角色導向存取控制模型是近年來被企業或組織採用的一種存取控制模型。由於角色導向存取控制要求企業按照工作所需的權限設定角色，一方面讓使用者僅啟用完成工作相對應的角色，滿足最小權限原則；另一方面可透過互斥規則的設定，以滿足分工原則。而只給予使用者完成工作的最小權限，並透過角色間互斥的設定，可避免只由單一個人就決定關鍵流程，然而，要如何決定互斥角色則是一個困難。
在過去，為了提供一個有效的方法協助企業建立角色，已有學者提出使用角色工程的概念，以由上而下的角度，從流程分析出應有的角色；由另一方面則是以由下而上的角度，基於最佳化成本的方式透過角色探勘產生角色導向的權限，但由自動化產生的角色卻無法反映作業流程中的真實狀況，因此對管理者而言，欲藉由此方法產生互斥角色，仍具有困難。
因此本研究提出針對資料敏感性產生分工與角色互斥的規則，設計一個自動化的工具，提供使用者友善的介面，以資料庫的方式表示流程以及連結其他相關的機密等級，協助使用者於建立流程時，能有工具輔助檢查。當工作步驟中的資訊資產價值高於執行地點時，能檢查是否有互斥角色許可執行；而當工作步驟中執行角色的等級低於資訊資產價值時，則會根據該角色所進行的存取動作給予意見。藉由本研究所設計的自動化工具，可在自動化產生角色的同時，也了解作業流程的真實狀況，並且能一併檢查資料其相關資源之權限是否得宜，以方便使用者管理流程亦可減少時間成本。

Organizations usually adopt Role-Based Access Control (RBAC) as their access control model to represent privileges of their information assets recently to achieve security requirement of least privilege and separation of duties. Simply speaking, in RBAC, organizations need to define privileges to access their information assets. Organizations can then define roles and assign users and privileges to the roles. Therefore, a user may have privilege to assets an information asset because the user is assigned to a role with associated privileges. Because organization can only assign necessary roles to a user based on the user’s job responsibilities, organization can achieve the least privilege principle with RBAC. Furthermore, because organizations can set conflict relationship among roles and restrict that users cannot be assigned to conflicted role, the organizations can satisfy the requirement of separation of duties.
In-state-of-the-art, organizations may adopt top-down role engineering approaches to decide roles and associated user privileges based on business process of the organizations. Also, organizations may adopt bottom-up role mining approaches to find out roles settings with minimum administration costs. The researches focus on the role-engineering approaches because the results of role mining usually cannot reflect business context. However, traditional role engineering approaches usually only provide general steps to help organizations to decide access control rules to their information assets. It lacks a systematic way for privilege decision in RBAC.
In light of this, this research proposes an automatically tool to analyze access control rules about resources in business processes and provide suggestion to generate roles for resource accessing based on confidentiality of associated data. In the proposed approach, organizations assign confidential level to information assets, including people, data, and places for data to be accessed. There must be at least two people play different roles while data flow from a place with higher confidential level to a place with lower confidential level. Similarity, at least two different people should play different roles to control whether data can be accessed by people with lower confidential level. Therefore, the research can hopefully contribute to provide a systematic way to generate access control rules for organizational security.

[1]　D.F.Ferraiolo, D.R Kuhn, R. Chandramouli, Role-Based Access Control. 2nd ed.Artech House, 2007
[2]　Computer Security Institute (CSI). The 15th 2010/2011 Computer Crime and Security Survey. CSI Survey, 2011.
[3]　Shon Harris. CISSP All-in-one Exam Guide 6th Edition. McGraw-Hill Osborne Media, 2012.
[4]　ISO/IEC. Information technology - security techniques - information security management systems - requirements. ISO/IEC 27001:2005 International Standard, 2005.
[5]　ISO/IEC. Information technology - security techniques - information security management systems - Code of practice for information security management. ISO/IEC 27002:2005 International Standard, 2005.
[6]　United States Department of Defense. Trusted Computer System Evaluation Criteria. DoD Standard 5200.28-STD. 1985.
[7]　R. W. Baldwin. Naming and Grouping Privileges to Simplify Security Management in Large Database. In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, April 1990, pp. 184-194.
[8]　D. J. Thomsen. Role-based Application Design and Enforcement. In Database Security, Ⅳ: Status and Prospects, 1991, pp. 151-168.
[9]　DoD, Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD
[10]　Dorothy E. Denning. A lattice model of secure information flow. Communications of the ACM, Volume 19 Issue 5, May 1976.
[11]　Bell, David Elliott, Looking Back at the Bell-LaPadula Model, Proceedings of the 21st Annual Computer Security Applications Conference. Tucson, Arizona, USA. pp. 337–351
[12]　R. Sandhu et al.. Role-based Access Control Models. IEEE Computer, Vol. 29, No. 2, Feb, 1996.
[13]　D. Ferraiolo and D. R. Kuhn. Role-based Access Control. In Proceedings of the NIST-NSA National Computer Security Conference, 1992, pp. 554-563.
[14]　National Institute of Standards and Technology. Proposed Standard for Role-based Access Control. http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf.
[15]　C. Alberts and A. Dorofee, OCTAVE SM* Threat Profiles, http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf‎
[16]　G. Neumann and M. Strembeck. A Scenario-Driven Role Engineering Process for Functional RBAC Roles. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, CA, June 3–4, 2002, pp. 33–42.
[17]　Gail-Joon Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security, Vol. 3, No. 4, pp. 207-226.,November 2000.
[18]　E.J. Coyne. Role-Engineering. Proc. ACM Workshop Role-Based Access Control (RBAC' 95), pp. 15-16, 1995.
[19]　Edward J. Coyne and John M. Davis. Role Engineering for Enterprise Security Management. Artech House, 2008.
[20]　Edward J. Coyne, Timothy R. Weil, Rick Kuhn. Role Engineering: Methods and Standards. IEEE IT Professional November/December, 2011.
[21]　Dana Zhang, Kotagiri Ramamohanarao, and Tim Ebringer. Role Engineering using Graph Optimization. In Proceedings of ACM SACMAT' 07, June 20-22, 2007, Sophia Antipolis, France.
[22]　Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, and Nino Vincenzo Verde. Visual Role Mining: A Picture Is Worth a Thousand Roles. IEEE Transactions on Knowledge and Data Engineering , Volume 24 Issue 6, 2012.
[23]　Biba, K.J., Integrity Considerations for Secure Computer Systems, Bedford, MA: The MITRE Corporation, 1977.
[24]　陳志重，(2013)，一個基於角色來分析關鍵資訊存取是否滿足分工原則的方法，國立台灣科技大學管理研究所碩士論文
[25]　查士朝，角色導向存取控制模型的簡介及挑戰，網路資訊雜誌，2006 年 12 月資訊安全增刊