資訊管理學報
劉敦仁;吳美玉;黃景彰;
頁: 61-80
日期: 2001/07
摘要: 以「角色為基礎的存取控制」主要是依據權責衝突的角色,來建立授權準則以達到權責區分之目的。然而為因應企業環境之改變,企業之運作需提供有效的工作管理與工作為基礎的存取控制,因此若僅以角色為基礎的機制,並無法有效的管理企業之工作。近來雖已有以角色與工作為基礎的存取控制之研究,但並未探討權責區分授權準則或是僅為原來以角色為基礎的存取控制之簡單延伸,並未從工作之間不同的權責關係考量權責區分之授權準則。本研究提出新的分析觀點,從企業制訂規劃工作的角度,分析與定義不同的工作權責衝突關係,包括制衡、督導查核與非獨攬性等,並依據所定義的工作權責衝突關係來探討使用者、角色與工作之授權及指派,進而設計授權準則以達到在角色與工作為基礎的存取控制模式中之權責區分。本研究不僅定義新的工作權責關係,更推導出符合工作權責關係之新的授權準則,包括督導查核及相依執行等權責區分準則。
關鍵字: 角色為基礎的存取控制;工作為基礎的存取控制;授權準則;權責區分;
Abstract: Mutual-exclusive roles are the basis for designing authorization rules to achieve separation of duty in role-based access control (RBAC) models. However, current RBAC models are not adequate to provide effective management of tasks within enterprises. Although research has been done in the context of role and task-based access control, there has been little work on the design of authorization rules to achieve separation of duty in this context. The designed authorization rules are merely simple extensions from the authorization rules of RBAC models. In addition, different duty-relationships among tasks are not considered. This work presents a novel view to analyze different duty-relationships among tasks from the aspect of how enterprises design and plan tasks. Several kinds of duty-conflict tasks are defined to represent various duty-relationships such as balancing, supervising and non-arbitrary relationships among tasks. Moreover, authorization rules for assigning tasks to roles and users are designed to achieve separation of duty. The proposed work not only defines new duty-conflict tasks but also deduces new authorization rules to achieve variations of separation of duty including supervision-based and execution-dependent separation of duty, etc.
Keywords: Role-based Access Control;Task-based Access Control;Separation of Duty;Authorization Rules;
瀏覽次數: 7945 下載次數: 71
引用 導入Endnote
頁: 61-80
日期: 2001/07
摘要: 以「角色為基礎的存取控制」主要是依據權責衝突的角色,來建立授權準則以達到權責區分之目的。然而為因應企業環境之改變,企業之運作需提供有效的工作管理與工作為基礎的存取控制,因此若僅以角色為基礎的機制,並無法有效的管理企業之工作。近來雖已有以角色與工作為基礎的存取控制之研究,但並未探討權責區分授權準則或是僅為原來以角色為基礎的存取控制之簡單延伸,並未從工作之間不同的權責關係考量權責區分之授權準則。本研究提出新的分析觀點,從企業制訂規劃工作的角度,分析與定義不同的工作權責衝突關係,包括制衡、督導查核與非獨攬性等,並依據所定義的工作權責衝突關係來探討使用者、角色與工作之授權及指派,進而設計授權準則以達到在角色與工作為基礎的存取控制模式中之權責區分。本研究不僅定義新的工作權責關係,更推導出符合工作權責關係之新的授權準則,包括督導查核及相依執行等權責區分準則。
關鍵字: 角色為基礎的存取控制;工作為基礎的存取控制;授權準則;權責區分;
Designing Authorization Rules for Separation of Duty in Task-based Access Control
Abstract: Mutual-exclusive roles are the basis for designing authorization rules to achieve separation of duty in role-based access control (RBAC) models. However, current RBAC models are not adequate to provide effective management of tasks within enterprises. Although research has been done in the context of role and task-based access control, there has been little work on the design of authorization rules to achieve separation of duty in this context. The designed authorization rules are merely simple extensions from the authorization rules of RBAC models. In addition, different duty-relationships among tasks are not considered. This work presents a novel view to analyze different duty-relationships among tasks from the aspect of how enterprises design and plan tasks. Several kinds of duty-conflict tasks are defined to represent various duty-relationships such as balancing, supervising and non-arbitrary relationships among tasks. Moreover, authorization rules for assigning tasks to roles and users are designed to achieve separation of duty. The proposed work not only defines new duty-conflict tasks but also deduces new authorization rules to achieve variations of separation of duty including supervision-based and execution-dependent separation of duty, etc.
Keywords: Role-based Access Control;Task-based Access Control;Separation of Duty;Authorization Rules;
瀏覽次數: 7945 下載次數: 71
引用 導入Endnote