維護,此時我們針對已完成的工作所需的工作角色加以分析,透過工作任務紀錄的候 選人員,讓系統管理員能授權指派的適合人員繼續行使角色,完成工作維護。工作紀 錄讓工作過程能有最完整的紀錄,方便系統管理員進行工作維護時,判斷該工作維護 的需求,如什麼角色和權限以及有無適合的人員和候選人員,能加以指派之外,同時 也能發現組織內需求的關鍵工作角色為何。
5.2 未來研究方向 未來研究方向 未來研究方向 未來研究方向
在本研究中,現階段並不探討角色或權限委任的概念,而是僅用管理員授權和演 算法進行人員選擇的概念,主要是由於委任必須有嚴格的安全政策限制,以防止權限 的過度遞移和濫用,若能有良好的委任機制將能使得本研究之概念能有更佳的應用方 式,如必須由職務熟悉的人員或是安全管理人員指派,而獲取角色權限的行使能力。
目前我們正朝著工作流程的發展方向進行,如流程中的各個工作,其行使人員將 工作角色加以委任或授權給予他人行使時,工作職能上的相依、互斥性所產生的效 果,以及人員行使權限的相關安全概念設計都仍在進行中,以期望讓本模型更完善並 使其能更靈活的運作於實際企業之中。
而本研究中所提出的演算法,目前僅針對單一工作進行人員的選擇,並未同時對 多數個工作進行最佳化的人員選擇和判斷,因此未來相關研究也將會朝向同時多數個 工作人員的選擇指派,依照其工作的重要程度,給予最佳化的人員指派關係順序。
參考文獻 參考文獻 參考文獻 參考文獻
[1] Atluri, V., & Huang, W. K., “An Authorization Model for Workflows,” The 5th European Symposium on Research in Computer Security, pp.44–64, 1996.
[2] Botha, R. A., “CoSAWoE – A Model for Context-Sensitive Access Control in Workflow Environments,” Doctor of Philosophy in Computer Science in the Faculty of Natural Sciences of the Rand Afrikaans University, November, 2001
[3] Barkley, J., “Comparing Simple Role Based Access Control Models and Access Control Lists,” Proceedings of the second ACM workshop on Role-based access control, pp.127-132, August, 1997.
[4] Bertino, E., & Bonatti P.A., “TRBAC: A Temporal Role-based Access Control Model,” ACM Transaction Information and System Security, Volume 4, pp.191–223, 2001.
[5] Casati, F., Ceri, S., Pernici, B., & Pozzi, G., “Workflow Evolution,” Data and Knowledge Engineering, Volume 24, Number 3, pp.211-238, 1998.
[6] Christina, G. C., & Dogan, G., “Employee Satisfaction, Customer Satisfaction, and Financial Performance: An Empirical Examination,” International Journal of Hospitality Management, Volume 28, pp.245–253, 2009.
[7] Chebbi, I., Dustdar, S., & Tata, S., “Cooperation Policies for Inter-organizational Workflows,” Proceedings of the 2005 Symposium on Applications and the Internet Workshops, 2005.
[8] Ferraiolo, D. F., & Kuhn, D. R., “Role-Based Access Control,” Proceedings of 15th NIST-NCSC National Computer Security Conference, pp.554-563, October, 1992.
[9] Ferraiolo, D. F., Barkley, J. F., & Kuhn, D. R., “A Role-Based Access Control Model
Information System Security, Volume 2, Number 1, pp.34-64, 1999.
[10] Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R., “A Proposed Standard for Role-Based Access Control,” ACM Transactions on Information and System Security, Volume 4, Number 3, August, 2001.
[11] Giuri, L., & Iglio, P., “A Formal Model for Role-Based Access Control with Constraints,” Proceedings of the 9th IEEE workshop on Computer Security Foundations, pp.136-14, March, 1996.
[12] Georgakopoulos, D., Hornick, M., & Sheth, A., “An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure,”
Distributed and Parallel Databases, Volume 3, pp.119-153, 1995.
[13] Gligor, V. D., Gavrila, S. I., & Ferraiolo, D. F., “On the Formal Definition of Separation-of-Duty Policies and Their Composition,” Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp.172-183, May, 1998.
[14] Liao, X., Zhang, L., & Chan, S. C. F., “A Task-Oriented Access Control Model for WfMS,” ISPEC 2005, LNCS 3439, pp.168–177, 2005.
[15] Li, Q., Zhang, X., Xu, M., Wu, J., “Towards Secure Dynamic Collaborations with Group-Based RBAC Model,” Computers & Security, Volume 28, pp.260–275, 2009.
[16] Naldurg, P., & Campbell, R. H., “Dynamic Access Control: Preserving Safety and Trust for Network Defense Operations,” Proceedings of the 8th ACM symposium on Access control models and technologies, pp.231-237, 2003.
[17] Oh, S., & Park, S., “Task-Role Based Access Control (T-RBAC): An Improved Access Control Model for Enterprise Environment,” DEXA 2000, LNCS 1873, pp.264-273, 2000.
[18] Park, S., Han, Y., & Chung, T., “Context-Role Based Access Control for Context-Aware Application,” HPCC 2006, LNCS 4208, pp.572–580, 2006.
[19] Sandhu, R. S., Bhamidipati, V., & Munawer, Q., “The ARBAC97 Model for Role-Based Administration of Role,” ACM Transactions on Information and Systems Security, Volume 2, Number 1, pp.105–135, February 1999.
[20] Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E., “Role-Based Access Control Models,” IEEE Computer, Volume 29, Number 2, pp.38-47, 1996.
[21] Sandhu, R. S., Ferraiolo, D. F., & Kuhn D. R., “The NIST Model for Role-Based Access Control: Towards a Unified Standard,” Proceedings of the 5th ACM Workshop on Role-Based Access Control, pp.47-63, 2000.
[22] Sandhu, R. S., & Samarati, P., “Access Control: Principles and Practice,” IEEE Communication Magazine, pp.40-48, September, 1994.
[23] Shen, H., & Dewan, P., “Access Control for Collaborative Environments,”
Proceedings of the ACM Conference on Computer Supported Cooperative Work, pp.51-58, November, 1992.
[24] Shen, M., & Liu, D. R., “Coordinating Interorganizational Workflows Based on Process-Views,” International Conference on Database and Expert Systems Applications, LNCS 2113, pp.274–283, 2001.
[25] Shin, M. E., & Ahn, G. J., “UML-Based Representation of Role-Based Access Control,” Proceedings IEEE 9th International Workshops, pp.195-200, 2000.
[26] Simon, R. T., & Zurko, M. E., “Separation of Duty in Role-Based Environments,”
10th Computer Security Foundations Workshop, pp.10-12, June, 1997.
[27] Wang, B., & Zhang, S., “The Research on Role-Based Access Control Mechanism for Workflow Management System,” Proceedings of Grid and Cooperative Computing, LNCS 3251, pp.729-736, 2004.
[28] Workflow Management Coalition, “The Workflow Reference Model,” Technical