(Press-News.org) What NIST-led innovation is estimated to have saved U.S. industry $6.1 billion over the past 20 years? Well, probably several, but, perhaps surprisingly, a new economics study* points to the development of "role-based access control," a computer-security technology fostered and championed by the National Institute of Standards and Technology (NIST) in the 1990s.
Role-based access control (RBAC) is the idea of establishing standard levels of access—"permissions"— to the various computing resources and networks of an organization that are tailored to specific employee roles, or job functions rather than individuals. In a large, information-intensive organization, it is generally far easier and more reliable for system security managers to assign a new hire to one or more "roles" and have all the appropriate permissions set automatically than to do each manually.
RBAC is now a common security tool. Facebook users employ it when they assign privileges on their pages to roles like "Friends," "Friends of Friends" and "Everyone." But in the early 1990s, it was a new—and difficult to implement—strategy. Organizations tended to rely on the more primitive "access control lists" that had to be set individually for each system for each employee. NIST has been at the center of RBAC development for nearly 20 years. The agency published a comprehensive RBAC model and the first technical specifications and formal description for RBAC in 1992. This was followed by both theoretical research and prototypes demonstrating the scalability and efficiency of RBAC. By 2000, in cooperation with George Mason University, NIST had developed a proposed RBAC standard. NIST led the ANSI/INCITS** effort to establish a formal industry standard*** in 2004.
In a study prepared for NIST, RTI International used a combination of surveys of industry IT security managers in 2002 and 2010 and published industry data to estimate the impact of the NIST activities on the development and adoption of RBAC. The analysts estimate that by the end of 2010, over 50 percent of IT users at organizations with more than 500 employees have at least some of their system permissions managed by RBAC. NIST's work, they report, probably accelerated the introduction of RBAC by a year and also reduced development costs for firms adopting the strategy. The economic benefits flowed from more efficient management of system access, lower unproductive employee time due to more efficient access management, and more efficient maintenance and documentation of system access. The importance of the last item has been heightened by regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act of 2002, which mandated much more careful documentation and accountability for access to data in the regulated industries.
Assigning dollars to their model, the RTI researchers estimate that RBAC technology itself has generated $6.1 billion in net economic benefits to industry (values adjusted to 2009 dollars), of which $1.1 billion is attributable to NIST's work. Reckoning in the cost to the public of the NIST work, this translates to about $249 in benefit for every dollar spent.
###
The RTI study, 2010 Economic Analysis of Role-Based Access Control Final Report. is available on-line at http://csrc.nist.gov/groups/SNS/rbac/documents/20101219_RBAC2_Final_Report.pdf. NIST continues to work with industry to improve RBAC and will host a meeting of the INCITS CS1.1 committee on March 15, 2011, to discuss a proposal for a Role Based Access Control Next Generation Standard. Interested parties should contact D. Richard Kuhn at kuhn@nist.gov for details. More information on NIST's RBAC program is available at http://csrc.nist.gov/groups/SNS/rbac/index.html.
* A.C. O'Connor and R.J. Loomis. 2010 Economic Analysis of Role-Based Access Control Final Report. RTI International, Project Number 0211876. December 2010.
** American National Standards Institute/ InterNational Committee for Information Technology Standards. Leading organizations for developing consensus standards in information technology.
*** ANSI/INCITS 359-2004, Role Based Access Control.
The NIST role in role-based control: A 20th anniversary appraisal
2011-02-18
ELSE PRESS RELEASES FROM THIS DATE:
Compact high-temperature superconducting cables demonstrated at NIST
2011-02-18
A researcher at the National Institute of Standards and Technology (NIST) has invented a method of making high-temperature superconducting (HTS) cables that are thinner and more flexible than demonstration HTS cables now installed in the electric power grid while carrying the same or more current. The compact cables could be used in the electric grid as well as scientific and medical equipment and may enable HTS power transmission for military applications.
Described in a paper just published online,* the new method involves winding multiple HTS-coated conductors** around ...
Promise of genomics research needs a realistic view
2011-02-18
CHAPEL HILL, N.C. - In the ten years since the human genetic code was mapped, expectations among scientists, health care industry, policy makers, and the public have remained high concerning the promise of genomics research for improving health.
But a new commentary by four internationally prominent genetic medicine and bioethics experts cautions against the dangers of inflated expectations – an unsustainable genomic bubble – and it offers ways to avoid it while still realizing "the true – and considerable – promise of the genomic revolution."
"This commentary is ...
Technology breakthrough fuels laptops and phones, recharges scientist's 60-year career
2011-02-18
EAST LANSING, Mich. — How does a scientist fuel his enthusiasm for chemistry after 60 years?
By discovering a new energy source, of course.
This week, SiGNa Chemistry Inc. unveiled its new hydrogen cartridges, which provide energy to fuel cells designed to recharge cell phones, laptops and GPS units. The green power source is geared toward outdoor enthusiasts as well as residents of the Third World, where electricity in homes is considered a luxury.
"SiGNa has created an inherently-safe solution to produce electric power, resulting in an eco-friendly and cost-effective ...
Asthma tied to bacterial communities in the airway
2011-02-18
Asthma may have a surprising relationship with the composition of the species of bacteria that inhabit bronchial airways, a finding that could suggest new treatment or even potential cures for the common inflammatory disease, according to a new UCSF-led study.
Using new detection methods, researchers learned that the diversity of microbes inside the respiratory tract is far vaster than previously suspected – creating a complex and inter-connected microbial neighborhood that appears to be associated with asthma, and akin to what has also been found in inflammatory bowel ...
Mayo researchers, Rochester educators, students to present at science conference
2011-02-18
ROCHESTER, Minn. -- America's largest general science conference will be the setting next week for seven presentations on how zebrafish changed the classroom in Rochester. Those presenting at the conference in Washington, D.C., include researchers from Mayo Clinic and Winona State University, educators from the Rochester school system, and several students.
"We started out trying to improve how science was taught. That led to adding curriculum beyond science, and resulted in improvement in testing and grade outcomes, and now to the experience of reporting all of it at ...
Inexpensive rinsing effective at reducing post-op infection following joint replacement surgery
2011-02-18
CHICAGO – A rinsing technique with betadine that costs just a little over one dollar per patient may significantly reduce the infection rate following total knee and hip joint replacement surgery according to a study by researchers at Rush University Medical Center.
The study, presented at the American Association of Orthopedic Surgeons 2011 Annual Meeting, found that a three minute diluted betadine lavage combined with painting of the skin with a 10% betadine solution prior to surgical closure nearly eliminated early deep post-operative infection.
Deep periprosthetic ...
Canadian brainpower at AAAS in Washington
2011-02-18
Washington (February 17) — Three leading Canadian language and speech experts will take centre stage in discussions on the latest developments in speech research at this year's annual meeting of the American Association for the Advancement of Science in Washington, D.C. (February 17-21).
Ellen Bialystok of York University has been a driving force in revealing the unique window that bilingualism opens on brain function. Her research disproves earlier claims of cognitive deficits among bilingual children, discovering, instead, that bilingual children and adults have distinct ...
ASTRO publishes palliative radiotherapy for bone metastases guideline
2011-02-18
The American Society for Radiation Oncology (ASTRO) Clinical Affairs and Quality Committee has developed a guideline for the use of radiation therapy in treating bone metastases. The guideline will be published in the International Journal of Radiation Oncology•Biology•Physics, an official journal of ASTRO.
Bone metastases are caused when a malignant tumor spreads to the bone. They can lead to debilitating effects including pain, fractures and paralysis due to spinal cord compression. The care of these patients requires collaboration between several types of cancer treatment ...
Catching space weather in the act
2011-02-18
Close to the globe, Earth's magnetic field wraps around the planet like a gigantic spherical web, curving in to touch Earth at the poles. But this isn't true as you get further from the planet. As you move to the high altitudes where satellites fly, nothing about that field is so simple. Instead, the large region enclosed by Earth's magnetic field, known as the magnetosphere, looks like a long, sideways jellyfish with its round bulb facing the sun and a long tail extending away from the sun.
In the center of that magnetic tail lies the plasma sheet. Here, strange things ...
NASA sees former Tropical Storm Carlos still a soaker in the Northern Territory
2011-02-18
Now a remnant low pressure area, former Tropical Storm Carlos continues to move southwest inland over Australia's Northern Territory and dump heavy amounts of rainfall. NASA's Aqua satellite saw some of the high thunderstorms within Carlos over land and extending north into the Timor Sea.
The Atmospheric Infrared Sounder (AIRS) instrument onboard NASA's Aqua satellite measures cloud-top, sea surface and land temperatures. Those are important factors in determining the strength and power of a tropical cyclone. Sea surface temperatures need to be at least as warm 26.6 ...