Role-Based Access Control

Chapters 1 through 3 give a solid foundation for understanding RBAC and how it evolved, starting with an introduction, an exhaustive survey of access control methods needed to fully understand the evolution, and a solid and detailed overview of RBAC itself.

In the subsequent chapters each aspect of RBAC is covered in depth. Topics include role hierarchies, separation of duty policies, administration, integrating RBAC into existing infrastructures, and migration to RBAC. In addition, there are chapters on related topics that give this book wide scope - "Using RBAC to Implement Military Policies" shows how to implement multi-level security models with RBAC. This information uses military policies, but the material is also of interest to any commercial organization seeking tightly integrated access controls and a high security posture. The chapter on the proposed NIST RBAC standard also covers key items of interest, including Common Criteria RBAC protection profiles and other conformance issues. There are also chapters on RBAC research and prototypes, and commercial products.

While this book is well written and uses illustrations to impart key concepts, you will need to be conversant with set theory in order to get the most from it, as well as understand RBAC itself. If you are a bit rusty I recommend refreshing your skills before diving into this book.

If you want to explore RBAC and the work of each of the authors visit NIST Computer Security Division and Computer Security Research by pasting the ASIN, B0001O48Y4, into the search box, selecting all products and clicking GO. Once you are on the site you'll find the RBAC section under Security Research/Emerging Technologies->Authorization Management and Advanced Access Control Models (AM&AACM) link.