Access Control Systems,9780387004457

Access Control Systems

by
ISBN13: 9780387004457
ISBN10: 0387004459
Format: Hardcover
Pub. Date: 2006-03-30
Publisher(s): Springer Verlag
List Price: $125.99

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Digital

Rent Digital Options
Online:30 Days access
Downloadable:30 Days
$35.64
Online:60 Days access
Downloadable:60 Days
$47.52
Online:90 Days access
Downloadable:90 Days
$59.40
Online:120 Days access
Downloadable:120 Days
$71.28
Online:180 Days access
Downloadable:180 Days
$77.22
Online:1825 Days access
Downloadable:Lifetime Access
$118.80
*To support the delivery of the digital material to you, a non-refundable digital delivery fee of $3.99 will be charged on each digital item.
$77.22*
Add to Cart

New Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $16.50

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Access Control Systems: Security, Identity Management and Trust Models provides a thorough introduction to the foundations of programming systems security, delving into identity management, trust models, and the theory behind access control models. The book details access control mechanisms that are emerging with the latest Internet programming technologies, and explores all models employed and how they work. The latest role-based access control (RBAC) standard is also highlighted. This unique technical reference is designed for security software developers and other security professionals as a resource for setting scopes of implementations with respect to the formal models of access control systems. The book is also suitable for advanced-level students in security programming and system design.

Table of Contents

Foundations of Security and Access Control in Computing
1(39)
Introduction
1(2)
Elements of Systems Security
3(3)
Identity Establishment
3(1)
Resource Access Control
4(1)
Data and Message Security
4(1)
Nonrepudiation
5(1)
Availability
5(1)
Cost of Security
6(1)
System Integrity: A Prelude to Security
6(1)
Trusted Computing Base
7(2)
Users, Principals, Subjects, and Objects
9(1)
Identification and Authentication
10(3)
Authentication Factors: A Comparison
11(1)
Multiple-Factor Authentication
11(2)
Passwords: The Prevalent Authentication Method
13(1)
Approaches to Reliable Password Management
13(2)
Password Encoding
13(1)
Adding Salt To Password Encoding
14(1)
Password Syntax Rules
14(1)
Password Aging
15(1)
Auditing
15(2)
The Security Context
17(3)
Content of a Security Context
18(1)
The Flow of a Security Context
19(1)
Delegating Security Contexts
19(1)
Access Control
20(3)
Reference-Monitor Topology
21(2)
About Access-Control Policies, Models and Mechanisms
23(3)
Access Control Paradigms
26(1)
Role-Based Access Control
26(1)
Delegation and Masquerading
27(1)
The Axiom of Attenuation of Privileges
27(1)
Trust and Assurance
27(8)
Realizing Assurance
28(1)
The Common Criteria: A Background
28(1)
Overview of Assurance in the Common Criteria
29(2)
Configuration Management
31(1)
Delivery and Operation
31(1)
Development
32(1)
Guidance Documents
32(1)
Life-Cycle Support
33(1)
Tests
33(1)
Vulnerability Assessment
33(2)
About the Confinement Problem
35(2)
Covert Channels
36(1)
Examples
36(1)
Security-Design Principles
37(3)
Economy of Mechanism
37(1)
Complete Mediation
37(1)
Open Design
37(1)
Least-Common Mechanism
38(1)
Fail-Safe Defaults
38(1)
Separation of Privilege
38(1)
Least Privileges
39(1)
Privacy Considerations
39(1)
Psychological Acceptability
39(1)
Introduction to Identity-Management Models
40(33)
Introduction
40(1)
Local Identity
41(5)
Advantages of the Local-Identity Model
42(1)
Simplicity
42(1)
Scalability
43(1)
Flat Name Space
43(1)
Management Issues in the Local-Identity Model
43(1)
Password and Attribute Synchronization
43(1)
Single Sign-On
44(1)
Identity Provisioning
44(1)
Example: IBM Resource Access-Control Facility
44(2)
Network Identity
46(1)
Federated Identity
46(5)
Foundations of Federated Identity
46(3)
Federation Topologies
49(1)
Local Profiling
50(1)
Distributed Profiling
50(1)
Profiling by a Third Party
50(1)
Global Web Identity
51(3)
Identity Mapping and Synchronization
51(1)
MetaDirectories
51(1)
Affiliate Networks (Virtual Directories)
52(2)
Dynamic Scoping of a Security Context
54(1)
The XNS Approach to the Global Web Identity
54(13)
Elements of DNS
55(4)
Elements of XNS
59(2)
XNS Identity Types
61(1)
The XNS Identity Document
61(1)
IDs and Names in XNS
62(1)
XNS Resolvers
63(1)
Cross-Referencing XNS Identities
64(1)
Forming Trust Relationships in XNS
65(1)
XNS Services
66(1)
Centralized Enterprise-Level Identity Management
67(6)
Synchronizing Identity Attributes
68(1)
Policy-Based Identity Provisioning
69(1)
Unified Identity-Representation Scheme
69(1)
Dynamic Definition of Identity Attributes
70(1)
Decoupled Identity-Representation Scheme
70(1)
Example: IBM Identity Manager
71(2)
Elements of Trust Paradigms in Computing
73(56)
Introduction
73(1)
A Third-Party Approach to Identity Trust
74(2)
Kerberos: The Implicit Third-Party Authentication Paradigm
76(7)
A High-Level View of the Kerberos Protocol
77(2)
Federated Kerberos
79(1)
A Topology of Kerberos Federations
80(1)
Ticket Forwarding
80(1)
Entitlement Attributes in Kerberos
81(2)
Explicit Third-Party Authentication Paradigm
83(1)
The Public-Key Infrastructure Approach to Trust Establishment
84(22)
Foundations of Public-Key Cryptography
85(1)
The Problem of Factoring Large Numbers
86(1)
Computing Discrete Logarithms in a Large Finite Field
87(1)
Elliptic Curves over Finite Fields
88(1)
Digital Signatures
88(1)
RSA Signature
89(1)
Trusting a Public Key
89(1)
Foundations of Trust in PKI
90(2)
Identification Links Between a Certificate and a CRL
92(1)
Protecting the CA Signing Key
93(1)
PKI Trust Topologies
93(1)
Hierarchical Trust
94(3)
Cross-Certification
97(1)
Cross-Certification Grid
98(1)
Hub-Based Cross-Certification
99(1)
Hybrid Model
99(1)
Web-of-Trust Model
100(2)
Proxy Certificates: Delegated Impersonation in PKI
102(1)
The Proxy-Certificate Approach
102(2)
Elements of the X.509 Proxy Certificate
104(1)
Computing Trust in Proxy Certificates
104(2)
Attribute Certificates: Entitlement Management in PKI
106(3)
Elements of Attribute Certificates
106(1)
Binding Information
106(1)
Attribute Information
107(1)
A Note About AC Attributes
108(1)
Extensions
109(1)
Generalized Web-of-Trust Model
109(2)
Examples of Trust-Exchange Mechanisms Over the Web
111(18)
Web-Services Security
112(3)
Identity and Trust Tokens
115(1)
Simple User Name Token
115(1)
Binary Tokens
115(1)
Referencing Security Tokens
116(1)
SAML Approach: Unifying Trust and Identity Constructs
116(3)
SAML Constructs
119(1)
Assertion
119(1)
Conditions
119(1)
Advice
119(1)
Signature
119(1)
Statement
119(1)
Subject Statement
119(1)
Authentication Statement
120(1)
Authorization Decision Statement
120(1)
Attribute Statement
121(1)
Trust Elements of SAML
121(1)
Digital Signatures
121(1)
User Confirmation
122(1)
Authority Binding Information
122(1)
Authorization Evidence
122(1)
Other Trust Elements of SAML
122(1)
A Note on Federated Trust in SAML
122(1)
Web Cookies
123(1)
Structure of Cookies
123(1)
Server Role
123(2)
Client Role
125(1)
Example: Cookies Exchanged Between a Client and a Web Server
125(1)
Issues with Use of Cookies
126(1)
Secure Cookies
127(1)
Use of a Public Key on the Client Side
127(1)
Use of a Public Key on the Server Side
128(1)
Use of a Shared Secret Key
128(1)
Mandatory-Access-Control Model
129(18)
Introduction
129(1)
Mandatory-Access-Control Theory
129(10)
Partial Orders
129(1)
Example: Partial Orders
130(1)
Lattices
130(1)
Example: Lattices
131(1)
Lattice-Based Access-Control Models
131(1)
The Lattice Structure of the Information Flow Model
132(3)
Implications of the Lattice-Based Flow Model on Access Control
135(1)
Examples of Lattice-Based Information-Flow Models
135(2)
The Bell-Lapadula Flow Model
137(1)
The Biba Model
138(1)
Comparing Information Flow in BLP and BIBA Models
139(2)
Implementation Considerations for the BLP and the Biba Models
141(1)
Combining the BLP and the Biba Models
141(3)
On the Mandatory-Access-Control Paradigm
144(1)
The Chinese-Wall Policy
144(3)
Simple Security
146(1)
*-Property
146(1)
Discretionary-Access Control and the Access-Matrix Model
147(21)
Introduction
147(1)
Defining the Access-Matrix Model
147(1)
Implementation Considerations for the Access Matrix
148(2)
Resource View of the Access Matrix: Access-Control Lists
149(1)
Subject View of the Access Matrix: Capabilities
149(1)
Definitions from the HRU Access-Matrix Model
150(3)
State Transitions in the HRU Access-Matrix Model
151(1)
Example: create, confer and remove commands
152(1)
Example: command effects
153(1)
The Safety Problem of the Access-Matrix Model
153(6)
On the Safety of the Mono-Operational Protection System
158(1)
The General Safety Problem of the Access-Matrix Model
159(1)
The Turing Machine
160(8)
Example: Actions of a Turing Machine
161(2)
Sketch of Proof for the Undecidability of the General Safety Problem
163(1)
Mapping an Arbitrary Turing Machine onto the Protection System
163(1)
Mapping the Actions of the Turing Machine onto Protection Commands
164(1)
Moving to the Left
164(1)
Moving to the Right
165(1)
Maintaining the Same Position
166(1)
Conclusion
167(1)
The Take-Grant Protection Model
168(12)
Introduction
168(1)
Definition of the Take-Grant Model
168(5)
Example: A Take-Grant Model
172(1)
Safety in the Take-Grant Model
173(7)
Determinism of Sharing in the Take-Grant Model
175(1)
Case 6.1a: {→t→a}
176(1)
Case 6.1b: {→g→a}
176(1)
Case 6.1c: {→g→a}
176(1)
Case 6.1d: {→t→a}
177(3)
The Schematic-Protection Model
180(10)
Introduction
180(1)
Overview of the Schematic-Protection Model (SPM)
180(2)
SPM Rules and Operations
182(5)
The Copy Operation
182(2)
Examples
184(1)
The Demand Operation
184(1)
The Create Operation
185(1)
Authorization
185(1)
Create Rules
186(1)
Attenuating Create-Rule of SPM
187(1)
Application of SPM
187(3)
Sharing Across Resource Owners
187(1)
The Basic Take-Grant Model
188(2)
Role-Based Access Control
190(62)
Introduction
190(2)
Basic RBAC
192(3)
User, Role, and Permission Associations
193(1)
RBAC Relationship Reviews
194(1)
Hierarchical RBAC
195(13)
General-Role Hierarchies
196(2)
Limited-Role Hierarchies
198(2)
Role Reviews in Hierarchical RBAC
200(1)
Modeling Hierarchical RBAC Using Role Graphs
200(1)
Effective and Direct Privileges
201(1)
Role-Graph Modeling of Generalized Role Inheritance
202(1)
Role-Graph Operations
203(1)
Role Addition
204(1)
Role Deletion
205(2)
Role-Privilege Update
207(1)
Optimizing Role Graphs
207(1)
RBAC: A Comparative Discussion
208(16)
Mapping of a Mandatory Policy to RBAC
209(2)
OSM Mapping of a Confidentiality-Mandatory Policy
211(1)
Theorem 8.1
212(1)
OSM Mapping of an Integrity-Mandatory Policy
213(1)
Theorem 8.2
213(1)
RBAC Correspondence to a Mandatory Policy
213(3)
The OSM Constraints for Mapping RBAC to a Mandatory Policy
216(1)
Definition 8.1
216(1)
Definition 8.2
216(1)
Theorem 8.3
216(1)
Mapping Discretionary-Access Control to RBAC
217(1)
The Elements of the OSM DAC to RBAC Mapping
218(1)
Simulating Strict DAC
219(1)
Simulating Liberal DAC
220(2)
Simulating DAC with Changes to Ownership
222(1)
Simulating Grant-Dependent Revoke
222(1)
A Note About the OSM DAC to RBAC Mapping
223(1)
RBAC Flow Analysis
224(3)
The Osborn Flow-Analysis Algorithm
224(1)
Example 1: Flow Analysis of a Simple LBAC Scheme
225(1)
Example 2: Reduction of a Role Hierarchy Governing Read and Write Access
226(1)
Separation of Duty in RBAC
227(14)
Elements of Role Conflicts in RBAC
229(1)
Conflicting Permissions
229(1)
Conflicting Users
230(1)
Conflicting Tasks
230(1)
Safety Condition from the Perspective of Conflicting Tasks
231(1)
Static Separation of Duty
231(1)
The Effect of Role Hierarchy
232(1)
Dynamic Separation of Duty
233(2)
Simple Dynamic Separation of Duty
235(1)
Object-Based Separation of Duty
235(2)
Operational Separation of Duty
237(1)
History-Based Separation of Duty
237(1)
Example: Dynamic Separation of Duty in a Workflow Ativity
238(2)
Role Cardinality Constraints
240(1)
RBAC Consistency Properties
241(2)
Property 8.1
241(1)
Property 8.2
241(1)
Property 8.3
241(1)
Property 8.4
241(1)
Property 8.5
241(1)
Property 8.6
242(1)
Property 8.7
242(1)
Property 8.8
242(1)
Property 8.9
242(1)
Property 8.10
242(1)
Property 8.11
243(1)
Property 8.12
243(1)
Property 8.13
243(1)
The Privileges Perspective of Separation of Duties
243(3)
Functional Specification for RBAC
246(6)
Core RBAC Functions
246(1)
Administrative Functions
247(1)
Supporting System Functions
247(1)
Review Functions
247(1)
Hierarchical RBAC Functions
248(1)
Administrative Functions
248(1)
Supporting System Functions
249(1)
Review Functions
249(1)
Functional Specification for Static Separation-of-Duty Relations
249(1)
Administrative Functions
249(1)
Supporting System Functions
250(1)
Review Functions
250(1)
Functional Specification for Dynamic Separation-of-Duty Relations
250(1)
Administrative Functions
250(1)
Supporting System Functions
251(1)
Review Functions
251(1)
References 252(6)
Index 258

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.