Title:
Access control systems : security, identity management and trust models
Personal Author:
Publication Information:
New York, NY : Springer, 2006
ISBN:
9780387004457
Subject Term:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010149791 | TK5109.59 B46 2006 | Open Access Book | Book | Searching... |
Searching... | 30000010149792 | TK5109.59 B46 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Access Control Systems: Security, Identity Management and Trust Models provides a thorough introduction to the foundations of programming systems security, delving into identity management, trust models, and the theory behind access control models. The book details access control mechanisms that are emerging with the latest Internet programming technologies, and explores all models employed and how they work. The latest role-based access control (RBAC) standard is also highlighted.
This unique technical reference is designed for security software developers and other security professionals as a resource for setting scopes of implementations with respect to the formal models of access control systems. The book is also suitable for advanced-level students in security programming and system design.
Table of Contents
| Chapter 1 Foundations of Security and Access Control in Computing | p. 1 |
| Introduction | p. 1 |
| Elements of Systems Security | p. 3 |
| Identity Establishment | p. 3 |
| Resource Access Control | p. 4 |
| Data and Message Security | p. 4 |
| Nonrepudiation | p. 5 |
| Availability | p. 5 |
| Cost of Security | p. 6 |
| System Integrity: A Prelude to Security | p. 6 |
| Trusted Computing Base | p. 7 |
| Users, Principals, Subjects, and Objects | p. 9 |
| Identification and Authentication | p. 10 |
| Authentication Factors: A Comparison | p. 11 |
| Multiple-Factor Authentication | p. 11 |
| Passwords: The Prevalent Authentication Method | p. 13 |
| Approaches to Reliable Password Management | p. 13 |
| Password Encoding | p. 13 |
| Adding Salt to Password Encoding | p. 14 |
| Password Syntax Rules | p. 14 |
| Password Aging | p. 15 |
| Auditing | p. 15 |
| The Security Context | p. 17 |
| Content of a Security Context | p. 18 |
| The Flow of a Security Context | p. 19 |
| Delegating Security Contexts | p. 19 |
| Access Control | p. 20 |
| Reference-Monitor Topology | p. 21 |
| About Access-Control Policies, Models and Mechanisms | p. 23 |
| Access Control Paradigms | p. 26 |
| Role-Based Access Control | p. 26 |
| Delegation and Masquerading | p. 27 |
| The Axiom of Attenuation of Privileges | p. 27 |
| Trust and Assurance | p. 27 |
| Realizing Assurance | p. 28 |
| The Common Criteria: A Background | p. 28 |
| Overview of Assurance in the Common Criteria | p. 29 |
| Configuration Management | p. 31 |
| Delivery and Operation | p. 31 |
| Development | p. 32 |
| Guidance Documents | p. 32 |
| Life-Cycle Support | p. 33 |
| Tests | p. 33 |
| Vulnerability Assessment | p. 33 |
| About the Confinement Problem | p. 35 |
| Covert Channels | p. 36 |
| Examples | p. 36 |
| Security-Design Principles | p. 37 |
| Economy of Mechanism | p. 37 |
| Complete Mediation | p. 37 |
| Open Design | p. 37 |
| Least-Common Mechanism | p. 38 |
| Fail-Safe Defaults | p. 38 |
| Separation of Privilege | p. 38 |
| Least Privileges | p. 39 |
| Privacy Considerations | p. 39 |
| Psychological Acceptability | p. 39 |
| Chapter 2 Introduction to Identity-Management Models | p. 40 |
| Introduction | p. 40 |
| Local Identity | p. 41 |
| Advantages of the Local-Identity Model | p. 42 |
| Management Issues in the Local-Identity Model | p. 43 |
| Example: IBM Resource Access-Control Facility | p. 44 |
| Network Identity | p. 46 |
| Federated Identity | p. 46 |
| Foundations of Federated Identity | p. 46 |
| Federation Topologies | p. 49 |
| Global Web Identity | p. 51 |
| Identity Mapping and Synchronization | p. 51 |
| MetaDirectories | p. 51 |
| Affiliate Networks (Virtual Directories) | p. 52 |
| Dynamic Scoping of a Security Context | p. 54 |
| The XNS Approach to the Global Web Identity | p. 54 |
| Elements of DNS | p. 55 |
| Elements of XNS | p. 59 |
| XNS Identity Types | p. 61 |
| The XNS Identity Document | p. 61 |
| IDs and Names in XNS | p. 62 |
| XNS Resolvers | p. 63 |
| Cross-Referencing XNS Identities | p. 64 |
| Centralized Enterprise-Level Identity Management | p. 67 |
| Synchronizing Identity Attributes | p. 68 |
| Policy-Based Identity Provisioning | p. 69 |
| Unified Identity-Representation Scheme | p. 69 |
| Example: IBM Identity Manager | p. 71 |
| Chapter 3 Elements of Trust Paradigms in Computing | p. 73 |
| Introduction | p. 73 |
| A Third-Party Approach to Identity Trust | p. 74 |
| Kerberos: The Implicit Third-Party Authentication Paradigm | p. 76 |
| A High-Level View of the Kerberos Protocol | p. 77 |
| Federated Kerberos | p. 79 |
| A Topology of Kerberos Federations | p. 80 |
| Ticket Forwarding | p. 80 |
| Entitlement Attributes in Kerberos | p. 81 |
| Explicit Third-Party Authentication Paradigm | p. 83 |
| The Public-Key Infrastructure Approach to Trust Establishment | p. 84 |
| Foundations of Public-Key Cryptography | p. 85 |
| Digital Signatures | p. 88 |
| Trusting a Public Key | p. 89 |
| Foundations of Trust in PKI | p. 90 |
| PKI Trust Topologies | p. 93 |
| Proxy Certificates: Delegated Impersonation in PKI | p. 102 |
| Attribute Certificates: Entitlement Management in PKI | p. 106 |
| Elements of Attribute Certificates | p. 106 |
| Generalized Web-of-Trust Model | p. 109 |
| Examples of Trust-Exchange Mechanisms Over the Web | p. 111 |
| Web-Services Security | p. 112 |
| SAML Approach: Unifying Trust and Identity Constructs | p. 116 |
| Web Cookies | p. 123 |
| Chapter 4 Mandatory-Access-Control Model | p. 129 |
| Introduction | p. 129 |
| Mandatory-Access-Control Theory | p. 129 |
| Partial Orders | p. 129 |
| Lattices | p. 130 |
| Lattice-Based Access-Control Models | p. 131 |
| The Lattice Structure of the Information Flow Model | p. 132 |
| Implications of the Lattice-Based Flow Model on Access Control | p. 135 |
| Examples of Lattice-Based Information-Flow Models | p. 135 |
| The Bell-Lapadula Flow Model | p. 137 |
| The Biba Model | p. 138 |
| Comparing Information Flow in BLP and Biba Models | p. 139 |
| Implementation Considerations for the BLP and the Biba Models | p. 141 |
| Combining the BLP and the Biba Models | p. 141 |
| On the Mandatory-Access-Control Paradigm | p. 144 |
| The Chinese-Wall Policy | p. 144 |
| Simple security | p. 146 |
| *-property | p. 146 |
| Chapter 5 Discretionary-Access Control and the Access-Matrix Model | p. 147 |
| Introduction | p. 147 |
| Defining the Access-Matrix Model | p. 147 |
| Implementation Considerations for the Access Matrix | p. 148 |
| Resource View of the Access Matrix: Access-Control Lists | p. 149 |
| Subject View of the Access Matrix: Capabilities | p. 149 |
| Definitions from the HRU Access-Matrix Model | p. 150 |
| State Transitions in the HRU Access-Matrix Model | p. 151 |
| The Safety Problem of the Access-Matrix Model | p. 153 |
| On the Safety of the Mono-Operational Protection System | p. 158 |
| The General Safety Problem of the Access-Matrix Model | p. 159 |
| The Turing Machine | p. 160 |
| Sketch of Proof for the Undecidability of the General Safety Problem | p. 163 |
| Chapter 6 The Take-Grant Protection Model | p. 168 |
| Introduction | p. 168 |
| Definition of the Take-Grant Model | p. 168 |
| Example: A Take-Grant Model | p. 172 |
| Safety in the Take-Grant Model | p. 173 |
| Determinism of Sharing in the Take-Grant Model | p. 175 |
| Chapter 7 The Schematic-Protection Model | p. 180 |
| Introduction | p. 180 |
| Overview of the Schematic-Protection Model (SPM) | p. 180 |
| SPM Rules and Operations | p. 182 |
| The Copy Operation | p. 182 |
| The Demand Operation | p. 184 |
| The Create Operation | p. 185 |
| Attenuating Create-Rule of SPM | p. 187 |
| Application of SPM | p. 187 |
| Sharing Across Resource Owners | p. 187 |
| The Basic Take-Grant Model | p. 188 |
| Chapter 8 Role-Based Access Control | p. 190 |
| Introduction | p. 190 |
| Basic RBAC | p. 192 |
| User, Role, and Permission Associations | p. 193 |
| RBAC Relationship Reviews | p. 194 |
| Hierarchical RBAC | p. 195 |
| General-Role Hierarchies | p. 196 |
| Limited-Role Hierarchies | p. 198 |
| Role Reviews in Hierarchical RBAC | p. 200 |
| Modeling Hierarchical RBAC Using Role Graphs | p. 200 |
| RBAC: A Comparative Discussion | p. 208 |
| Mapping of a Mandatory Policy to RBAC | p. 209 |
| RBAC Correspondence to a Mandatory Policy | p. 213 |
| Mapping Discretionary-Access Control to RBAC | p. 217 |
| RBAC Flow Analysis | p. 224 |
| The Osborn Flow-Analysis Algorithm | p. 224 |
| Separation of Duty in RBAC | p. 227 |
| Elements of Role Conflicts in RBAC | p. 229 |
| Static Separation of Duty | p. 231 |
| Dynamic Separation of Duty | p. 233 |
| Role Cardinality Constraints | p. 240 |
| RBAC Consistency Properties | p. 241 |
| Property 8.1 p. 241 | |
| Property 8.2 p. 241 | |
| Property 8.3 p. 241 | |
| Property 8.4 p. 241 | |
| Property 8.5 p. 241 | |
| Property 8.6 p. 242 | |
| Property 8.7 p. 242 | |
| Property 8.8 p. 242 | |
| Property 8.9 p. 242 | |
| Property 8.10 p. 242 | |
| Property 8.11 p. 243 | |
| Property 8.12 p. 243 | |
| Property 8.13 p. 243 | |
| The Privileges Perspective of Separation of Duties | p. 243 |
| Functional Specification for RBAC | p. 246 |
| Core RBAC Functions | p. 246 |
| Hierarchical RBAC Functions | p. 248 |
| Functional Specification for Static Separation-of-Duty Relations | p. 249 |
| Functional Specification for Dynamic Separation-of-Duty Relations | p. 250 |
| References | p. 252 |
| Index | p. 258 |
