Summary: | 碩士 === 國立交通大學 === 資訊管理所 === 88 === In task-based access control (TBAC) models, duty-conflict tasks are the basis of authorization management to determine the assignment of tasks to roles and users. Some studies have shown that TBAC models are more suitable for task-oriented operational business environments than other access control schemes are.
Based upon object-oriented technology and three-tier system architecture, this study designs and implements an extensible system capable of conducting authorization management of TBAC models. The system is incorporated with various authorization rules to achieve separation of duty in the assignment of tasks to roles and users. Graphical interface is also supported for security managers to specify tasks, roles and users, as well as to enact appropriate authorization rules according to security requirements. Secured task-based access control to system resources can thus be enforced via effective authorization management. Finally, a real purchasing case is analyzed and employed into the system to demonstrate how authorization management can be effectively conducted via using the developed system.
|