跳到主要內容

臺灣博碩士論文加值系統

(44.192.67.10) 您好!臺灣時間:2024/11/09 19:04
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:李虹儀
研究生(外文):Hung-Yi Lee
論文名稱:使用雙時間關係之可靠稽核機制應用於組織中職權責任可歸屬性
論文名稱(外文):Using a Bitemporal Relation-based Reliable Auditing Mechanism on the Organizational Privilege Accountability
指導教授:蔡敦仁蔡敦仁引用關係
指導教授(外文):Dwen - Ren Tsai
學位類別:碩士
校院名稱:中國文化大學
系所名稱:資訊管理研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:87
中文關鍵詞:雙時間授權政策角色基礎存取控制權限管理基礎建設
外文關鍵詞:bitemporalprivilege policyRBACPMI
相關次數:
  • 被引用被引用:0
  • 點閱點閱:207
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:2
角色基礎之存取控制(role-based access control, RBAC)分離使用者、角色與權限,藉由賦予角色存取權限,再對映使用者至角色之運作,讓使用者獲得正確適當權限。RBAC具有授權管理、階層式角色、最小特權、授權分工與受體分類等特性。
雙時間(bitemporal)資料庫,對於有權限進入系統的使用者存取及查詢任何資訊,將會紀錄其帳號及處理時間索引。對於資料庫完整性及存取的控管及追蹤,皆能達到一定的安全性,並能對企業內部員工不當行為做有效稽核和監視。
傳統的憑證記錄管理系統,由於使用一般的資料庫管理,憑證之儲存及維護皆以新的憑證替代舊的憑證,造成資料不易稽核的問題。藉由雙時間資料庫管理授權政策與憑證資料,稽核者可以對所有憑證記錄作比對及分析,找出可疑資料。
本研究以RBAC理論結合雙時間資料庫運用在企業內部多變的環境下,同時使用憑證授權政策對資料庫做雙時間管理,偵測企業系統及資訊的使用情形,並將違反事件即時告知稽核人員,做出適當處置。本研究是研究在PKI (public key infrastructure)及PMI(privilege management infrastructure)架構下企業資料庫系統稽核管理,希望能透過有效憑證記錄管理,確保資料完整性,同時對合法使用者做有效稽核。
The RBAC (role-based access control) separated user, role, and privilege. It provides roles with access rights, maps users to roles, and grants users with appropriate privileges. The RBAC comes with many characteristics such as, privilege management, hierarchy, minimum privilege, authorization separation, and object classification.
The bitemporal database will log account activities and process time indices, while authorized system users access and query any information. It can make data integrity, access control, and tracing accomplish certain level of security. It also can make effective audit and monitor on misbehaviors of employees.
Traditional certificate management systems use normal databases. In these systems, the storage and maintenance of certificates are implemented by replacing old certificates with new ones. This makes data audit a tough task. Managing authorization policies and certificate data adopting bitemporal databases, auditors can check and analyze certificate data, and then find out suspicious data.
This study applied the RBAC theory, combining with bitemporal databases, to the complex enterprise environments. We also use certificate authorizing polices bitemporally managing the databases. Our system can detect the usages of enterprise systems and data. The system can also report violations to the auditors. Auditors can thereby properly react. This work focuses on enterprise auditing management of database system under PKI (public key infrastructure) and PMI (privilege management infrastructure). Hopefully, through effective certificate record management, data integrity is ensured. At the same time, legal users can be audited effectively.
中文摘要 ..................... iii
英文摘要 ..................... iv
誌謝辭  ..................... v
內容目錄 ..................... vi
表目錄  ..................... viii
圖目錄  ..................... ix
第一章  緒論................... 1
  第一節  研究背景與動機............ 1
  第二節  研究目的............... 2
  第三節  研究範圍與架構............ 3
第二章  文獻探討................. 4
  第一節  角色基礎存取控制........... 4
  第二節  雙時間關係資料庫設計......... 7
  第三節  存取控制............... 9
  第四節  授權管理基礎建設簡介......... 12
第五節  授權管理基礎建設加入授權管理政策... 15
第三章  稽核運用在權限管理模型.......... 18
  第一節  憑證................. 20
  第二節  憑證發行............... 22
  第三節  憑證運用在權限管理.......... 28
第四節 稽核運用在雙時間關係......... 35
第四章  實做模型................. 56
  第一節  稽核政策之制定............ 56
  第二節  系統設計............... 62
第三節  製造業採購作業之稽核......... 66
第五章  結論與未來研究方向............ 74
  第一節  結論................. 74
  第二節  未來研究方向............. 75
參考文獻 ..................... 76
附錄A  XML授權政策............... 80
一、中文部分
林惠徵 (2003),公開金鑰基礎建設之研究-屬性憑證運用在權限管理,中國文化大學資訊管理研究所碩士論文。
邵曉薇(2000),配合RBAC的稽核制度之設計-以製造業的採購流程,交通大學資訊管理研究所碩士論文。
楊先民 (2003),SQL Serve2000範例教本,台北:學貫行銷股份有限公司發行。
劉興華,黃景彰 (1999),存取權管制系統的設計標準-ISO/IEC 10181-3介紹,中華民國資訊學會學會通訊,2 (3),13-20。
樊國楨 (1999),資料庫安全設計與完整性簡析,台北:行政院研究發展考核會。
樊國楨,陳祥輝,蔡敦仁 (2000),資料庫濫用軌跡塑模,電腦與通訊期刊,94 (8),9-18。
二、英文部分
Akoka, J., & Comyn, W. I. (1996). A knowledge-based system for auditing computer and management information system. Expert System with Applications, 11 (3), 361-375.
Ball, E., Chadwick, D. W., & Otenko, A. (2001). XML policy DTD [Online]. Aviliable: http://sec.isi.salford.ac.uk/download/policy 9.dtd [2001, June 1].
Ball, E., Chadwick, D. W., & Otenko, A. (2003). Implementing role based access controls using X.509 attribute certificates. Institute of Electrical and Electronics Engineers Internet Computing, 7 (2), 62-69.
Boeyen, S. (2000). X.509: Overview of PKI & PMI frameworks [Online]. Available : http://www.entrust.com/resources/pdf/509
-overviews.pdf [2000, September 10].
Chadwick, D. W., & Basden, A. (2001). Evaluating trust in a public key certification authority. Journal of Computers and Security, 20 (7), 592-611.
Chadwick, D. W., & Otenko A. (2002). Privilege allocation tool [Online]. Available: http://sec.isi.salford.au.uk/permis[2002, April 11].
Chadwick, D. W., & Otenko, A. (2002). RBAC policies in XML for X.509 based privilege management. In M. A. Ghonaimy and M.T. Hadidi (Eds.), Proceedings of the International Federation for Information Processing of Technology Commit 11 Conference on Information Security (pp.39-54), New York : Kluwer Academic.
Chadwick, D. W., & Otenko, A. (2002). The PERMIS X.509 role based privilege management infrastructure. In R. Sandhu and E. Betrio (Eds.), Proceedings of 7th ACM Symposium On Access Control Models And Technologies (pp135-140), New York: Association for Computing Machinery Press .
Chung, C. Y., Gertz, M., & Levitt, K. (2000). DEMIDS: A misuse detection system for database system. In E. Margarte and B. H. Van (Eds.), Integrity and Internal Control in Information System (pp 159-178), New York: Kluwer Academic.
Farrell, S., & Housley, R. (2002). RFC 3281: an internet attribute certificate profile for authentization [Online]. Available: http://w- w.faqs.org/rfcs/frc3281.html [2002, October 10].
Ferraiolo, D., & Kuhn, R. (1992). Role-based access control. In R. Sandhu (Ed), Proceedings of 15th NIST-NCSC National Computer Security Conference (pp554-563), New York: Association for Computing Machinery Press.
ITU-T recommendation X.812. (1996). Information technology-open systems interconnection-security framework for open system: Access control framework (ISO/IEC 10181-3). Switzerland: International Organization for Standard Press.
ITU-T recommendation X.816. (1996). Information technology-open systems interconnection-security frameworks for open systems: Security audit and alarms framework (ISO/IEC 10181-7). Switzerland: International Organization for Standard Press.
ITU-T recommendation X.509. (2001). Information technology-open systems interconnection-the directory: Public key and attribute certificate frameworks (ISO/IEC 9594-8). Switzerland: International Organization for Standard Press.
Ooi, B. C., Goh, C. H., & Tan, K. L. (1998). Indexing Bitemporal Databases as Points. Information and Software Technology, 40 (5), 327-337.
Otenko, S., Chadwick, D. W., & Thornton, E. (2002). PERMIS PA cookbook [Online]. Available:http://sec.isi.salford.ac.uk/permis/download/PERMIScookbook.doc [2002, April 11].
Sandhu, R. S. (1996). Authentication, access control, and audit. Association for Computing Machinery Computing Surveys, 28 (1), 241-243.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Institute of Electrical and Electronics Engineers Computer, 29 (2), 38-47.
Stallings, W. (1999). Cryptography and network security principle and practice (2nd ed.). New Jersey: Prentice Hall.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top