Abstract.
Role-based access control (RBAC) has gained popularity due to its simple and cost-effective administration, that is, by assigning permission to user through the role. However, RBAC has shown a limitation, in that it cannot recognize a user's conflicts of interest due to its lack of flexibility in addressing various attributes of a user. For example, conflicts of interest may arise in a bank; that is, a loan manager, who holds a mortgage account at the bank where she works, wants to change her own 'client-grade' from silver to premium in order to lower her mortgage account interest rate. Since RBAC considers only the manager's role, this change will be accepted. In my analysis, conflicts of interest arises because the loan manager has two personas: they are both an employee, and a client, of the same bank. This dissertation discusses the use of 'persona' as an attribute in an attribute-based access control (ABAC) variant of RBAC, so that it can recognise and mitigate conflicts of interest.