzing many users, resources , access rights and working and interviewing with many business managers, a process that can take 24-48 months for an organization with 10k users.

I have been managing 10-15 RBAC projects and involved in about 50 others, in USA & Europe, and I can share with you the high level best practices.

Cleansing

1. Mapping the company systems, and business model.

2. Set the RBAC targets - # of roles, workflows etc

3. Import current access rights and perform a mini cleansing project - 3-4 weeks

4. Doing role engineering on very polluted data, will product roles, but vary dirty roles.

5. It is better to spend few weeks on cleansing till you feel that you managed to clean the major faulty access rights

6. Use smart AUDIT tools to analyze your current access rights model and advice you what access rights are suspected

7. Use compliance and policy check tools (Segregation of duty etc) to perform the cleansing

8. Use a workflow for Access-Rights Certification - (example Eurekify/Sage)

Role Engineering:

Use tools that can help you creating roles by analyzing your current access right. There are few tools in the market as Eurekify/Sage.

Run all the techniques that this tool provide and analyze the results.

Use a tool that has a built in workflow for Role Approval

Audit your roles and make sure that the roles are normalized

highly recommended to use automated solutions to audit your roles

Build compliance rules to validate the roles.

and more..

Role Management

Ensure that you will be able to modify and alter the roles easily

build or use a solution that will help you to manage and maintain the roles

keep in mind that roles are dynamic and will change

Role certification / re -certification

Make sure that you have a workflow to certify / recertify roles

record and archive all the changes

Build reports that will help you to manage and control your roles and results.

Hope it helps

Best Regards

Ilan Sharoni

Director - Eurekify


Feedback