Table of Contents

Preface     xv
Acknowledgments     xix
Introduction     1
The purpose and fundamentals of access control     2
Authorization versus authentication     3
Users, subjects, objects, operations, and permissions     4
Least privilege     5
A brief history of access control     6
Access control in the mainframe era     6
Department of Defense standards     8
Clark-Wilson model     9
Origins of RBAC     9
Comparing RBAC to DAC and MAC     17
RBAC and the enterprise     18
Economics of RBAC     19
Authorization management and resource provisioning     20
References     24
Access Control: Properties, Policies, and Models     27
Access control: objectives and enforcement artifacts     27
Access control: core entities and principles     30
Subjects and objects     30
Principles of secure design     31
Reference monitor and security kernel     33
Completeness     34
Isolation     35
Verifiability     36
The reference monitor-necessary, but not sufficient     37
Access control matrix     37
Access control data structures     42
Capability lists and access control lists (ACLs)     42
Protection bits     44
Discretionary access control (DAC) policies     44
MAC policies and models     45
Bell-LaPadula model     46
Biba's integrity model     47
The Clark-Wilson model     48
The Chinese wall policy model     50
The Brewer-Nash model     51
Domain-type enforcement (DTE) model     52
References     54
Core RBAC Features     57
Roles versus ACL groups     59
Core RBAC     61
Administrative support     61
Permissions     62
Role activation     64
Mapping the enterprise view to the system view     65
Global users and roles and indirect role privileges     68
Mapping permissions into privileges     69
Role Hierarchies     73
Building role hierarchies from flat roles     74
Inheritance schemes     75
Direct privilege inheritance     75
Permission and user membership inheritance     76
User containment and indirect privilege inheritance     78
Hierarchy structures and inheritance forms     81
Connector roles     82
Organization chart hierarchies     85
Geographical regions     87
Accounting for role types     89
General and limited role hierarchies     90
Accounting for the Stanford model     93
References     95
SoD and Constraints in RBAC Systems     97
Types of SoD     100
Static SoD     100
Dynamic SoD     104
Operational SoD     105
History and object-based SoD     106
Using SoD in real systems     107
SoD in role hierarchies     108
Static and dynamic constraints     109
Mutual exclusion     110
Effects of privilege assignment     111
Assigning privileges to roles     113
Assigning roles to users     114
Temporal constraints in RBAC     118
Need for temporal constraints     118
Taxonomy of temporal constraints     119
Associated requirements for supporting temporal constraints     122
References     123
RBAC, MAC, and DAC      127
Enforcing DAC using RBAC     128
Configuring RBAC for DAC     129
DAC with grant-independent revocation     130
Additional considerations for grant-dependent revocation     131
Enforcing MAC on RBAC systems     131
Configuring RBAC for MAC using static constraints     132
Configuring RBAC for MAC using dynamic constraints     133
Implementing RBAC on MLS systems     135
Roles and privilege sets     138
Assignment of categories to privilege sets     139
Assignment of categories to roles     140
Example of MLS to RBAC mapping     141
Running RBAC and MAC simultaneously     143
References     144
Privacy and Regulatory Issues     147
Privacy requirement and access control Framework     148
Incorporating privacy policies into the policy specification module     148
Enhance RBAC model with privacy-related entities and relationships     151
Justifications for additional entities in the RBAC model     151
Business purpose entity     153
Data usage entity     154
Privacy-aware RBAC model     155
Integrate privacy policy support in the role engineering process      155
Identifying business purposes and role-business purpose relationship instances     157
Identifying business purpose-task relationship instances     157
Identifying data usage entities and data usage-data object relationship instances     158
Authorization using privacy-RBAC-ACF     160
RBAC and regulatory compliance     162
Sarbanes-Oxley Act compliance     164
Gramm-Leach-Bliley Act and HIPAA compliance     166
Compliance and the RBAC model     166
Considerations in using RBAC in regulatory compliance     167
References     168
RBAC Standards and Profiles     171
The ANSI/INCITS RBAC standard     171
Overview     171
The RBAC reference model     172
Functional specification overview     173
Functional specification for core RBAC     174
Functional specification for hierarchical RBAC     176
Functional specification for static separation of duty (SSD) relation     179
Functional specification for a DSD relation     180
Options and packaging     181
Other RBAC standards     183
XACML profile for role-based access control     185
References     186
Role-Based Administration of RBAC     189
Background and terminology     189
URA02 and PRA02     192
Crampton-Loizou administrative model     196
Flexibility of administrative scope     197
Decentralization and autonomy     198
A family of models for hierarchical administration     198
Role control center     203
Inheritance and the role graph     204
Constraints     206
Role views     206
Delegation of administrative permissions     207
Decentralization and autonomy     210
References     212
Role Engineering     213
Scenario-driven role-engineering approach     215
Scenarios and roles     216
Steps in the scenario-driven process     217
Goal driven/hybrid role engineering approach     220
Tools for role discovery and role management     224
Sage DNA     226
Role Miner     227
SmartRoles     228
Contouring Engine     229
Example RBAC installations     229
Role engineering: health care example     232
Identify and model usage scenarios     232
Derive permissions from scenarios     234
Identify permission constraints     236
Refine scenario model     236
Additional process activities     237
References     237
Enterprise Access Control Frameworks Using RBAC and XML Technologies     239
Conceptual view of EAFs     239
Enterprise Access Central Model Requirements     242
EAM's multiple-policy support requirement     243
EAM's ease of administration requirement     243
EAM specification and XML schemas     244
Specification of the ERBAC model in the XML schema     246
XML schema specifications for ERBAC model elements     247
XML schema specifications for ERBAC model relations     250
Encoding of enterprise access control data in XML     253
Verification of the ERBAC model and data specifications     257
Limitations of XML schemas for ERBAC model constraint representation     258
Using XML-encoded enterprise access control data for enterprisewide access control implementation     262
Conclusions     268
References     268
Integrating RBAC with Enterprise IT Infrastructures     271
RBAC for WFMSs     272
Workflow concepts and WFMSs      272
WFMS components and access control requirements     273
Access control design requirements     274
RBAC model design and implementation requirements for WFMSs     276
RBAC for workflows-research prototypes     279
RBAC integration in Web environments     280
Implementing RBAC entirely on the Web server     281
Implementing RBAC for Web server access using cookies     282
RBAC on the Web using attribute certificates     284
RBAC for UNIX environments     291
RBAC for UNIX administration     291
RBAC implementation within the NFS     296
RBAC in Java     299
Evolution of Java security models     300
JDK 1.2 security model and enhancement     301
Incorporating RBAC into JDK 1.2 security model with JAAS     304
RBAC for FDBSs     306
IRO-DB architecture     307
RBAC model implementation in IRO-DB     308
RBAC in autonomous security service modules     309
Conclusions     311
References     311
Migrating to RBAC-Case Study: Multiline Insurance Company     315
Background     316
Benefits of using RBAC to manage extranet users      316
Simplifying systems administration and maintenance     318
Enhancing organizational productivity     319
Benefits of using RBAC to manage employees (intranet users)     319
Reduction in new employee downtime     319
Simplified systems administration and maintenance     320
RBAC implementation costs     320
Software and hardware expenses     321
Systems administrators' labor expenses     321
Role engineering expenses     321
Time series of benefits and costs     322
Reference     324
RBAC Features in Commercial Products     325
RBAC in relational DBMS products     326
Informix Dynamic Server version 9.3 (IBM)     327
Oracle Database 10g Release (10.2) (Oracle Corporation)     329
Sybase Adaptive Server Enterprise 15.0 (Sybase)     333
RBAC in enterprise security administration software     340
CONTROL-SA (BMC software)     342
DirX Identity V7.0 (Siemens)     346
SAM Jupiter (Beta Systems)     351
Tivoli Identity Manager version 1.1 (IBM)     356
Conclusions     359
References     360
XML Schema for the RBAC Model     361
XML-Encoded Data for RBAC Model     365
About the Authors     369
Index     371