未來研究

 最少權限

本研究目前只針對團隊的形成和團隊角色的權限加以定義，並無自動判斷管 理者所選擇的原始角色是否符合最少權限之原則，過多的權限可能因為團隊使用 者無心或是故意的操作，而危及系統的安全，而團隊的權限是自動化的委任授 權，最少權限原則顯得更為重要，企業提供團隊角色剛好足夠的權限即可，不需 過度提供團隊角色不需要的權限。現階段的最少權限控管由管理者在選擇原始角 色加入團隊角色時由管理者來控管，未來可以加入最少權限之判斷提高管理者管 理的效益。

 情境感知環境

高安全性的管理是企業組織要求的目標之一，透過情境感知環境能夠有較多 的限制來管理團隊的權限使用，透過情境感知環境，使用者必頇利用感應裝置來

啟動團隊角色，而團隊角色的啟用也必頇達到情境感知環境所設定的條件，例如 在情境感知環境中，要符合團隊大於兩位使用者之基本條件，必頇要兩位以上的 使用者同時啟用同一個團隊角色，才能使用其團隊角色之權限，如果只有單一使 用者將無法啟用團隊角色。

 自動團隊組成

目前團隊角色的形成是由管理者依照團隊的需求來做原始角色的選擇，未來 計畫加入自動組成團隊的方法，根據管理者所提出權限的需求，找尋能夠符合此 需求的原始角色，並利用已經定義好的屬性來做自動化的形成團隊角色，達到團 隊的自動化組成，而不再需要管理者直接指定團隊所需要的原始角色。

參考文獻

[1] 邱啟弘，RBAC 權限控管系統中靜態責任分離機制之研究，中原大學資訊工 程研究所碩士論文，2003 年。

[2] 陳玉娟，你們真的是「團隊」嗎？ 論團體和團隊的意涵及其區別，中等教 育, 53 卷, 4 期, 150-160 頁， 2002 年 8 月。

[3] 蔡昌學，RBAC 權限控管系統中動態責任分離機制之研究，中原大學資訊工 程研究所碩士論文，2003 年。

[4] Fahad T. Alotaiby and J. X. Chen, “A Model for Team-based Access Control (TMAC 2004)”, Proceedings of the International Conference on Information Technology, Coding and Computing, pages 450-454, 2004.

[5] Gail-Joon Ahn and Badrinath Mohan, “Secure Information Sharing Using Role-based Delegation”, Proceedings of the International Conference on Information Technology, Coding and Computing, pages 810-815, 2004

[6] Gail-Joon Ahn, Longhua Zhang, Dongwan Shin and B. Chu, “Authorization management for role-based collaboration”, IEEE International Conference on Systems, Man and Cybernetics, pages 4128-34, 2003.

[7] Ezedin Barka and Ravi Sandhu, “A Role-Based Delegation Model and Some Extensions”, 23rd National Information Systems Security Conference, 2000.

[8] Ezedin Barka and Ravi Sandhu, “Framework for Role-Based Delegation Models”, Proceedings of 16th Annual Computer Security Application Conference, pages 168- 176, 2000.

[9] Ezedin Barka, Ravi Sandhu, “Role-Based Delegation Model/ Hierarchical Roles (RBDM1)”, Proceedings of the 20th Annual Computer Security Applications Conference, pages 396-404, 2004.

[10] Fang Chen and Ravi Sandhu, “Constraints for Role-Based Access Control”, Proceedings of the first ACM Workshop on Role-based access control, 1996.

[11] David F. Ferraiolo and D. Richard Kuhn, “Role-Based Access Control”, 15th National Computer Security Conference, pages 554-563, 1992.

[12] David F. Ferraiolo, John F. Barkley and D. Richard Kuhn, “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet”, ACM Transactions on Information and System Security, pages 34-64, 1999.

[13] David Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, “Proposed NIST Standard for Role-Based Access Control”, ACM Transactions on Information and System Security, pages 224-274, 2001.

[14] Serban I. Gavrila and John F. Barkley, “Formal specification for role based access control user/role and role/role relationship management”, Proceedings of the third ACM workshop on Role-based access control, pages 81-90, 1998.

[15] Morrie Gasser and Ellen McDermott, “An architecture for practical delegation in a distributed system”, Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, pages 20-30, 1990.

[16] Christos K. Georgiadis, Ioannis Mavridis, George Pangalos and Roshan K.

Thomas, “Flexible Team-Based Access Control Using Contexts”, Proceedings of the sixth ACM symposium on Access control models and technologies, pages 21-27, 2001.

[17] HyungHyo Lee, YoungRok Lee and BongHam Noh, “A New Role-Based Delegation Model Using Sub-role Hierarchies”, Computer and Information Sciences-ISCIS 2003, LNCS 2869, Pages 811-818, 2003.

[18] Ravi Sandhu and Bhamidipati, “Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation”, Journal of

Computer Security, Volume 7, pages 317-342, 1999.

[19] Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, “Role-Based Access Control Models”, IEEE Computer, Volume 29, pages 38-47, 1996.

[20] Ravi Sandhu, David Ferraiolo and Richard Kuhn, “The NIST Model for Role-Based Access Control: Towards a Unified Standard”, Proceedings of the fifth ACM workshop on Role-based access control, Pages: 47-63, 2000.

[21] HongHai Shen and Prasun Dewan, “Access control for collaborative environments”, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, pages 51-58, 1992.

[22] Richard Simon and Mary Ellen Zurko, “Separation of duty in role-based environments”, 10th Computer Security Foundations Workshop, pages 183, 1997.

[23] William Tolone, Gail-Joon Ahn, Tanusree Pai and Seng-Phil Hong, “Access control in collaborative systems”, ACM Computing Surveys, pages 29-41, 2005.

[24] Roshan K. Thomas, “Team-based Access Control (TMAC):A Primitive for Applying Role-based Access Control in Collaborative Environments”, Proceedings of the second ACM workshop on Role-based access control, pages 13-19, 1997.

[25] He Wang and Sylvia L. Osborn, “Delegation in the Role Graph Model”, Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 91-100, 2006.

[26] Weigang Wang, “Team-and-Role-Based Organizational Context and Access Control for Cooperative Hypermedia Environment”, Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots:

returning to our diverse roots, pages 37-16, 1999.

[27] Jacques Wainer and Akhil Kumar, “A fine-grained, controllable, user-to-user