以RBAC架構設計XML-based電子金融服務入口之存取權控管

Abstract

今日的企業在成本與便利性的考量下，多半以結合群組概念的任意型存取權控制 (Discretionary Access Control，簡稱DAC) 作為其資訊系統的執行權管制方式。不過，這種傳統的控管方式缺乏組織層級架構與權責區分的管理，無法完全符合企業對資訊系統安全上的要求，於是以職務為基礎的執行權管制 (Role-Based Access Control，簡稱RBAC) 因應而生。RBAC 是以職務概念為核心，建立使用者對資訊資源執行權限的管理，較貼近現今企業組織的運作模式，符合企業資訊系統的需求。然而，要將 RBAC 機制導入現有 web-based 的企業資訊系統，往往需要大幅修改系統而導致難以整合的困境。因此，本論文針對 web-based 的企業資訊系統導入 RBAC 概念進行探討，應用 RBAC 伺服器與 XML RBAC (XRBAC) 方法，以快速促進 RBAC 與企業資訊系統的整合。 透過本論文發展的RBAC 伺服器與 XML RBAC (XRBAC) 方法，可以讓企業在不影響現有系統架構與介面的前提下，整合 RBAC 與 web-based的企業資訊系統。RBAC 伺服器負責儲存企業的資訊安全政策以及存取權資訊樣板，以方便管理與產生存取權資訊 (access control information generator)；XML RBAC則可視為存取權管制處理元件，其功能除了利用 XML 技術，進行企業資訊系統與RBAC伺服器間訊息的傳遞與處理外，還可以將工作流程的處理資訊附加於系統文件之後，以便日後資料的收集、整理，輔助資訊系統的稽核。最後，本論文以聯維科技股份有限公司所提供的電子金融服務入口 --- Financial XML over Internet (簡稱XOI) 為案例，探討本論文實作的可行性。

Most information systems in enterprises group users into several sets of members and then utilize Discretionary Access Control (DAC) to carry out the enforcement of security policies. Such method could seldom truly satisfy the needs of enterprises, because the information security policies must reflect the privilege setting for organizational functioning. A simple grouping is not sufficient. Aiming at information security management for organizations, including business enterprises, Sandhu introduced a new model, called Role-Based Access Control (RBAC), for defining access control policies. The model is powerful due to its flexibility in assigning access privileges to various roles and grouping users into role hierarchies. Separation of duty--an essential concept from the viewpoint of organizational control--can be described using this model. Though RBAC has been studied for quite a few years and has been recommended as a national standard of the United States, successful implementations of the model usually demand massive modification of working systems. In this thesis, the author presents a new system architecture, which allows the RBAC model to be easily integrated with working information portals. In this architecture, the function of RBAC is detached from business functions of the information portals. Two key system components are defined and programmed: (1) the RBAC server and (2) the XML interface, called XML RBAC (XRBAC). The RBAC server is a place to manage security policies and is a generator to produce information for access control decisions. The information produced is transmitted as an XML document to the portal through the XRBAC. In addition to functioning as the communication intermediary between the portal and the RBAC server, XRBAC follows the workflow and helps the portal record transactional activities in the audit trail. The aforementioned design realizes the separation of the security management function from the application function and, as a result, enables an enterprise to add RBAC to its own information system without modification of the system itself. The author, finally, demonstrates an implementation of the RBAC server and the XRBAC middleware, using a portal offered by Linkway Inc. Linkway developed this portal, called Financial XML over the Internet (XOI), for the banking industry in Taiwan. The experience shows that embedding RBAC into working portals can be done using the architecture introduced in this thesis.