Basic Search / Detailed Display

Author: 黃俊文
Chun-wen Huang
Thesis Title: 使用面板的概念,發展一個有效率的以角色為基礎的存取控制模式之系統實作建議
An Efficient Way to Implement RBAC Systems with Template
Advisor: 查士朝
Shi-Cho Cha
Committee: 莊裕澤
Yuh-Jzer Joung
Yuan-Cheng Lai
Nai-Wei Lo
Degree: 碩士
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2008
Graduation Academic Year: 96
Language: 中文
Pages: 76
Keywords (in Chinese): 角色為基礎的存取控制模式存取控制角色
Keywords (in other languages): RBAC, Access Control, Role
Reference times: Clicks: 205Downloads: 2
School Collection Retrieve National Library Collection Retrieve Error Report
  • 在電子化企業的概念日趨普及與資訊安全日趨重視的現代,存取控制無疑是最有效的資訊安全控制方法之一。而在各種存取控制的模式中,又以角色為基礎的存取控制模式 ( Role-based Access Control,RBAC ),最能支援分工與最小權限等內部控制與公司治理的需求,因此這個模式在近來也受到相當的重視。

      然而,RBAC 模型本身,需要同時處理物件、權限、角色與使用者之間的關係。就此而言,目前既有的 RBAC 實作,多半無法提供一個方便或友善的界面來協助管理者管理權限。

      針對這樣的問題,本篇研究提出樣板的概念,讓管理者只要先定義好樣板,就能透過樣板讓系統自動產生各種不同物件所對應的操作權限。就比較原始模式和加入樣板的模式在不同案例下的管理工作數目,我們發現樣板可以有效減化管理工作。而為了能夠有效的呈現這樣的概念,本文也根據樣板的概念,提出一個讓管理者設計樣板的管理界面,以求讓管理者用最少的步驟,來設定企業內系統的操作權限。相信透過這樣的概念,可有效的促成 RBAC 存取控制系統之落實。

    Access control has played an important role to achieve security in organizations. While there are several different kinds of access control models, the emerging RBAC (Role-based Access Control) model becomes one of the hottest access control models recently because the model can be used to comply with internal control or corporate governance regulations easily.

      Compared to traditional access control models, such MAC and DAC, administrators need to deal with associated roles and associated relationships when they manage users’ privileges, especially when they creating new objects. In this case, current RBAC systems usually do not provide a convenient user interface for administrators to manage the privileges. And it impedes the acceptance of RBAC models.

      For the very sake of that, we propose an efficiency way and interface to manage of privileges with templates in this article. Administrators can create their own templates and initialize privileges about an object. While the privileges can be generated automatically, the administration cost can be hopefully reduced. Therefore, this article should contribute to the realization of RBAC models.

    Abstract III 誌謝 V 目錄 VII 圖目錄 IX 表目錄 X 第一章 緒論 1 1.1研究背景 1 1.2研究動機 2 1.3 研究目標 4 1.4 研究架構 5 第二章 文獻探討 7 2.1 RBAC的基本介紹 7 2.2 RCL2000 19 2.3 目前 RBAC 實作之缺點 27 第三章 使用樣板的概念簡化管理工作的新 RBAC 模型 32 3.1 新模型概述 33 3.2新模型的程式設計 39 第四章 個案分析 44 4.1 每次產生單一物件和物件權限之案例比較 44 4.2 每次產生多個物件和其權限之案例比較 52 第五章 系統界面 60 第六章 結論 63 6.1結論 63 6.2未來研究方向 64 文獻探討 65

    [1] Gail-Joon Ahn and Hongxin Hu. Towards realizing a formal rbac model in real systems. In Proceedings of 12th ACM Symposium on Access Control Models And Technologies (SACMAT), June 2007.

    [2] Gail-Joon Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security, Vol. 3, No. 4, Pages 207-226.,November 2000.

    [3] E. Bertino and E. FERRARI. Trbac: A temporal role based access control model. ACM Transactions on Information and System Security, Vol. 4, No. 3, Pages 191-223, August 2001.

    [4] E. Coyne and T. Weil, eds., "Role-Based Access Control Implementation Standard," Int'l Committee for Information Technology Standards(INCITS), proposed standard,2007, .

    [5] D. Ferraiolo and R. Kuhn. Role-based access control. In Proceedings of 15th NIST-NCSC National Computer Security Conference, October 1992.

    [6] D. Ferraiolo, R. Kuhn., & C. Ramaswamy. (2003). Role-Based Access Control. Boston,London: Artech House

    [7]R. France Dae-Kyoo Kim I. Ray, F. Collins. Using uml to visualize role-based access control constraints. SACMAT04, June ,2004.

    [8]S. Gavrila, Barkley. Formal specification for role-based access control user/role and role/role relationship management. In Proceedings of the 3rd ACM Workshop on Role-Based Access Control , Octobor 1998.

    [9]S. Gavrila R. Kuhn D. Ferraiolo, R. Sandhu and R. Chandramouli. Proposed nist standard for role-basedaccess control. ACM Transactions on Information and Systems Security, 4(3):224-274, Aug. 2001.

    [10] A. Ghafoor R. Bhatti, E. Bertino and James B. D. Joshi. X-gtrbac: An xml-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security, Vol. 8, No. 2, Pages 187-227, May 2005.

    [11]L. Giuri and P. Iglio. Role templates for content-based access control. ” In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC97), pages 153-159, Nov. 1997.

    [12]Hal L. Feinstein R. Sandhu, Edward J. Coyne and Charles E.Youman. Role-based access control model. IEEE Computer, February 1996.

    [13] Han Y. Osborn, S. L. and J. Liu. A methodology for managing roles in legacy systems. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies. SACMAT ’03. ACM, New York, NY, 33-40., Como, Italy, June 02 - 03, 2003.

    [14] A. W. Jansen. A Revised Model for Role Based Access Control. NIST-IR 6192,1998.

    [15] Joon S. Park, R. Sandhu, and Gail-Joon AHN. Role-based access control on the web. ACM Transactions on Information and System Security, Vol. 4, No. 1, February 2001, Pages 37-71., February 2001.

    [16] A. Kern. Advanced Features for Enterprise-Wide Role-Based Access Control. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, pages 333–342, December 2002.

    [17]R. Kuhn, “Role Based Access Control on MLS Systems without Kernel. Changes," ACM Workshop on Role-Based Access Control, pp. 25-32, 1998

    [18]R. Kuhn D Ferraiolo, J Barkley. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security, Vol.2, No.1, February 1999.

    [19]Lawrence A. Gordon, Martin P. Loeb,William Lucyshyn and Robert Richardson.2005 CSI/FBI COMPUTER CRIME AND SECURITY SURVEY.

    [20]Lawrence A. Gordon, Martin P. Loeb,William Lucyshyn and Robert Richardson.2006 CSI/FBI COMPUTER CRIME AND SECURITY SURVEY.

    [21]N. Li and Z. Mao. Administration in role based access control. In Proceedings of the 2nd ACM Symposium on information, Computer and Communications Security, March 20 - 22, 2007.

    [22]Mohammad A. Al-Kahtani R. Sandhu. Rule-based rbac with negative authorization.

    [23]M. Nyanchama and S.L. Osborn , The role graph model and conflict of interest. ACM TISSEC 2 1 (1999), pp. 3–33.

    [24]S. Osborn ,R. Sandhu, and Q. Munawer, Configuring Role-Based Access Control To Enforce Mandatory and Discretionary Access Control Policies,ACM Transactions on Information and System Security, Vol. 3, No. 2, pp. 85–106, May 2002.

    [25] C. Ramaswamy. Business process driven framework for defining an access control service based on roles and rules. In 23rd National Information Systems Security Conference, Baltimore, MD, October 16-19 2000.

    [26] C. Ramaswamy and R. Sandhu. Role based access control features in commercial database management systems. 21st National Information Systems Security Conference.

    [27] A. Schad A. Kern and J. Moffett. An administration concept for the enterprise role-based access control model. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pages 3-11, June 2003.

    Full text public date This full text is not authorized to be published. (Internet public)