关键词: 遗留系统, 角色工程, 访问控制策略, 转换规则, 角色层次

Abstract: To solve the problem of lack of consideration of remaining the external behavior of legacy system and making legacy access control policies easy to be evolved, this paper proposes a role engineering approach for legacy system based on FermaT transformation theory and set theory. The approach defines a set of transformation rules for access control policies, analyzes the management cost of transformation rules, gives the design criteria of role engineering of legacy system, and presents a transformation method based on the design criteria. A case study demonstrates that the proposed approach is feasible. Compared with other primary role mining approaches, the constructed roles are ease to be evolved. The role hierarchy is complete and irredundant. The approach is with the lowest cost in the condition of constructing necessary roles.

Key words: legacy system, role engineering, access control policy, transformation rules, role hierarchy