跳到主要內容

臺灣博碩士論文加值系統

(44.200.86.95) 您好!臺灣時間:2024/05/20 08:59
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:阮哿壽
研究生(外文):Nguyen, Kha-Tho
論文名稱:基於角色與屬性的存取控制系統之泛型化策略規範模式
論文名稱(外文):Generic Policy Specification Paradigm for Attribute-Enriched Role Based Access control
指導教授:邵家健
指導教授(外文):John, Kar-kin Zao
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學與工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2012
畢業學年度:101
語文別:英文
論文頁數:53
中文關鍵詞:基於角色的存取控制基於角色與屬性的存取控制系統泛型化策略規範
外文關鍵詞:Role Based Access ControlAttribute-Enriched Role-Based Access ControlGeneric Policy Specification
相關次數:
  • 被引用被引用:0
  • 點閱點閱:219
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在本論文中,介紹了一個基於角色與屬性的存取控制之泛型化策略規範模式。這個規範模式中,在傳統角色模組裡加進了參數和次型別的多型性,並添加物件角色, 以及一個彈性的指定存取控制策略的主體和對象角色之間關聯機制。配合型別檢查的功能,這個規範可以容易的在撰寫策略時檢查錯誤。我們還定義了一個支持泛型 編程的宣告式語言。此規範允許我們使用有彈性、有效率、可驗證、可重複利用的方式來設計安全策略
This work introduces a generic paradigm for specifying attribute enriched RBAC security policies. Our paradigm has enriched the conventional role model with parameterized and subtype polymorphism and added object roles entity as well as flexible associations between subject and object roles as the mechanism to specify access control policies. With the support of type checking this paradigm can easily verify some errors while writing policy. We have also defined a declarative language with the support of generic programming. Paradigm allows designing security policies in a more flexible, efficient, verifiable, reusable way
Abstract i
Keywords i
Acknowledgements ii
List of Tables vi
List of Figures vii
Chapter I. Introduction 1
1.1 Problem Statements 1
1.2 Observations 2
1.3 Solution Statements 2
1.4 Thesis Outline 3
Chapter II. Background 4
2.1 Role-Based Access Control (RBAC) 4
2.2 Policy Tools 5
2.2.1. XACML 5
2.2.2. PERMIS 6
Chapter III. A-RBAC Model Design 8
3.1 Scenarios 8
3.1.1. The needs of adding parameters to Roles 8
3.1.2. The needs of adding Object-Role entity 9
3.1.3. The needs for association between specific subjects and specific objects 11
3.1.4. The needs of verifying errors while writing RBAC policies 12
3.2 Objectives 13
3.3 Strategies 13
3.4 Components 14
3.4.1. Subject-role, Object-role 15
3.4.2. Parameterized Roles 15
3.4.3. Action 16
3.4.4. Permissions 17
3.4.5. Sessions 17
3.5 Attributes 17
3.5.1. Type parameter 17
3.5.2. Value Attributes 18
3.5.3. Type and Attribute variables 18
3.6 Inheritance 19
3.7 Subtyping 19
3.8 Role Refinement Hierarchy 21
3.9 Related works 23
Chapter IV. Generic Policy Specification Implementation 26
4.1 GPL Language 26
4.1.1 Introduction 26
4.1.2 Genericity, Inheritance and Operators 26
4.1.2.1 Parameterized Role 26
4.1.2.2 Inheritance 30
4.1.2.3 Subtyping 30
4.1.2.4 Operator 31
4.1.3 Assign parameterized role to subject/object 32
4.1.4 Structure of a program 33
4.1.5 Language Grammar 36
4.2 GPL Compiler 38
4.2.1 Architecture 38
4.2.2 Type Checking 40
4.2.2.1 Some common errors checking 40
4.2.2.2 Future of type checking 41
4.2.3 Irony –Language Implementation Kit 41
Chapter V. Example 43
5.1 Scenarios 43
5.2 Roles Graph 44
5.3 Defining type definitions 44
5.4 Design interfaces, classes, and permissions 45
5.5 Actions 47
5.6 Sessions 48
5.7 Test Results 48
5.8 Output PERMIS XML file 49
Chapter VI. Conclusion 52
6.1 Contributions 52
6.2 Future works 52
References 53
[ ] American National Standard for Information Technology, “Role Based Access Control”, 2004
[ ] Edward J. Coyne, John M. Davis, “Role Engineering for Enterprise Security Management”, Artech House Information Security and Privacy Series, 2008
[ ] D. Richard Kuhn, E. J. Coyne, Timothy R. Weil, “Adding Attributes to Role-Based Access Control”, IEEE June, 2010.
[ ] Mei Ge, S. L. Osborn, “A Design For Parameterized Roles”, DBSec, 251-264, 2004
[ ] Pete Epstein, Ravi Sandhu, “Towards A UML Based Approach to Role Engineering”, RBAC’99 Proceedings of the fourth ACM workshop on Role-Based Access Conrtrol,1999
[ ] Wikipedia, http://en.wikipedia.org/wiki/PERMIS
[ ] David Power , Mark Slaymaker , Eugenia Politou , Andrew Simpson, “On XACML, role-based access control and health grids”, The Fourth UK e-Science All Hands Meeting (AHM 2005)
[ ] David F. Ferraiolo, D. Richard Kuhn and Ramaswamy Chandramouli, “Role Base Access Control – Second Edition”, Aptech House, 2007
[ ] Dirk Schwartmann, “An Attributable Role-Based Access Control for Healthcare”, ICCS 2004, pp 1148-1155
[ ] D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding Attributes to Role-Based Access Control,” Computer, vol. 43, no. 6, pp. 79–81, 2010
[ ] G. Bracha, N. Cohen, C. Kemper, M. Odersky, D. Stoutamire, K. Thorup, P. Wadler, “Adding Generics to the Java Programming Language”, 2001, http://jcp.org/aboutJava/communityprocess/review/jsr014/index.html
[ ] J. Gosling, B. Joy, G. Steele, G. Bracha, A. Buckley, “The Java Language Specification – Java SE 7 Edition”, http://docs.oracle.com/javase/specs/jls/se7/html/index.html
[ ] Irony - .NET Language Implementation Kit: http://irony.codeplex.com/

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top