The Transactions of the Korea Information Processing Society (한국정보처리학회논문지)

Korea Information Processing Society (한국정보처리학회)
권호 표지

Extended Role Based Access Control Model with Multilevel Security Control

다단계 보안통제가 가능한 확장된 역할기반 접근통제 모델

  • Published : 2000.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandator Access Control). In this paper, e newly propose ERBAC\ulcorner(Extended RBAC\ulcorner) model by considering subject's and object's roles and security levels for roles additionally to RBAC\ulcorner model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC\ulcorner model provides finer grained access control with multilevel security on he base of subject and object level than RBAC\ulcorner model.

Keywords

References

  1. David F. Ferraiolo and D. Richard Kuhn, 'Rolebased access controls,' 15th NIST- NCSC National Computer Security Conference, pp.554-563, Baltimore. MD, October 13-16, 1992
  2. http://hissa.ncsl.nisl.gov/rbac/
  3. John F Barkley. Anthony V. Cincotta, David F. Ferraiolo, Servan Gavrilla. and D Richard Kuhn, 'Role Based Access Control for the World Wide Web,' 20th NISSC National Information Systems Security Conference, pp 331-340, Oct.. 7-10, Baltimore Convention Center, Baltimore, MD. April 8, 1997
  4. Larry S. Bartz, 'hyperDRIVE : leveraging LDAP to implement RBAC on the Web,' pp 69-74. REAC'97. Proceedings of the 2nd ACM workshop on Rolebased access control, Fairfax, VA, Nov. 6-7, 1997 https://doi.org/10.1145/266741.266759
  5. David Ferraiolo and John Ba가ley, 'Specifying and managing role-based access control within a corporate intranet,' pp.77-82, RBAC'97. Proceedings of the 2nd ACM workshop on Role-based access control, Fairfax, VA. Nov 6-7, 1997 https://doi.org/10.1145/266741.266761
  6. Ravi Sandhu and Jcon S. Park, 'Centralized userrole assignment for Web-based intranets,' pp 1-12, RBAC'98. Proceedings of the 3rd ACM workshop on Role-based access control, Fairfax, VA Oct. 22-23, 1998
  7. Joon S. Park and Ravi Sandhu. 'RBAC on the Web by Smart Certificates,' RBAC'99. Proceedings of the 4th ACM workshop on Role-based access control, Fairfax, VA, Oct. 28-29, 1999 https://doi.org/10.1145/319171.319172
  8. Raymond K. Wong, 'RBAC support In objectoriented role databases,' pp.109-120, RBAC'97. Proceedings of the 2nd ACM workshop on Role-based access control Fairfax, VA VA. Nov. 6-7, 1997 https://doi.org/10.1145/266741.266765
  9. Tor Didriksen, 'Rule based database access control - a practical approach,' pp 143-151, RBAC'97. Proceedings of the 2nd ACM workshop on Role-based access control Fairfax, VA VA. Nov. 6-7, 1997 https://doi.org/10.1145/266741.266772
  10. Ravi Sandhu and Venkaia Bhamid.ipati, 'An Oracle Implementation of the PRA97 model for permission-role assignment,' pp.13-21. RBAC'98. Proceedings of the 3rd ACM workshop on Role-based access control, Fairfax, VA Oct. 22-23, 1998 https://doi.org/10.1145/286884.286889
  11. David F Ferraiolo, Janet A. Cugini and D. Richard Kuhn, 'Role-Based Access Control(RBAC) : Features and Motivations,' Annual Computer Security; Applications Conference. pp 554-563. IEEE Computer Society. 1995
  12. David Ferraiolo, Dennis M, Gilbert, and Nickilyn Lynch. 'An examination of federal and commercial access control policy needs,' 16th NIST-NCSC National Computer Security Conference, pp107-116, Baltimore, MD, September 20-23, 1993
  13. Computer Systems Laboratory(CSL) Bulletin, 'An Introduction to Role-Based Access Control,' December, 1995
  14. http://csrc.omg.org/corba/sectrans htm#secl, 'CORBAServices : Common Object Services Specification.' 1998
  15. John F. Barkley, Konstantin Beznosov, and Jinny Uppal. 'Supportmg Relationships In Access Control Using Role Based Access Control,' pp.55-65. RBAC'99. Proceedings of the 4th ACM workshop on Role'-based access control, Fairfax, VA, Oct. 28-29. 1999
  16. ISO/lEC 15408-2, Information Technology-Securiry Techniques-Evaluation Criteria for IT Security - Part 2 : Security functional requirements. Aug, 1999
  17. ISO/lEC 9075-2, Information Technology - Database Language SQL-Part 2. Fooudation(SQL: 1999), Nov, 1999
  18. Jim Reynolds, Ramaswamy Chandramouli, Role-Based Access Control Protection Profile, Ver. 1.0, Cygnacom Solutions & NIST. July 30, 1998
  19. Ravi Sandhu, 'Role Hierarchies and Constraints for Lattice-Based Access Control.' Proc. Fourth European Symposium on Research in Computer Security. Rome. Italy, September 25-27, 1996
  20. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein and Charles E. Youman, 'Role-Based Access Control models.' IEEE Computer, pp.38-47, Vol 29. No.2. February, 1996
  21. W. A. Jansen, 'Inheritance Properties of Role Hierarchies.' 21th NCSC/NIST NISSC National Information Systems Security Conference. pp 476-485. Crystal City, VA, October 5-8. 1998
  22. David F. Ferraiolo, John F. Barkley, and D Richard Kuhn, 'A Role Based Access Control Model and Reference Implementation within a Corporate Intranet,' ACM Transaction on Information System Security, pp.34-64. Vol.2 No.1, Feb., 1999 https://doi.org/10.1145/300830.300834