簡易檢索 / 詳目顯示

回結果列表
研究生: 張岑軒
Tsen-Hsuan Chang
論文名稱: 使用者友善之風險導向存取控制政策管理介面
On design a User-friendly Interface for Risk-based Access Control Policy Management
指導教授: 查士朝
Shi-Cho Cha
洪政煌
Cheng-Huang Hung
口試委員: 查士朝
Shi-Cho Cha
洪政煌
Cheng-Huang Hung
黃政嘉
Jheng-Jia Huang
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2023
畢業學年度: 112
語文別: 中文
論文頁數: 65
中文關鍵詞: 存取控制零信任使用者體驗介面設計易用性
外文關鍵詞: Access Control, Zero Trust, User Experience, User Interface Design, Usability
相關次數: 點閱:94下載:5
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著科技的發展,檔案分享變得越來越便捷,然而這也帶來了新的挑戰。在使用存取控制機制進行檔案管理時,使用者往往忽視潛在風險。為了解決這個問題,本研究試圖結合零信任框架和易用性設計原則,以設計一個易於使用且能有效控制風險的存取控制介面。
    本研究先根據文獻回顧與演變的風險自適應存取控制(Evolutionary Risk Adaptive Access Control, ERAdAC)架構,分析了當前的存取控制模型,並根據所得結果,作為焦點小組討論之方向,用以了解使用者在使用存取控制時遇到的問題以及他們的需求。根據這些需求,本研究提出新的存取控制介面並進行易用性評估測試。
    本實驗的參與者主要為具有電腦知識和存取控制使用經驗的使用者,他們被要求完成一系列的任務,過程中記錄操作時間及行為態度等資料,並在任務結束後進行半結構式訪談,以揭示易用性問題。本研究使用單向任務評估(Single Ease Question, SEQ)、淨推薦分數(Net Promoter Score, NPS)和系統可用性量表(System Usability Scale, SUS)作為評估新介面設計易用性的工具。
    經過以上的實驗流程,本研究得出以下結論:(1)新的存取控制介面設計在操作時間、成功率上都有表明使用過程的效率提升。(2)根據NPS和SUS的評估結果,使用者對新的介面設計給予了正面的回饋。

    With the development of technology, file sharing has become more and more convenient. However, this also brings new challenges. Users often overlook the potential risks when managing files through access control mechanisms. In order to solve this problem, this study attempts to combine the Zero Trust Architecture and Ease-of-Use design principles to design an easy-to-use and risk-controlled access control interface.
    An analysis of current access control models, using literature reviews and the Evolutionary Risk Adaptive Access Control (ERAdAC) framework, led to a focus group discussion to identify user needs and problems. This informed the design of a new access control interface, which was then subjected to usability testing.
    The study recruited knowledgeable participants with experience in using access control. They completed a series of tasks while their operation time and behavioral attitudes were recorded. Post-task semi-structured interviews exposed usability issues. The Single Ease Question (SEQ), Net Promoter Score (NPS), and System Usability Scale (SUS) were used to evaluate the new interface design's usability.
    After the above experimental process, this study draws the following conclusions: (1) The new access control interface design has shown the efficiency improvement of the usage process in terms of operation time and success rate. (2) According to the evaluation results of NPS and SUS, users gave positive feedback to the new interface design.

    摘要 I ABSTRACT II 誌謝 III 目錄 IV 圖目錄 VII 表目錄 VIII 第一章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的 2 1.3 論文架構 3 1.4 研究限制 5 第二章 文獻探討 6 2.1 零信任架構 6 2.2 存取控制模型 7 2.2.1 MAC 7 2.2.2 DAC 7 2.2.3 RBAC 8 2.2.4 ABAC 9 2.2.5 RAdAC 9 2.2.6 ERAdAC 9 2.2.7 比較分析 11 2.3 ERADAC模型設計 13 2.3.1 系統模型設計 13 2.3.2 系統元件 13 2.3.3 系統功能 14 2.4 使用者介面設計 15 2.4.1 介面設計 15 2.4.2 使用者體驗 16 2.4.3 易用性原則 17 第三章 資料分析探討 20 3.1 使用者管理 20 3.2 角色與群組管理 21 3.3 存取政策 21 3.4 使用流程 22 3.4.1 AWS 23 3.4.2 GCP 24 3.4.3 Azure 25 3.5 比較分析 26 第四章 研究方法 28 4.1 焦點小組 28 4.2 易用性測試 28 4.3 研究流程 29 4.3.1 研究設計 29 4.3.2 設計方向 30 4.3.3 任務說明 31 第五章 焦點小組洞察 33 5.1 實驗流程 33 5.2 焦點小組第一次訪談 34 5.3 焦點小組第二次訪談 36 5.4 總結 39 第六章 介面設計 41 6.1 角色 42 6.2 存取政策 46 6.3 標準設定 47 第七章 驗證與討論 50 7.1 實驗流程 50 7.2 實驗結果與分析 51 7.2.1 績效度量 51 7.2.1.1 成功 51 7.2.1.2 時間 53 7.2.1.3 效率 54 7.2.2 可用性度量 55 7.2.2.1 單向任務評估 SEQ 55 7.2.2.2 淨推薦分數 NPS 56 7.2.2.3 系統可用性量表 SUS 57 7.2.2.4 可用性問題 57 7.3 討論 59 第八章 結論與未來展望 60 8.1 結論 60 8.2 未來展望 61 參考文獻 62

    [1] “What is NAS? - Network-Attached Storage Explained - AWS,” Amazon Web Services, Inc. Accessed: Jun. 19, 2023. [Online]. Available: https://aws.amazon.com/what-is/nas/
    [2] R. Vanickis, P. Jacob, S. Dehghanzadeh, and B. Lee, “Access Control Policy Enforcement for Zero-Trust-Networking,” in 2018 29th Irish Signals and Systems Conference (ISSC), Jun. 2018, pp. 1–6. doi: 10.1109/ISSC.2018.8585365.
    [3] N. Alharbe, A. Aljohani, M. A. Rakrouki, and M. Khayyat, “An Access Control Model Based on System Security Risk for Dynamic Sensitive Data Storage in the Cloud,” Appl. Sci., vol. 13, no. 5, Art. no. 5, Jan. 2023, doi: 10.3390/app13053187.
    [4] Kapil Raina, “What is Zero Trust Security? Principles of the Zero Trust Model,” crowdstrike.com. Accessed: Jul. 04, 2023. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
    [5] Y. G. Wu, W. H. Yan, and J. Z. Wang, “Real identity based access control technology under zero trust architecture,” in 2021 International Conference on Wireless Communications and Smart Grid (ICWCSG), Aug. 2021, pp. 18–22. doi: 10.1109/ICWCSG53609.2021.00011.
    [6] S. Furnell, “Security Fatigue,” in Encyclopedia of Cryptography, Security and Privacy, S. Jajodia, P. Samarati, and M. Yung, Eds., Berlin, Heidelberg: Springer, 2019, pp. 1–5. doi: 10.1007/978-3-642-27739-9_1591-1.
    [7] Shi-Cho Cha, Yi-Hsuan Hsuan, Kuo-Hui Yeh, Takeshi Ishihara, Ohba Yoshihiro, and Wei-Nin Chen, “An Evolutionary Risk-based Access Control Framework for Enterprise File Systems,” in IEEE 8th World Forum on Internet of Things, Yokohama, Japan, Oct. 2022.
    [8] Y. Zhao and W. Zhou, “Interaction Design System for Artificial Intelligence User Interfaces Based on UML Extension Mechanisms,” Mob. Inf. Syst., vol. 2022, Spring 2022, doi: 10.1155/2022/3534167.
    [9] David Heath, “The Evolution of Zero Trust and the Frameworks that Guide It.” Accessed: Jun. 19, 2023. [Online]. Available: https://www.ibm.com/cloud/blog/the-evolution-of-zero-trust-and-the-frameworks-that-guide-it
    [10] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
    [11] 羅正漢, “【ZTA 101】NIST SP 800-207第二章:零信任基礎認知,” iThome. Accessed: Jun. 18, 2023. [Online]. Available: https://www.ithome.com.tw/tech/152242
    [12] NIST COMPUTER SECURITY RESOURCE CENTER, “mandatory access control (MAC) - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/mandatory_access_control
    [13] NIST COMPUTER SECURITY RESOURCE CENTER, “discretionary access control (DAC) - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/discretionary_access_control
    [14] “RBAC vs. ABAC: The Complete Guide,” Satori. Accessed: Jun. 19, 2023. [Online]. Available: https://satoricyber.com/data-protect-guide/rbac-vs-abac-the-complete-guide/
    [15] NIST COMPUTER SECURITY RESOURCE CENTER, “Risk Adaptive (Adaptable) Access Control - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/risk_adaptive_adaptable_access_control
    [16] K. Baxter, C. Courage, and K. Caine, Understanding Your Users: A Practical Guide to User Research Methods. Amsterdam ; Boston, 2015.
    [17] B. Shneiderman, C. Plaisant, M. Cohen, and S. Jacobs, Designing the User Interface: Strategies for Effective Human-Computer Interaction. Boston, 2009.
    [18] T. Tullis and B. Albert, “Chapter 1 - Introduction,” in Measuring the User Experience (Second Edition), T. Tullis and B. Albert, Eds., in Interactive Technologies. , Boston: Morgan Kaufmann, 2013, pp. 1–14. doi: 10.1016/B978-0-12-415781-1.00001-7.
    [19] T. Tullis and B. Albert, “Chapter 3 - Planning,” in Measuring the User Experience (Second Edition), T. Tullis and B. Albert, Eds., in Interactive Technologies. , Boston: Morgan Kaufmann, 2013, pp. 41–62. doi: 10.1016/B978-0-12-415781-1.00003-0.
    [20] “ISO 9241-11:2018(en), Ergonomics of human-system interaction — Part 11: Usability: Definitions and concepts.” Accessed: Jun. 27, 2023. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:9241:-11:ed-2:v1:en
    [21] J. Sauro and J. R. Lewis, “Chapter 2 - Quantifying User Research,” in Quantifying the User Experience, J. Sauro and J. R. Lewis, Eds., Boston: Morgan Kaufmann, 2012, pp. 9–18. doi: 10.1016/B978-0-12-384968-7.00002-3.
    [22] Jakob Nielsen, “10 Usability Heuristics for User Interface Design.” Accessed: Jun. 18, 2023. [Online]. Available: https://www.nngroup.com/articles/ten-usability-heuristics/
    [23] “eXtensible Access Control Markup Language (XACML) Version 3.0.” Accessed: Jun. 28, 2023. [Online]. Available: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047090
    [24] “Policy Language,” Open Policy Agent. Accessed: Jun. 28, 2023. [Online]. Available: https://www.openpolicyagent.org/docs/latest/policy-language/
    [25] R. K. Merton, “The Focussed Interview and Focus Groups: Continuities and Discontinuities,” Public Opin. Q., vol. 51, no. 4, pp. 550–566, 1987.
    [26] R. A. Krueger and M. A. Casey, Focus Groups: A Practical Guide for Applied Research. Thousand Oaks, Calif, 2000.
    [27] R. A. POWELL and H. M. SINGLE, “Focus Groups,” Int. J. Qual. Health Care, vol. 8, no. 5, pp. 499–504, Jan. 1996, doi: 10.1093/intqhc/8.5.499.
    [28] “Material Design,” Material Design. Accessed: Jul. 06, 2023. [Online]. Available: https://m3.material.io/get-started
    [29] T. Benson, “Digital innovation evaluation: user perceptions of innovation readiness, digital confidence, innovation adoption, user experience and behaviour change,” BMJ Health Care Inform., vol. 26, no. 1, p. e000018, Apr. 2019, doi: 10.1136/bmjhci-2019-000018.
    [30] J. Nielsen and T. K. Landauer, “A mathematical model of the finding of usability problems,” in Proceedings of the INTERACT ’93 and CHI ’93 Conference on Human Factors in Computing Systems, in CHI ’93. New York, NY, USA: Association for Computing Machinery, Spring 1993, pp. 206–213. doi: 10.1145/169059.169166.
    [31] Grigore, “What is a Good Net Promoter Score? (2023 NPS Benchmark),” Retently. Accessed: Jul. 18, 2023. [Online]. Available: https://www.retently.com/blog/good-net-promoter-score/

    QR CODE