| Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 104 === Access control is an important part of information security. It decides how a user can legally
obtain permission to access resources in appropriate situations. Because more information
systems are deployed in a models enterprise, it become more complicated to set permissions. For
example we may need new methods to set the permissions of a team. Since a team has specific
targets and is composed of people, it may be difficult to use currently available access control
methods.
Since a team is composed of the team members and has target attributes, we proposed a new
permissions model based on these team characteristics. The model, called Team RBAC, is based
on Attribute RBAC. A user can define the team''s targets, the team member’s attributes and
limitations, then the system can decide whether a team can be composed. The team will be given
permissions if it is composed. Team RBAC has the advantages that it allows a more convenient
management and can be more flexibly applied, because in Team RBAC, the attributes of a team
can be dynamically modified.
Two examples were presented to demonstrate possible applications of Team RBAC, one is
an online game play treasure team composition, and the other is ISO audit team composition for
a company. We also implemented a prototype system to show how an online gaming system can
use Team RBAC model.
|
|---|
