Abstract: Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems. As access control policies in legacy systems seldom based on roles are represented in various forms, an RI3AC-based approach was proposed to integrate these access control policies. I}he approach maps permission of legacy systems to tasks of integrated system. Based on task trees and transformation rules of access control policy, various access control policies were reorganized in a unified form. Moreover, management rules were provided to achieve further authorization. A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RI3AC into legacy systems.

Key words: Role based access control, Access control policy, Legacy system, Integration, Task