跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.175) 您好!臺灣時間:2024/12/08 11:55
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:孫彰鴻
研究生(外文):sun chang hung
論文名稱:以角色為基之強化型存取控管架構應用於協同合作環境
論文名稱(外文):Augmented RBAC Structure for the Collaborative Environment
指導教授:吳銜容吳銜容引用關係
指導教授(外文):wu hsien jung
學位類別:碩士
校院名稱:亞洲大學
系所名稱:資訊科學與應用學系碩士班
學門:電算機學門
學類:電算機應用學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:中文
論文頁數:96
中文關鍵詞:協同合作存取權限控管ARBAC model
外文關鍵詞:collaborationaccess controlARBAC mdel
相關次數:
  • 被引用被引用:0
  • 點閱點閱:239
  • 評分評分:
  • 下載下載:37
  • 收藏至我的研究室書目清單書目收藏:4
隨著全球化市場的來臨與運籌管理的推動,企業面臨的競爭也越來越激烈。然而,現今企業獨力經營方式已逐漸無法在劇烈競爭環境下生存,因此企業為了有效提升競爭力,則有賴於企業之間的協同合作,其帶來之優勢可以減少企業成本支出及提升企業作業效益。在多位使用者協同合作的環境中,安全的維護也倍增困難,尤其是使用者存取權限配置與控管。管理者若要給予使用者差異化的存取權限,會造成系統管理的負荷增加;若不當的存取權限配置,則會使系統安全性降低。針對上述問題之解決,本研究提出一個ARBAC model(Augmented Role-Based Access Control)架構,此架構是以RBAC 概念為基礎加以延伸,並強化Role 的管理。由於以往RBAC 概念是應用於作業系統的領域,而未考慮協同作用之需求,因此在第一階段的架構建置,本研究以協同群組概念(意指專案計劃型之協同合作群組)為主重新定義RBAC,以適用於協同合作方式;在第二階段的架構建置,分別以時間概念、Role 行為與環境因素之管理類別,強化Role的管理,進而提升使用者存取權限控管能力。以時間概念之管理類別,是利用時間的定義來配置Role 的應用;以Role 行為之管理類別,是管理Role 配置與存取對象;以環境因素之管理類別,則是建立環境因素與Role 的關聯,以利於Role 配置的管理。本研究透過實際企業個案探討,以及ARBAC model 架構的建置,其目的是提升企業之間協同合作方式的安全性,並達到適性化與彈性化的使用者存取權限控管。
Nowadays, due to the trend of the global market and growth of CALS (Continuous Acquisition and Life-cycle Support), the business environment has become more and more competitive. Hence,collaboration is important and required to incrase the efficiency of product development for the enterprise. However, security issue of collaboration is ignored, especially that of access control. It results in unsecure collaboration for user, data and environment of the enterprise without effective access control. In order to slove the problem regarding security of access control in the collaborative environment, this research proposes an ARBAC (Augmented Role-Based Access Control) model. It extends the RBAC concept for the collaboration and enhances role management. The proposed ARBAC model includes three classes for role management: time-based class, behavior-based class and environment-based class. Time-based class is used to assign role by various time definition; behavior-based class is used to deal with role application; environment-based class is used to create the relationship between environment and role to improve the role assignment. This ARBAC model provides flexible access control and meets diversied user requirement. The aim of this research is to improve security in the collaborative environment and achieve adaptive access control with flexible role assignment and management.
中文摘要-i
英文摘要-ii
誌謝-iii
目錄-iv
圖目錄.vi
表目錄viii
第一章、緒論1
1.1 研究背景與動機1
1.2 研究目的與方法2
1.3 研究流程3
1.4 研究結果-4
第二章、文獻探討-5
2.1 協同合作方式-5
2.1.1 協同模型-6
2.1.2 產品資料管理-.8
2.2 存取權限-14
2.3 相關角色概念議題-21
2.3.1 角色之間的限制與衝突關係(conflict-21
2.3.2 角色之間委任(delegate)與授權(authorization)方式-23
2.3.3 角色的撤回(revocation)-29
2.4 小結-31
第三章、建置以角色為基之強化型存取控管架構-32
3.1 RBAC 應用於協同合作環境-32
3.1.1 協同合作環境之需求分析-32
3.1.2 重新定義RBAC(ARBAC)-33
3.1.3 ARBAC 之程序-35
3.1.4 ARBAC 之Role 分類-37
3.2 Role 的管理-38
3.2.1 以時間概念(time-based)之Role 管理-39
3.2.2 以行為概念(behavior-based)之Role 管理-41
3.2.3 以環境概念(environment-based)之Role 管理-43
3.2.4 時間、行為與環境概念之相互作用-45
3.3 小結-46
第四章、ARBAC model 之系統分析與設計-47
4.1 系統建置分析-.47
4.2 第一階段系統分析-48
4.3 第二階段系統分析-53
4.3.1 ARBAC model 之類別圖-53
4.3.2 Role 管理類別之分析–使用案例圖-56
4.3 小結-60
第五章、個案探討與ARBAC model 系統模擬-61
5.1 實際個案探討–中部某冷間鍛造廠-61
5.2 ARBAC model 之系統模擬-64
5.2.1 第一層面:模擬管理者的角度-64
5.2.2 第二層面:模擬協同參與者的角度-.69
5.3 小結-76
第六章、結論與未來發展-77
6.1 已完成之研究-77
6.2 研究限制-77
6.3 未來研究方向-78
參考文獻-79
個人履歷-84
1. G. J. Ahn, “Specification and classification of role-based authorization policies,” in Proceedings of 12th IEEE International Workshops on Enabling Technology: Infrastructure for Collaborative Enterprises, 2003.
2. M. A. Al-Kahtani and R. Sandhu, “Rule-based RBAC with negative authorization,” in Proceedings of 20th Annual Computer Security Applications Conference, 2004.
3. C. J. Anumba, O. O. Ugwu, L. Newnham, and A. horpe, “Collaborative design of structures using intelligent agent,” Automation in Construction, 11, 2002, pp. 89-123.
4. E. Barka and R. Sandhu, “Framework for role-based delegation models,” in Proceedings of 16th Annual Computer Security Applications Conference, 2000, pp. 168-176.
5. E. Barka and R. Sandhu, “Role-based delegation model/hierarchical roles(RBDM1),” in Proceedings of 20th Annual Computer Security Applications Conference, 2004, pp. 396-404.
6. F. Biennier and J. Favrel, “Collaborative business and data privacy: Toward a cyber-control?,” Computers in Industry, 56, Jan. 2005, pp. 361-370.
7. C. D. Cera, T. Kim, J. H. Han and W. C. Regli, “Role-based viewing envelopes for information protection in collaborative modeling,” Computer-Aided Design, 36, 2004, pp. 873-886.
8. X. Chu and Y. Fan, “Product data management based on web technology,” Integrated Manufacturing System, 10(2), 1999, pp. 8-84.
9. B. Eiderback and L. A. Jiarong, “Common notification service,” in Proceedings of OOGP’97, Sep. 1997.
10. C. A. Ellis, S. J. Gibbs and G. L. Rein, “Groupware: some issues and experiences,” Communications of the ACM, 34(1), 1991, pp. 38-58.
11. D. Georgakopoulos, M. Hornick and A. Sheth, “An overview of workflow management: from process modeling to workflow automation infrastructure,” Distributed and Parallel Database, 1995, pp. 375-387.
12. V. D. Gligor, S. I. Gavrila and D. Ferraiolo, “On the formal definition of separation-of-duty policies and their composition,” in Proceedings of IEEE Symposium on Security and Privacy, 1998.
13. L. A. Guerrero and D. A. Fuller, “A pattern system for the development of collaborative applications,” Information and Software Technology, 43, 2001, pp. 457-467.
14. Guest editorial, “XML schema and data management,” Data & Knowledge Engineering, 52, 2005, pp. 181-183.
15. T. Jaeger, A. Edwards and X. Zhang, “Managing access control policies using access control spaces,” in Proceedings of 7th ACM Symposium on Access Control Models and Technologies, 2002, pp. 3-12.
16. S. Jajodia, P. Samarati, M. Sapino and V. Subrahmanian, “Flexible support for multiple access control policies,” In ACM Transactions on Database Systems, 26(2), June 2001.
17. N. R. Jennings and M. J. Wooldridge, “Applications of intelligent agents,” In N. R. Jennings, M. J. Wooldridge, (eds.), Agent Technology: Foundations, Applications, and Markets, 1998, pp. 3-28.
18. T. Kim, C. D. Cera, W. C. Regli, H. Choo and J. H. Han, “Multi-Level modeling and access control for data sharing in collaborative design,” Advanced Engineering Informatics, 20, 2006, pp. 47-57.
19. T. Kvan, “Collaborative design: what is it? ,” Automation in Construction, 9, 2000, pp.409-415.
20. B. Lampson, “protection,” in Proceedings of Fifth Annual Princeton Conference of Information Sciences and Systems, 1971, pp.43-437.
21. DB Lange and M. Oshima, “Mobile agents with java: the aglet API,” World Wide Web, 3(1), 1998, pp. 111-121.
22. K. K. Leong, K. M. Yu and W. B. Lee, “A security model for distributed product data management system,” Computers in Industry, 50, 2003, pp. 179-193.
23. A. Lin and R. Brown, “The application of security policy to role-based access control and the common data security architecture,” Computer Communication, 23, 2000, pp.1584-1593.
24. D. R. Liu, M. Y. Wu and S. T. Lee, “Role-based authorizations for workflow systems in support of task-based separation of duty,” The Journal of Systems and Software, 73, 2004, pp. 375-387.
25. J. Liu and L. Sun, “The application of role-based access control in workflow management systems,” in Proceedings of 2004 IEEE International Conference on Systems, Man and Cybernetics, 2004, pp. 5492-5496.
26. L. Liu and H. Zhu, “Implementing agent evolution with roles in collaborative systems,”in Proceedings of 2006 IEEE International Conference on Networking, Sensing and Control, Apr. 2006, pp. 819-824.
27. T. Liu and X. W. Xu, “A review of web-based product data management systems,” Computers in Industry, 44, 2001, pp. 251-262.
28. M. L. Maher, A. Cicognani and S. Simoff, “An experimental study of computer mediated collaborative design,” International Journal of Design Computing, 1, 1998, pp. 10-20.
29. M. J. Moyer and M. Ahamad, “Generalized role-based access control,” in Proceedings of 21st International Conferences on IEEE Distributed Computing Systems, 2001, pp.391-398.
30. S. Murugesan, “Intelligent agents on the Interent and Web,” in Proceedings of 1998 IEEE Region 10 International Conference on Global Connectivity in Energy, 1, 1998, pp. 97-102.
31. NIST, “Role Based Access Control (RBAC),” Apr. 2003,
http://csrc.nist.com/rbac/.
32. S. L. Osbom, R. S. Sandhu and Q. Munawer, “Configuring role-based access control to enforce mandatory and discretionary access control policies,” Information System Security, 3(2), 2003, pp. 85-106.
33. R. S. Sandhu and P. Sammarati, “Access control principles and practice,” IEEE Communication, 32(9), 1994, pp. 8-40.
34. R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youmn, “Role-based access control models,” IEEE Computer, 29(2), 1996, pp. 38-47.
35. W3C, “XML specification version 1.0,” Oct. 2000, http://www.w3.org/TR/2000/REC-xml-20001006.
36. C. Xu, H. Yan and F. Liu, “The implementation of role-based access control on the web,” in Proceedings of 2001 International Conference on IEEE Info-tech and Info-net, 4, 2001, pp. 251-255.
37. X. W. Xu and T. Liu, “A web-enabled PDM system in a collaborative design environment,” Robotics and Computer Integrated Manufacturing, 19, 2003, pp.315-328.
38. C. Yu, D. Ye, M. Wu and Y. Pan, “A role-based and agent-oriented model for collaborative virtual environment,” in Proceedings of IEEE International Conference on Systems, Man and Cybernetics, 2, 2005, pp. 1592-1597.
39. H. Zhu, “A role-based conflict resolution method for a collaborative system,” in Proceedings of 2003 IEEE International Conference on Systems, Man and Cybernetics, 5, Oct. 2003, pp. 4135-4140.
[中文文獻]
1. K. Akio and M. Tora/周明憲譯,「打好基礎–學會UML 與Java 塑模的理論與實作」,博碩文化股份有限公司,2005 年4 月。
2. G. Booch, J. Rumbauch and I. Jacobson/張裕益譯,「UML 使用手冊」,博碩文化股份有限公司,2001 年10 月。
3. 林信成、龔裕民,「XML 與電子文件展示技術之探討」,淡江大學圖書與資訊學刊,第三十七期,58-78 頁,2001 年5 月。
4. 東海林誠、窪田寬之、板本篤、與橋本大輔/柯志杰譯,「學UML 的第一本書」,博碩文化股份有限公司,2003 年2 月。
5. 陳長念,「XML 入門與應用」,文魁資訊股份有限公司,2003 年4 月。
6. 黃敬仁、張瑞芬、姚銀河,「WfMC 為基之模組化網路協同設計系統分析與建置」,工業工程學刊,第四卷第二十期,422-432 頁,2003 年。
7. 趙平宜,葉神丑,袁健仁等,「產品資料管理」,滄海書局,2001 年。
8. 劉興華、黃景彰、吳國禎、鄭智文、劉敦仁,「企業網路中整合使用者身分確認與執行權管制的資訊安全管理:一個系統設計的構想」,交通管理學報,第二卷第十九期,103-130 頁,1999 年。
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top