Summary: | 碩士 === 國立交通大學 === 資訊管理所 === 87 === Mutual-exclusive roles are the basis for designing authorization rules to achieve separation of duty in role-based access control (RBAC) models. However, in order to adapt to the changing business environments, enterprises need to operate with effective task management as well as task-based access control. Current RBAC models are not adequate to provide effective management of tasks within enterprises. Although some works have been done in the context of role and task-based access control, very few works have designed authorization rules on separation of duty in this context. The designed authorization rules are merely simple extensions from the authorization rules of RBAC models. Moreover, different duty-relationships among tasks are not considered.
This work presents a novel view to analyze different duty-relationships among tasks from the aspect of how enterprises design and plan tasks. Several kinds of duty-conflict tasks are defined to represent various duty-relationships such as balancing, supervising and non-arbitrary relationships among tasks. On the basis of the defined duty-conflict tasks, authorization rules for assigning tasks to roles and users are designed to achieve separation of duty. The proposed work not only defines new duty-conflict tasks but also deduces new authorization rules to achieve variations of separation of duty including supervision-based, work-dependent and coordination-based separation of duty, etc.
|