NIST's Role Based Access Control research saves industry $295 million. (General Developments).

A new independent economic impact study conducted by the Research Triangle Institute The Research Triangle Institute (RTI) is a non-profit research organization based in the Research Triangle Park (RTP) of North Carolina. RTI is the oldest tenant of this major research park, and the sister organization to the Research Triangle Foundation. (RTI RTI - Return from interrupt ) conservatively estimates that NIST's Role Based Access Control (RBAC RBAC Role-Based Access Control (informatics)
RBAC Rule-Based Access Control (informatics)
RBAC Recreational Boating Advisory Council (Canada)
RBAC Re-Use Business Assistance Center ) research has saved U.S. industry $295 million and accelerated industrys adoption of this advanced access control method by a year. NIST's research cost taxpayers only $2.3 million. The RTI study quantifies the benefits of RBAC and estimates NIST's impact on the development and adoption of RBAC by industry and the user community. RTI estimated that RBAC technology has saved U.S. industry a total of $671 million, and that NIST's work was responsible for 44 % of this savings.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. one major software company official, "This is probably one of the best examples of how an organization like NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. can help the private sector. The existence of a widely visible prototype advanced the concrete understanding of corporate IT architects so significantly that we were able to get unusually good early feedback validating and influencing our design choices. Getting educated feedback early undoubtedly saved us a significant amount of money."

A representative from another company said, "The NIST implementation was a groundbreaking and significant contribution to software technology."

Computer access control systems are designed to control which users or groups of users can invoke To activate a program, routine, function or process. programs and access system resources (1) In a computer system, system resources are the components that provide its inherent capabilities and contribute to its overall performance. System memory, cache memory, hard disk space, IRQs and DMA channels are examples. such as databases and files. Typically, every system and application for which access control is enforced has its own proprietary access methods and system-specific meanings for operations and objects. For many organizations, the number of systems can be in the hundreds or even thousands; the number of users can range from the hundreds to the hundreds of thousands, and the number of resources that must be protected can easily exceed a million. The problem becomes even more complex with organizational hierarchies and special constraints CONSTRAINTS - A language for solving constraints using value inference.

["CONSTRAINTS: A Language for Expressing Almost-Hierarchical Descriptions", G.J. Sussman et al, Artif Intell 14(1):1-39 (Aug 1980)]. such as conflict-of-interest rules. As a result, the management of access control data becomes a difficult, expensive, and error-prone process.

NIST's RBAC controls access to computer system networks based on the users role in an organization, automatically handling complexities introduced by organizational hierarchies and separation-of-duty requirements. Under RBAC, users are granted membership into roles based on their responsibilities in the organization. The operations that a user may perform are based on the users role. User membership into roles can be revoked easily, and new memberships can be established as job assignments dictate. This mechanism demonstrates the potential for enormous cost savings and better security over current methods. The website is http://hissa.nist.gov.

CONTACT: David Ferraiolo, (301) 975-3046; david. ferraiolo@nist.gov or Rick Kuhn, (301) 975-3337; kuhn@nist.gov.

COPYRIGHT 2002 National Institute of Standards and Technology
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Journal of Research of the National Institute of Standards and Technology
Geographic Code:	1USA
Date:	Jul 1, 2002
Words:	427
Previous Article:	Conventional cells--the last step toward general acceptance of standard conventional cells for the reporting of crystallographic data.
Next Article:	NIST researchers demonstrate high-speed thermal imaging system. (General Developments).(Brief Article)
Topics:	Access control (Computers) Research Computer access control Research Computer systems

Related Articles
STATE-OF-THE-ART LAB UNDER CONSTRUCTION.(Brief Article)(Statistical Data Included)
WORKSHOP ON TEXTURE IN ELECTRONIC APPLICATIONS.
NIST CO-SPONSORS GOVERNMENT-INDUSTRY IT SECURITY FORUM.(National Institute of Standards and Technology and National Security Agency; information...
THIRD PATENT FOR NIST'S ROLE-BASED ACCESS CONTROL WORK.(National Institute of Standards and Technology)(Brief Article)
NIST RESEARCHERS LEAD DEVELOPMENT OF STANDARDS FOR WIRELESS PERSONAL AREA NETWORKS.(Brief Article)
NIST mechanisms for disseminating measurements.(National Institute of Standards and Technology)
Information technology measurement and testing activities at NIST.(National Institute of Standards and Technology)
Foreword.
NIST security specialists publish role-based access control book.(General Developments)
NCNR'S user-friendly rietveld software has wide impact on structure analysis.(General Developments)