- 學位論文
以角色為基礎之權限控管系統對權限和安全等級研究與探討
A Study of Permissions and Security Level in Role-Based Access Control
摘要
在一個以角色為主的權限控管 (RBAC)系統中,如何有效的減少不必要的角色對於降低系統複雜度是很重要的。隨著組織日益龐大和工作流程的日益複雜,會使角色和權限增加,而使得維護和設計的工作更為困難。在一個階層式RBAC中,上層角色會繼承下層角色的權限。但在實際狀況中,由於不同工作流程和其它安全限制,上層角色不一定能夠擁有下層角色的權限,因此繼承可能需要有範圍限制。 我們將物件導向的觀念融入設計中,將系統權限依使用範圍分類。我們的角色繼承方式可以限制特定權限的使用範圍,並以安全等級來表示,所以特定權限不會無條件的往上繼承,也不用產生新的角色來處理不能繼承的權限。此方法簡單且可減少角色數量。
並列摘要
It is important to reduce unnecessary roles to reduce the complexity of an RBAC system. In a large enterprise with complex workflows, there are large number of roles and permissions that are difficult to manage and design. In a hierarchical RBAC system, senior roles inherit junior roles’ permissions. But in real world, it is possible that a senior role can not have all the permissions of its junior roles, due to different tasks performed or other security constraints. Thus, it is desirable to define the scope of permission inheritance. We proposed to use object-oriented concepts to classify permissions by their scopes. The scope of a permission is specified by both inheritance and security level. Therefore, a permission can not be inherited unconditionally. We do not need to create more roles to handle permissions that can not be inherited. This method is simple and can reduce role number.
參考文獻
延伸閱讀
- 曾瑋展(2005)。以角色為主之權限控管系統中使用控制模組之研究與實作〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200500269
- 林郁鑫(2007)。以群組為基礎之多個以角色為基礎的權限控管系統環境研究與實作〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200700598
- 熊鴻哲(2011)。以角色為基礎的存取控制模型─角色執行權限之研究〔碩士論文,健行科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0022-2001201113311600
- 葉俊明(2007)。以角色為主之權限控管系統中階層式情境角色之研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200700611
- 蘇仲杰(2013)。A Study of Risk Assessment Mechanism for Personal Information Operations〔碩士論文,國立中正大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0033-2110201613550652