معرفی کتاب «Role-Based Access Control, Second Edition» نوشتهٔ David F. Ferraiolo, D. Richard Kuhn, Ramaswamy Chandramouli، منتشرشده توسط نشر Artech House Publishers در سال 2007. این کتاب در 4 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.
Overall, this is a very comprehensive book that covers almost all aspects of RBAC. What strikes me the most when reading this book, is the academic and theoretical nature of its contents. For example, the diagrams and especially the formulas, which are used to illustrate things, are likely difficult to grasp for a non-expert and will probably not elucidate the discussions in an average RBAC project. Since RBAC affects many different people in the organization, from business to IT, the subject should be presented as straightforward and simple as possible. The book starts with a, useful, overview of access control. The different types, such as DAC `Discretionary Access Control' and MAC `Mandatory Access Control', are explained and compared with RBAC. In one of the subsequent chapters the authors discuss how RBAC can be combined with other access control mechanisms. But the theoretical nature of the book is exemplified at the end of one of the discussions when it is stated that `To date, systems supporting both MAC and RBAC have not been produced, but the approaches discussed in this chapter show that such a system is possible.' One of the most important chapters in my view is the one that deals with SOD `Segregation (or Separation) Of Duties'. SOD is an effective means to combat fraud. Also useful, however brief, is the chapter, in which the authors discuss how RBAC can be used in regulatory compliance. Throughout the book a number of frameworks, techniques and mechanisms are described how to integrate RBAC in real life environments. In the last chapter four arbitrarly chosen provisioning products (here called enterprise security administration products) are discussed, most of which, however, only offer moderate support for role modeling and RBAC administration. The products that do offer such support in a much better way, such as those from Bridgestream (now Oracle), Eurikify, BHOLD and Vaau (now Sun Microsystems), are surprisingly enough not mentioned at all. What also is missing is a comparison of job functions and RBAC roles. Many people ask themselves how these relate to or differ from each other. The examples, which are used, are almost exclusively from financial and health care organizations. Examples from government organizations as well as from educational institutes and production environments would have been helpful as well, since these kinds of organizations have their own unique RBAC requirements. Rob van der Staaij This newly revised edition of the Artech House bestseller, Role-Based Access Control, offers you the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition provides more comprehensive and updated coverage of access control models, new Rbac standards, new in-depth case studies and discussions on role engineering and the design of role-based systems. The book shows you how Rbac simplifies security administration by using roles, hierarchies, and constraints to manage the review and control of organizational privileges. Moreover, it explains how Rbac makes it possible to specify many types of enterprise security policies. This unique resource covers all facets of Rbac, from its solid model-theoretic foundations to its implementation within commercial products. You learn how to use Rbac to emulate other access control models and find frameworks and tools for administering Rbac. Research prototypes that have incorporated Rbac into various classes of software like Wfms, Web server, Os (Unix) and Java (Jee) are reviewed. Products implementing Rbac features such as relational Dbms and Enterprise Security Administration (Esa) systems are described to serve as a guide to the state of practice of Rbac. In recent years, the dielectric resonator antenna (DRA) has emerged as a new and viable alternative to conventional low-gain elements such as dipoles, monopoles, and microstrip patches. This practical resource provides complete, up-to-date details on DRAs in a single volume, including: Clear guidance on the mode of operation and radiation behavior of DRAs; Details on methods of excitation; Descriptions of major advances in DRA technology; Simple equations and graphs that aid in the rapid design of spherical, cylindrical, and rectangular DRAs; Guidelines for designing feeds required to excite DRAs, such as probes, apertures, and microstrip lines; Techniques for enhancing the bandwidth performance of DRAs for wideband applications; Assistance in designing low-profile DRAs and DRAs with circular polarization; Approaches for designing linear and planar DRA arrays; Advice on the fabrication of DRAs and measurement methods used to characterize their performance; Numerous design examples illustrating the versatility of DRAs. This revised edition of the Artech House bestseller, Role-Based Access Control, offers the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications. This unique resource covers all facets of RBAC, from its solid model-theoretic foundations to its implementation within commercial products.Material new to the second edition includes: More comprehensive and updated coverage of access control models; New RBAC standards; Additional in-depth case studies; Discussions on role engineering and the design of role-based systems.Practical RBAC guidance enables professionals to: Simplify security administration; Manage the review and control of organizational privileges; Specify many types of enterprise security policies; Use RBAC to emulate other access control models; Find frameworks and tools for administering RBAC. Today, more and more antenna engineers are viewing the dielectric resonator antenna (DRA) as a preferable alternative to conventional low-gain designs because of several attractive features, including high radiation, light weight, small size and low profile. This practical resource presents complete, up-to-date details on DRAs in a single volume. The book provides professionals with clear guidance on the mode of operation and radiation behavior of DRAs, the main methods of excitation, and the major advances in DRA technology. This hands-on reference equips engineers with simple equations and graphs that help them rapidly design DRAs, without the need for complex analytical or numerical calculations. Numerous design examples are included to give practitioners a sense of the versatility that DRAs afford.
Ferraiolo, Kuhn, and Chandramouli are all employed with the Computer Security Division of the National Institute of Standards and Technology in Gaithersburg, Maryland. Theirs is the first text on role-based access control (RBAC), a security model designed to reduce the cost and complexity of security administration for large networked applications. Coverage includes all aspects of RBAC, including its administrative and cost advantages, implementation issues, and the migration from conventional access control methods to RBAC. For security managers and users in industry, government and the military; software developers; and computer science and IT students and instructors. Annotation (c)2003 Book News, Inc., Portland, OR