Journal of the Institute of Electronics Engineers of Korea TE (대한전자공학회논문지TE)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

An Extended Role-Based Access Control Model with Multi-level Security Control

다단계 보안통제가 가능한 확장된 역할 기반 접근통제 모델

  • Yim, Hwang-Bin (Dept. Information & Communication Engineering Soonchunhyang Univ.) ;
  • Park, Dong-Gue (Dept. Information & Communication Engineering Soonchunhyang Univ.)
  • 임황빈 (順川鄕大學校 情報技術工學部) ;
  • 박동규 (順川鄕大學校 情報技術工學部)
  • Published : 2002.09.01
Download PDF
⟨ Previous Next ⟩

Abstract

RBAC(Role-Based Access Control) is an access control method based on the user's role and it provides more flexibility on the various computer and network security fields. But, RBAC models consider only users for roles or permissions, so for the purpose of exact access control within real application systems, it is necessary to consider additional subjects and objects. In this paper, we propose an Extended RBAC model, $ERBAC_3$, for access control of multi-level security system by adding users, subjects, objects and roles level to RBAC, which enables multi-level security control. 

역할기반 접근통제(RBAC:Role-Based Access Control)는 사용자의 역할에 기반을 둔 접근통제 방법으로 다양한 컴퓨터, 네트워크 보안 분야에 있어서 유연성을 제공한다. 그러나 역할기반 접근통제는 역할이나 허가 등을 적용하는 대상으로 사용자만을 고려하고 있으므로 실제의 응용 시스템 상에서 정확한 접근통제를 위해서는 사용자뿐만 아니라 주체 및 객체를 추가로 고려할 필요성이 있다. 본 논문에서는 다단계 보안시스템을 위하여 역할기반 접근통제 모델에 사용자, 주체, 객체, 역할에 대한 보안등급을 추가로 고려하여 확장된 역할기반 접근통제 모델 $ERBAC_3$를 제안한다.

Keywords

References

  1. Matunda Nyanchama and Sylvia Osborn, 'Modeling mandatory access control in rolebased security systems', In Databvase Security VIII : Status and Prospects, Chapman-Hall, 1996
  2. LuigiGuiri and Pietro Iglio, 'A formal model for role-based access control with constraints', In Proceedings of 9th IEEE Computer Security Foundations Workshop, pages 136-145, Kenmare, Ireland, June 1996
  3. Ravi Sandhu, 'Role Hierarchies and Constraints for Lattice-Based Access Control' Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy, September 25-27, 1996
  4. Ravi Sandhu, Edward J.Coyne, Hal L. Feinstein and Charles E. Youman, 'Role-Based Access Control Models', IEEE Computer, pp.38-47, Volume 29, Number 2, February, 1996
  5. C. Ramaswamy and R. Sandhu, 'Role-Based Access Control Features in Commercial Database Management Systems', NISSC. 1998
  6. W.A.Jansen, 'Inheritance Properties of Role Hierarchies', 21th NCSC/NIST NISSC National Information Systems Security Conference, pp. 476-485, Crystal City, VA, October 5-8, 1998
  7. 김학범, 홍기융, 김동규 '확장된 역할기반 접근통제 모델', 통신정보보호학회논문지, 1999. 3
  8. D.F.Ferraiolo, R.Sandhu, S.Gavrila, D.R .Kuhn, R.Chandramouli, “'roposed NIST standard for role-based access control', ACM TIS-SEC Vol. 4, No.3, pp.224-274, 2001