Using a Bitemporal Relation-based Reliable Auditing Mechanism on the Organizational Privilege Accountability

• Main Authors: Hung-Yi Lee, 李虹儀
• Other Authors: Dwen - Ren Tsai
• Format: Others
• Language: zh-TW
• Published: 2004
• Online Access: http://ndltd.ncl.edu.tw/handle/43902745677140863588

碩士 === 中國文化大學 === 資訊管理研究所 === 92 === The RBAC (role-based access control) separated user, role, and privilege. It provides roles with access rights, maps users to roles, and grants users with appropriate privileges. The RBAC comes with many characteristics such as, privilege management, hierarchy, minimum privilege, authorization separation, and object classification. The bitemporal database will log account activities and process time indices, while authorized system users access and query any information. It can make data integrity, access control, and tracing accomplish certain level of security. It also can make effective audit and monitor on misbehaviors of employees. Traditional certificate management systems use normal databases. In these systems, the storage and maintenance of certificates are implemented by replacing old certificates with new ones. This makes data audit a tough task. Managing authorization policies and certificate data adopting bitemporal databases, auditors can check and analyze certificate data, and then find out suspicious data. This study applied the RBAC theory, combining with bitemporal databases, to the complex enterprise environments. We also use certificate authorizing polices bitemporally managing the databases. Our system can detect the usages of enterprise systems and data. The system can also report violations to the auditors. Auditors can thereby properly react. This work focuses on enterprise auditing management of database system under PKI (public key infrastructure) and PMI (privilege management infrastructure). Hopefully, through effective certificate record management, data integrity is ensured. At the same time, legal users can be audited effectively.