跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.80) 您好!臺灣時間:2024/12/12 20:11
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:施淵仁
研究生(外文):Yuan-Ren Shih
論文名稱:具流程管理機制之工作存取權限控制模型之研究
論文名稱(外文):Design of Job-Based Access Control Model with Workflow Mechanism
指導教授:黃士殷黃士殷引用關係
指導教授(外文):Shyh-In Hwang
學位類別:碩士
校院名稱:元智大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2000
畢業學年度:88
語文別:中文
中文關鍵詞:存取控制工作流程工作權責為基礎之存取控制角色為基礎之存取控制
外文關鍵詞:Role-Based Access ControlJob-Based Access ControlAccess ControlWorkflow
相關次數:
  • 被引用被引用:10
  • 點閱點閱:353
  • 評分評分:
  • 下載下載:18
  • 收藏至我的研究室書目清單書目收藏:1
角色為基礎之存取控制模型(Role-Based Access Control, RBAC)是由美國國家標準局(NIST)近年來提出的資料存取機制,RBAC提出具彈性的存取控制機制,不過RBAC目前只能被應用在特定系統[4][8],因此許多文獻對於RBAC提出改進與應用的方法。但是RBAC目前仍然存在無法對具有連續性動作或事件進行控制之限制,亦即缺乏工作流程(Workflow)的控制機制,本論文的目的即對此一限制提出改進方法。
目前有文獻針對RBAC物件與權力管理提出改進的方法,稱為"工作權責為基礎之存取控制模式" (Job-Based Access Control Model,JBAC)[15], JBAC模型的優點可降低RBAC權力管理複雜度,因此本論文採用JBAC模型為架構基礎,將Task-Based Authorization中[11]工作流程(Workflow)的概念加入JBAC的Job分派流程,並與RBAC的角色分派機制結合,再對於模型中每個元件逐一檢視存取控制的原則,使整體模式具備資料存取控制(Access Control)與工作流程控制(Workflow)的特性,更能符合系統實際需求,提供系統發展者及管理者一個易於發展與管理的資料存取機制。
The Role-Based Access Control (RBAC), suggested by National Institute of Standards and Technology (NIST), is an access control model. Although RBAC is a new method for modern information system, RBAC is still not a panacea for all access control issue. In RBAC, permissions are associated with roles. Permission assign to objects and users is a complex problem. This problem has been solved by Job-Based Access Control (JBAC).
But Role-based Access Control still has some problems. The most problem is that RBAC does not attempt to direct control permission for sequence of events or activities in system., and there is other forms of access control discuss the matter about workflow control. Task-based Authorization Model discussed part of this issue.
In this paper we will take advantage of the concept of workflow and combine it with JBAC to solve this limitation of RBAC. We will provide a suitable model to deduce to the complexity of administration and to manage objects and permissions easier.
1.緒論
1.1研究動機 -------------------------------------------- 2
1.2研究目的 -------------------------------------------- 3
1.3章節概要 -------------------------------------------- 3
2相關研究
2.1 Access Control Approaches--------------------------- 4
2.1.1存取控制陣列(Access Control Matrix)---------------- 5
2.1.2存取控制串列(Access Control Lists) ---------------- 6
2.1.3能力串列(Capability Lists) ------------------------ 7
2.1.4 Authorization Relation --------------------------- 8
2.2 Access Control Policies ----------------------------- 9
2.2.1 強制存取控制( Mandatory Access Control )---------- 9
2.2.2自由裁量存取控制(Discretionary Access Control)------10
2.2.3角色為基礎存取控制(Role-Based Access Control) ----- 11
2.3 相關存取控制模型比較 ------------------------------- 15
2.3.1 Task-based Authorization Model ------------------- 15
2.3.2工作權責為基礎存取控制模式 ------------------------ 19
2.3.3 Workflow Management System ----------------------- 22
3.具流程管理機制之工作存取控制 ------------------------- 24
3.1流程管理機制與工作存取控制分析 ---------------------- 24
3.1.1存取控制策略分析 ---------------------------------- 24
3.1.2工作權責分割原則 ---------------------------------- 26
3.2 流程管理機制的設計分析------------------------------ 30
3.2.1具流程管理機制之安全模型定義 ---------------------- 30
3.2.2角色-工作權責分派規則 ----------------------------- 34
3.2.3存取控制模型實際運作模式 -------------------------- 38
3.3具工作流程管理機制之實例應用 ------------------------ 40
3.4功能特點與模型優點 ---------------------------------- 43
4.結論與未來展望 --------------------------------------- 45
4.1 結論 ----------------------------------------------- 45
4.2 未來展望 ------------------------------------------- 46
5.參考文獻 --------------------------------------------- 47
[1] R. S. Sandhu, P, Samarati, "Access Control: Principles and Practice", IEEE Comm. Magazine, Sep. 1994, p40-48
[2] R.S. Sandhu, E.J. Coyne, "Role-based Access Control Models", IEEE Computer, Feb, 1996, pp.38-47
[3] D.Ferraiolo, J. Cugini, and D.R.Kuhn. "Role Based Access Control: Features and Motivations", In Annual Computer Security Applications Conference. IEEE Compter Society Press, 1995.
[4] John Barkley, "Implementing Role Based Access Control using Object Tecnology", First ACM Workshop on Role Based Access Control,November,1995 (http://hissa.ncsl.nist.gov/rbac/rbacot/titlewkshp.html).
[5] R.S.Sandhu, et al, "Role-based Access Control: A Multi-Dimensional View", Proc. Of computer Security application Conf., Orlando, Florida, Dex5-9, 1994, pp. 54-62
[6] John Barkley, "Comparing Simple Role Based Access Control Models and Access Control Lists", August, 1997.
[7] Fang Chen and Ravi S. Sandhu, "Constraints for Role-Based Access Control", ACM RBAC Workshop, MD, 1996
[8] John F. Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban Gavrilla, and D. Richard Kuhn, "Role Based Access Control for the World Wide Web", In 20th National Information System Security Conference. NIST/NSA, 1997.
[9] David Ferraiolo and Richard Kuhn, "Rold-based Access Controls", In 15th NIST-NCSC National Computer Security Conference, pages 554-563, Baltimore, MD, October 13-16 1992.
[10] Luigi Giuri, Pietro Iglio, Fondazione Ugo Bordoni, "A Formal Model For Role-Based Access Control with Constraints", Proceedings 9yh IEEE Computer Security Foundations Workshop, June 1996.
[11] Roshan Thomas & Ravi Sandhu ,"Conceptual Foundations for a Model of Task-based Authorizations", Proceedings of the 7th IEEE Computer Security Foundations Workshop, Franconia, NH, June 1994, pages 66-79
[12] Ravi Sandhu, et al. "The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline", Proceedings of Second ACM Workshop on Role-Based Access Control, Fairfax, Virginia, November 6-7, 1997
[13] EDWARDG AMOROSO,"FUNDAMENTALS OF COMPUTER SECURITY TECHNOLOGY", 1994
[14] Roshan Thomas & Ravi Sandhu, "Task-based Authorization: A Paradigm for Flexible and Adaptable Access Control in Distributed Application", Proc. 16th NIST-NCSC National Computer Security Conference, Baltimore, MD, Sept, 20-23, 1993, pages 409-415
[15] Jiun-Der Yu,Shyh-In Hwang "Job-based Access Control Model" National Computer Symposium 1999 volume 3 pages 242-247
[16] Ravi S.Sandhu "Role-Based Access Control" September 17.1997 http://www.isse.gmu.edu/faculty/sandhu
[17] Dieter Gollmann, ”COMPUTER SECURITY”, 1999
[18] Elisa Bertino, Elena Ferrari, Vijayalakshmi Atluri “A Flexible Model Supporting the Specification and Enforcemant of Role-based Authorization in Workflow Management Systems” In ACM Workshop on Role-Based Access Control, ACM 1997
[19] Elisa Bertino, Elena Ferrari, Vijay Atluri “The Specification and Eeformance Authorization Constrains in Workflow Management Sysyems”, ACM Transactions on Information and System Security, Vol. 2,No 1,February 1999, Pages 65-104.
[20] C. Payne, D. Thomsen, J. Bogle and R. O’Brien, “Napoleon:A Recipe for Workflow” IEEE 1999 Pages134-142
[21] Jonathan D. Moffett “Control Principles and Role Hierarchies” 3rd ACM Workshop on Role-Based Access Fairfax VA. Page 63-69
[22] Gail-Joon Ahn, Ravi Sandhu, Myong Kang and Joon Park “Injecting RBAC to Secure a WEB-based Workflow System”
[23] Wei-Kuang Huang, Vijayalakshmi Atluri “SecureFlow:A Secure Web-enabled Workflow Management System” In Proc.of the ACM Workshop on Role-based Accesses Control, 1999 Page 83-94
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. [2] 洪啟銘,“壓鑄模流與熱傳2D-CAE技術及個案研究”,金屬工業,第29卷,第1期,pp. 43-49,中華民國八十四年一月.
2. [1] 葉俊麟,“鋁輪圈模流及凝固模擬分析”,金屬工業,第31卷,第5期,pp. 27-33,中華民國八十六年九月.
3. [11]鍾清章,“田口式品質工程之內容說明及其應用”,品質管制月刊,第25卷,第8期,pp. 583-590,中華民國八十三年六月.
4. [13]潘浙楠,“應用實驗設計法改善電路版波形焊接”,品質管制月刊,pp. 29-33,中華民國八十五年四月.
5. [17]李琨瑜、陳長福,“以田口實驗設計方法尋求最佳控制策略”,中國統計學報,第28卷,第1期,pp. 25-56,中華民國七十九年三月.
6. [18]鄭英洲,“田口方法推行實例與個案介紹”,中國工業工程學刊,第9卷,第1期,pp. 77-83,中華民國八十一年.
7. [19]池福灶、黃士滔,“應用田口方法提高縫紉品質之探討”,品質管制月刊,第30卷,第4期,pp. 295-302.
8. [20]周福星、粘孝堉、張文雄,“應用田口方法之技術開發於尺寸轉寫性之研究”,中國工業工程學刊,第31卷,第3期,pp. 215-224,中華民國八十五年.
9. [21]周昭宇、彭成憲,“應用田口式參數設計降低批量在訂購點模式之存貨成本”,中國工業工程學刊,第15卷,第4期,pp. 419-427,中華民國八十七年.
10. (4) 張惠文、廖新興、陳國隆,「黏性土壤與鋼材間之摩擦特性」,中華民國第十四屆全國力學會議,中壢,pp. 841~850 (1990)