Using RBAC-based Approach to Integrate Access Control Policies in Legacy Systems
用基于RBAC的方法集成遗产系统的访问控制策略

Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems. As access control policies in legacy systems seldom based on roles are represented in various forms, an RI3AC-based approach was proposed to integrate these access control policies. I}he approach maps permission of legacy systems to tasks of integrated system. Based on task trees and transformation rules of access control policy, various access control policies were reorganized in a unified form. Moreover, management rules were provided to achieve further authorization. A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RI3AC into legacy systems.