On Role-And-Task Combined Access Control And Its Application

The dissertation is dedicated to techniques of Role-and-Task Based Access Control and its application in E-governance. Access control, as one of 5 standard security services defined by ISO, is an important mechanism for security of information systems. Traditional approaches, such as Discretionary Access Control and Mandatory Access Control, are no longer satisfactory for modern information systems and better access control methods are needed. In recent years, RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) have become hotspots in research of access control techniques.In development of Yibin Commerce Bureau Information Management System (YB-CS, for short), the author has adopted RBAC-and-TBAC combined approach. Preliminary experience with the system thus developed has shown that complementary feature of RBAC and TBAC results in a better quality in access control and deserves further exploration.The main work presented in this dissertation and the author's contribution include:1. Successful development of the Yibin Commerce Bureau Information Management System based on an RBAC-and-TBAC combined approach.2. Clarification of concepts of the "role" in RBAC and the "task" in TBAC.3. Structural extension and refinement to "roles" and "tasks" with "classes" and "sub-classes".4. Separation of CA from assignment of roles to remote user has been attempted to make roles re-usable in an E-governance network environment.5. For further improvement to TBAC model, the author suggests.A. that authentication process should be defined as a multi-phase process, andB. state-factors should be added to authentication dependency-rules to make in-task transition distinguishable and easy to understand.