Mahidol University Logo
Faculty of ICT, Mahidol University
 

Admissions

Printable Version

 

SECONDARY ROLE ASSIGNMENT

 

TITLE SECONDARY ROLE ASSIGNMENT.
AUTHOR GUNTAPONG CHOKEJAREONPATTANAGI
DEGREE MASTER OF SCIENCE PROGRAMME IN COMPUTER SCIENCE
FACULTY FACULTY OF SCIENCE
ADVISOR DAMRAS WONGSAWANG
CO-ADVISOR SUKANYA PHONGSUPHAP
 
ABSTRACT
The most well known access control that is currently and widely implemented in commercial products and accepted as the modern access control standard is role-based access control (RBAC). RBAC uses business roles as a set of least permissions for assigning staff to specific tasks while guaranteeing the maintaining of business constraints. However, sometimes we need some permissions from some roles within a limit of time, but sometimes there are no staff with those roles available at that time. Therefore, we need some staff with a secondary responsibility to take permissions to do that job with precise action and on time. The secondary responsibility is a role assigned to the staff, but secondary role staff cannot activate themselves directly without some certain situation occuring. However, the current role assignment in today’s access control software such as operating system or workflow management software is explicitly done. The explicit assignment makes the secondary role unsupportable due to violation of the least privileges assumption. We need to extend the flexibility level for access control that is widely implemented in most software by embedding implicit role assignment features and activating protocol to maintain the least privileges assumption. This thesis classified the secondary role assignment scheme into three types: Experience (Staff)-Based Assignment, Event (Permission)-Based Assignment, and Role-Based Assignment. The focus is on Role-Based Assignment for defining the two activating protocols that support wide-area enterprises. Precision-based Protocol is used for jobs that focus more on precise action than response time. The Economical-based Protocol is used for jobs that concern the response time or the forwarding jobs to other sites that also cause extremely high cost. The prototype of the proposed model has been simulated and tested with incoming calls of the telephone system. The results have been analyzed and evaluated. The simulation showed that the prototype performed satisfactorily and can be implemented with the actual system. Finally, future work for further development are also suggested.
KEYWORD ROLE-BASED ACCESS CONTROL, SECONDARY RESPONSIBILITY, IMPLICITLY ROLE ASSIGNMENT, EXPERIENCE (STAFF)-BASED ASSIGNMENT, EVENT (PERMISSION)-BASED ASSIGNMENT, ROLE-BASED ASSIGNMENT, ACTIVATING PROTOCOL, PRECISION-BASED PROTOCOL, AND ECONOMIC-BASED PROTOCOL

 

Go to Top

 

ICT Building, Mahidol University, 999 Phuttamonthon 4 Road, Salaya, Nakhonpathom 73170 Tel. +66 02 441-0909 Fax. +66 02 849-6099
Mahidol University Computing Center, The Faculty of ICT, Mahidol University , Rama 6 Road, Rajathevi, Bangkok 10400 Tel. +66 02 354-4333 Fax. +66 02 354-7333