- 學位論文
以角色為主之權限控管系統中階層式情境角色之研究
A Study of Context Role Hierarchy in Role-Based Access Control
摘要
一般的權限控管(Role-Based Access Control,RBAC)系統,使用者經由角色來取得權限。但是,使用者在啟用角色或是執行權限時,可能會受到環境因素如時間和空間所影響。因此需要透過情境限制(Context Constraint)來對角色的啟用或是執行的權限作限制。 本篇論文討論以情境角色來建立情境限制模型,並將情境角色加入NIST RBAC Model,稱之為Context Role RBAC (CR-RBAC) Model。此模型包含原有NIST RBAC Model的六個元件外,多了Context Role和Context Value兩個元件,並且將權限(Permission)分成一般權限(Normal Permission)和情境權限(Context Permission)。除此之外,對於啟用情境角色取得情境權限有兩個前置動作:1.將情境權限分配到空間情境角色,2.由時間情境角色驅動空間情境角色。CR-RBAC模型中有三種不同的Role Hierarchy,包含一般性的Role Hierarchy、Temporal Context Role Hierarchy和Spatial Context Role Hierarchy,分別表示不同的角色啟用(Role Activation)和角色之間的關係。
並列摘要
In a Role-Based Access Control system, users acquire permissions by activating roles that are assigned to the users. In some cases, the roles that a user can activate or the permissions that a user can perform will be determined by temporal or spatial constraints. In this thesis, we model context constraints as context role and add context roles to NIST RBAC model. This model is called Context Role RBAC (CR-RBAC) model. The CR-RBAC model contains not only the original six components of the NIST RBAC model, but also contains context role and context values. CR-RBAC model separates permission into normal permissions and context permissions. Two actions are needed for activating context roles to acquire context permissions. First, context permissions are assigned to spatial context roles. Then, spatial context roles are activated by temporal context roles. There are three different role hierarchies in CR-RBAC model, the original role hierarchy, temporal context role hierarchy and spatial context role hierarchy, which are used to represent role relationship and role activation.