| Summary: | 碩士 === 國立交通大學 === 資訊管理所 === 88 === NIST has announced a new access control standard: Role-Based Access Control (RBAC), which is more applicable in the organizational context than traditional Discretionary Access Control (DAC) and Mandatory Access Control (MAC).
Policies that are enforced in access control systems determine the level and sufficiency for the security of internal control over resource management. How to formulate these policies is the key to succeed in developing RBAC systems. In this thesis, the author defines two kinds of security policies--active policies and authorization policies─to enable the definitions of roles’ obligations and rights.
In this thesis, the author describes security policies with object-oriented presentations. In this way, the presentation are easier to be communicated to system designers, programmers, and general users. A case study on insurance companies, which are regulated by laws of the Republic of China, is carried out to demonstrate the feasibility of the author’s ideas.
|
|---|
