Access Control Systems: Security, Identity Management and Trust ModelsAccess Control Systems: Security, Identity Management and Trust Models provides a thorough introduction to the foundations of programming systems security, delving into identity management, trust models, and the theory behind access control models. The book details access control mechanisms that are emerging with the latest Internet programming technologies, and explores all models employed and how they work. The latest role-based access control (RBAC) standard is also highlighted. This unique technical reference is designed for security software developers and other security professionals as a resource for setting scopes of implementations with respect to the formal models of access control systems. The book is also suitable for advanced-level students in security programming and system design. |
Contents
Foundations of Security and Access Control in Computing | 1 |
Elements of Systems Security | 3 |
Resource Access Control | 4 |
Nonrepudiation | 5 |
Cost of Security | 6 |
Trusted Computing Base | 7 |
Users Principals Subjects and Objects | 9 |
Identification and Authentication | 10 |
Secure Cookies | 127 |
III | 128 |
Chapter 4 MandatoryAccessControl Model | 129 |
Partial Orders | 130 |
Lattices | 131 |
The Lattice Structure of the Information Flow Model | 132 |
Implications oj me LatticcBasea Plow Moacl on Access Control | 135 |
The BellLaPadula Flow Model | 137 |
A Comparison | 11 |
The Prevalent Authentication Method | 13 |
Adding Salt to Password Encoding | 14 |
Password Aging | 15 |
The Security Context | 17 |
Content of a Security Context | 18 |
The Flow of a Security Context | 19 |
Access Control | 20 |
ReferenceMonitor Topology | 21 |
About AccessControl Policies Models and Mechanisms | 23 |
AccessControl Paradigms | 26 |
Delegation and Masquerading | 27 |
Realizing Assurance | 28 |
Overview of Assurance in the Common Criteria | 29 |
Configuration Management | 31 |
Development | 32 |
LifeCycle Support | 33 |
About the Confinement Problem | 35 |
Covert Channels | 36 |
SecurityDesign Principles | 37 |
LeastCommon Mechanism | 38 |
Least Privileges | 39 |
Introduction to IdentityManagement Models | 40 |
Local Identity | 41 |
Advantages of the LocalIdentity Model Simplicity | 42 |
Scalability | 43 |
Single SignOn | 44 |
Network Identity | 46 |
Federation Topologies | 49 |
Local Profiling | 50 |
Global Web Identity | 51 |
Affiliate Networks Virtual Directories | 52 |
Dynamic Scoping of a Security Context | 54 |
Elements of DNS | 55 |
Elements of XNS | 59 |
XNS Identity Types | 61 |
IDs and Names in XNS | 62 |
XNS Resolvers | 63 |
CrossReferencing XNS Identities | 64 |
Forming Trust Relationships in XNS | 65 |
XNS Services | 66 |
Centralized EnterpriseLevel Identity Management | 67 |
Synchronizing Identity Attributes | 68 |
PolicyBased Identity Provisioning | 69 |
Dynamic Definition of Identity Attributes | 70 |
IBM Identity Manager | 71 |
Elements of Trust Paradigms in Computing | 73 |
A ThirdParty Approach to Identity Trust | 74 |
The Implicit ThirdParty Authentication Paradigm | 76 |
Federated Kerberos | 79 |
A Topology of Kerberos Federations | 80 |
Entitlement Attributes in Kerberos | 81 |
Explicit ThirdParty Authentication Paradigm | 83 |
The PublicKey Infrastructure Approach to Trust Establishment | 84 |
Foundations of Public KeyCryptography | 85 |
The Problem of Factoring Large Numbers | 86 |
Computing Discrete Logarithms in a Large Finite Field | 87 |
Elliptic Curves over Finite Fields | 88 |
RSA Signature | 89 |
Foundations of Trust in PKI | 90 |
Identification Links Between a Certificate and a CRL | 92 |
Protecting the CA Signing Key | 93 |
Hierarchical Trust | 94 |
CrossCertification | 97 |
CrossCertification Grid | 98 |
HubBased CrossCertification | 99 |
WebofTrust Model | 100 |
Delegated Impersonation in PKI | 102 |
Elements of the X509 Proxy Certificate | 104 |
Entitlement Management in PKI | 106 |
Attribute Information | 107 |
A Note About AC Attributes | 108 |
Extensions | 109 |
Examples of TrustExchange Mechanisms over the Web | 111 |
WebServices Security | 112 |
Identity and Trust Tokens | 115 |
Unifying Trust and Identity Constructs | 116 |
SAML Constructs | 119 |
I | 120 |
Trust Elements of SAML | 121 |
Other Trust Elements of SAML | 122 |
Web Cookies | 123 |
Client Role | 125 |
Issues with Use of Cookies | 126 |
The Biba Model | 138 |
Comparing Information Flow in BLP and Biba Models | 139 |
Implementation Considerations for the BLP and the Biba Models | 141 |
On the MandatoryAccessControl Paradigm | 144 |
Simple Security | 146 |
DiscretionaryAccess Control and the AccessMatrix Model | 147 |
Implementation Considerations for the Access Matrix | 148 |
AccessControl Lists | 149 |
Definitions from the HRU AccessMatrix Model | 150 |
State Transitions in the HRU AccessMatrix Model | 151 |
IV | 152 |
The Safety Problem of the AccessMatrix Model | 153 |
On the Safety of the MonoOperational Protection System | 158 |
The General Safety Problem of the AccessMatrix Model | 159 |
The Turing Machine | 160 |
Actions of a Turing Machine | 161 |
Sketch of Proof for the Undecidability of the General Safety Problem | 163 |
Mapping the Actions of the Turing Machine onto Protection Commands | 164 |
V | 165 |
VI | 166 |
Conclusion | 167 |
The TakeGrant Protection Model | 168 |
A TakeGrant Model | 172 |
Safety in the TakeGrant Model | 173 |
Determinism of Sharing in the TakeGrant Model | 175 |
VII | 176 |
X | 177 |
The SchematicProtection Model | 180 |
SPM Rules and Operations | 182 |
The Demand Operation | 184 |
The Create Operation | 185 |
Create Rules | 186 |
Attenuating CreateRule of SPM | 187 |
The Basic TakeGrant Model | 188 |
RoleBased Access Control | 190 |
Basic RBAC | 192 |
User Role and Permission Associations | 193 |
RBAC Relationship Reviews | 194 |
Hierarchical RBAC | 195 |
GeneralRole Hierarchies | 196 |
LimitedRole Hierarchies | 198 |
Role Reviews in Hierarchical RBAC | 200 |
Effective and Direct Privileges | 201 |
RoleGraph Modeling of Generalized Role Inheritance | 202 |
RoleGraph Operations | 203 |
XI | 204 |
XII | 205 |
XIII | 207 |
A Comparative Discussion | 208 |
Mapping of a Mandatory Policy to RBAC | 209 |
OSM Mapping of a ConfidentialityMandatory Policy | 211 |
XV | 212 |
OSM Mapping of an IntegrityMandatory Policy | 213 |
The OSM Constraints for Mapping RBAC to a Mandatory Policy | 216 |
Mapping DiscretionaryAccess Control to RBAC | 217 |
The Elements of the OSM DAC to RBAC Mapping | 218 |
XVI | 219 |
XVII | 220 |
XVIII | 222 |
A Note About the OSM DAC to RBAC Mapping | 223 |
RBAC Flow Analysis | 224 |
XIX | 225 |
XX | 226 |
Separation of Duty in RBAC | 227 |
Elements of Role Conflicts in RBAC | 229 |
Conflicting Users | 230 |
Static Separation of Duty | 231 |
The Effect of Role Hierarchy | 232 |
Dynamic Separation of Duty | 233 |
Simple Dynamic Separation of Duty | 235 |
Operational Separation of Duty | 237 |
Dynamic Separation of Duty in a Workflow Activity | 238 |
Role Cardinality Constraints | 240 |
RBAC Consistency Properties | 241 |
XXI | 242 |
The Privileges Perspective of Separation of Duties | 243 |
Functional Specification for RBAC | 246 |
Administrative Functions | 247 |
Supporting System Functions | 249 |
Supporting System Functions | 250 |
Supporting System Functions | 251 |
| 251 | |
Index | 256 |
Other editions - View all
Access Control Systems: Security, Identity Management and Trust Models Messaoud Benantar Limited preview - 2006 |
Access Control Systems: Security, Identity Management and Trust Models Messaoud Benantar No preview available - 2005 |
Access Control Systems: Security, Identity Management and Trust Models Messaoud Benantar No preview available - 2010 |
Common terms and phrases
access matrix access rights algorithm application assertion assigned associated assurance attributes audit authentication authority Biba models certificate client command Computer Security constraints cookies corresponding cryptographic defined delete Discretionary Access Control domain DSOD elements encryption enforcing established example Figure functions identity document identity management IEEE IETF implementation information flow inheritance Internet issuer junior roles Kerberos lattice LBAC mapping metadirectory multiple node object operation organization paradigm password permissions private key protection system protocol public key public-key cryptography R₁ R₂ RACF RBAC reference monitor registry relationship represents role graph role hierarchy role set Role-Based Access Control S₁ SAML Sandhu scheme security class security context security label security policy semantics separation of duty separation-of-duty server session signature single specific SSOD take-grant model ticket tion trust Turing machine WS-Security
Popular passages
Page 251 - Proceedings of the Fourth Aerospace Computer Security Applications Conference, IEEE Computer Society Press, 1988, pp.