The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

An Extended Role-based Access Control Model with Privacy Enforcement

프라이버시 보호를 갖는 확장된 역할기반 접근제어 모델

  • 박종화 (세명대학교 소프트웨어학과) ;
  • 김동규 (아주대학교 정보 및 컴퓨터공학부)
  • Published : 2004.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

최근 프라이버시 적용이 IT분야의 가장 중요한 문제의 하나로 대두되고 있다. 프라이버시 보호는 조직의 데이터 처리 시스템에 프라이버시 정책을 적용함으로써 달성 될 수 있다. 전통적인 보안 모델은 다소간 프라이버시 바인딩과 같은 기본적인 프라이버시 요구를 적용하기에 부적절하다. 본 논문은 조직에 프라이버시 정책을 적용할 수 있는 하나의 확장된 역할기반 접근제어 모델을 제안한다. 이 모델은 RBAC과 도메인-타입 적용, 그리고 프라이버시 정책을 결합함으로써 프라이버시 보호와 함께 문맥기반 접근제어를 제공한다. 프라이버시 정책은 역할에 프라이버시 등급을, 데이터에 고객의 프라이버시 선호에 따른 데이터 프라이버시 등급을 부여하는 데이터 사용 정책을 적용함으로써 달성한다. 또 이 모델을 응용에 적용하기 위하여 작은 병원 모델이 사용되었다.

Keywords

References

  1. Proposed Rule. Federal Register v.63 no.155 Security and Electronic Signature Standards
  2. ACM Transactions on Information and System Security v.4 no.3 Proposed NIST Standard for Role-Based Access Control David F. Ferraiolo;Ravi Sandhu;Serban Gavrial(et al.) https://doi.org/10.1145/501978.501980
  3. IEEE Computer v.29 no.Issue 2 Role-Based Access Control Models Ravi S. Sandhu;Edward J. Coyne;Hall L. Feinstein;Charles E. Youman
  4. ACM Transactions on Information and System Security v.4 no.1 Role-Based Access Control on the Web Joon S. Park;Ravi Sandhu;Gail-Joon Ahn https://doi.org/10.1145/383775.383777
  5. Communications of the ACM v.44 no.2 Security Models for Web-Based Applications James B. D. Joshi;Walid G. Aref;Arif Ghafoor;Eugene H. Spafford https://doi.org/10.1145/359205.359224
  6. Proc. of the 17th Annual Computer Security Applications Conference(ACSAC 2001) A Framework for Multiple Authorization Types in a Healthcare Application System Ramaswamy Chandramouli
  7. Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security eMEDAC : Role-Based Access Control Supporting Discretionary and Mandatory Features Mavridis I.;Pangalos G.;Khair M.
  8. Database Security Castano S.;Fugini M.;Martella G.;Samarati P.
  9. IEEE Computer v.26 no.Issue 11 Lattice-Based Access Control Models Ravi S. Sandhu https://doi.org/10.1109/2.241422
  10. IEEE Communications Magazine v.32 no.9 Access Control:Principles and Practice R. Sandhu;P. Samarati https://doi.org/10.1109/35.312842
  11. Lecture Notes in Computer Science 1958 (LNCS 1958) IT-Security and Privacy Simone Fischer-Hubner
  12. Proc. of the 3rd International Symposium on Electronic Commerce Privacy Promises, Access Control, and Privacy Management Calvin S. Powers;Paul Ashley;Matthias Schunter
  13. Proc. of the 13th Annual Computer Security Applications Conference Implementing RBAC on a Type Enforced System John Hoffman