ABSTRACT
Role Based Access Control (RBAC) is a flexible and policy neutral access control security management model. For large systems, with hundreds of roles, thousands of users and millions of permissions, managing roles, users, permissions and their interrelationships is a formidable task that ca1mot realistically be centralised in a small team of security administrators. An appealing possibility is to use RBAC itself to facilitate decentralised access control security administration of RBAC. In this thesis, each of the basic concepts of RBAC is formalised, for their definitions to be clear and precise. Based on these defi nitions, RBAC is remodeled as an application model suppo11ing task and confidentiality aspects in the proposed role, task and confidentiality (RTC) based access control model. The proposed RTC based access control model is used for designing an application and software development platform for information security management in the N igerian electronic payment system based on case study carried out during the course of this research. This approach permits the close examination of the mode of operation of e-payment system in Nigeria for effective and secure information system control. Consequently, it helps to analyse in depth the access operations of the proposed RTC access control model. The model is refined to support the concepts of roles, tasks, subjects and data confidentiality in this particular case study, it's software implementation also provided support for assignment and revocation of ro.les and tasks, delegation and revocation of authority, and other featmes include support for separation of duty constraints.