Role-based access control (RBAC) is a security mechanism that has gained wide acceptance in the field because it can greatly lower the cost and complexity of securing large networked and Web-based systems. Written by leading experts, this newly revised edition of the Artech House bestseller, Role-Based Access Control, offers practitioners the very latest details on this popular network security model.
The second edition provides more comprehensive and updated coverage of access control models, new RBAC standards, new case studies and discussions on role engineering and the design of role-based systems. This authoritative book offers professionals an in-depth understanding of role hierarchies and role engineering that are so crucial to ensuring total access control with RBAC. The book guides security administrators through the various RBAC products available on the market and along the migration path to implementing RBAC. This unique resource also covers the RBAC standard proposed by the National Institute of Standards and Technology.
About the Author
David F. Ferraiolo is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST), Gaithersburg, MD. In addition to managing three access control and security management projects, he is leading research to improve operational assurance, security authentication, intrusion detection, and authorization.
D. Richard Kuhn is a computer scientist in the Computer Security Division of NIST. His primary technical interests are information security and software testing and assurance. He developed, in conjunction with David Ferraiolo, the first formal model for role based access control, and is overseeing NIST's proposed standard for RBAC.
Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of NIST. He has more than 17 years experience in design and development of IT solutions in industry and government, and coauthored the first international security protection profile for RBAC. His current work focuses on automated security testing tools, and he is coauthor of NIST's proposed RBAC standard.