정보처리학회논문지C (The KIPS Transactions:PartC)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

효과적인 역할계층 관리를 위한 기본 무결성 규칙

Master Integrity Principle for Effective Management of Role Hierarchy

  • 오세종 (단국대학교 컴퓨터과학과)
  • 발행 : 2005.12.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

ARBAC(adminstrative role-based access control)은 다수의 보안 관리자에 의한 분산 권한관리를 위한 대표적인 보안 모델이다. 각각의 보안 관리자는 역할계층 내에서 자신의 권한 관리 영역을 지정 받는다. ARBAC 모델의 문제중의 하나는 역할계층에 대한 합법적인 변경행위가 불법적 정보 흐름과 같은 원하지 않는 결과를 가져올 수 있다는 점이다. 이를 방지하기 위해 ARBAC 모델의 일부인 RRA97 모델에서는 역할 계층의 기하학적 구조에 기초한 복잡한 제약조건을 제시하고 있다. 본 논문에서는 집합론에 기초한 단일 무결성 규칙을 제안한다. 이 규칙은 단순하고 직관적이며, RRA97 모델의 모든 제약조건을 대체할 수 있다.

Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.

키워드

참고문헌

  1. R. Sandhu, 'Rationale for the RBAC96 Family of Access Control Models', Proc. of the First ACM Workshop on Role-Based Access Control, 1995 https://doi.org/10.1145/270152.270167
  2. D. Ferraio, J. Cugini, R. Kuhn, 'Role-based Access Control (RBAC) : Features and motivations', Proc. of the 11th Annual Computer Security Application Conference, 1995
  3. R. Sandhu, E. Coyne, H. Feinstein, C. Youman, 'Role-Based Access Control Models', IEEE Computer, Vol.29, No.2, 1996 https://doi.org/10.1109/2.485845
  4. S.I. Gavrila, J.F. Barkley, 'Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management', Proc. of the 3rd ACM workshop on Role-Based Access Control, 1998 https://doi.org/10.1145/286884.286902
  5. R. Sandhu, Bhamidipati, Q. Munawer, 'The ARBAC97 Model for Role-Based Administration of Roles', ACM Trans. on Information and Systems Security (TISSEC), Vol.2, 1999 https://doi.org/10.1145/300830.300839
  6. R. Sandhu, Q. Munawer, 'The ARBAC99 Model for Administration of Roles', Proc. of the Annual Computer Security Applications Conference, 1999
  7. R. Sandhu, Q. Munawer, 'The RRA97 Model for Role-Based Administration of Role Hierarchies', Proc. of the Annual Computer Security Applications Conference, 1998 https://doi.org/10.1109/CSAC.1998.738569
  8. J.D. Moffett, E.C. Lupu, 'The Uses of Role Hierarchies in Access Control', Proc. of the 4th ACM Workshop on Role-Based Access Control, 1999 https://doi.org/10.1145/319171.319186
  9. J. Crampton, 'Administrative Scope and Role Hierarchies Operations', Proc. of the 7th ACM Symposium on Access Control Models and Technologies, 2002 https://doi.org/10.1145/507711.507736
  10. J. Crampton, 'On permissions, Inheritance and Hierarchies', Proc. of the 10th ACM Conference on Computer and Communication Security, 2003 https://doi.org/10.1145/948109.948123
  11. W. Yao, K. Moody, J. Bacon, 'A model of OASIS role-based access control and its support for active security', Proc. of the sixth ACM symposium on Access control models and technologies, 2001 https://doi.org/10.1145/373256.373294
  12. J. Crampton, G. Loizou, 'A foundation for role-based administrative models', ACM Transactions on Information and System Security (TISSEC), 2003 https://doi.org/10.1145/762476.762478
  13. M. Koch, L. V. Mancini, F. Parisi-Presicce, 'Administrative scope in the graph-based framework', Proc. of the ninth ACM symposium on Access control models and technologies, 2004 https://doi.org/10.1145/990036.990051
  14. H. F. Wedde, M. Lischka, 'Cooperative role-based administration', Proc. of the eighth ACM symposium on Access control models and technologies, 2003 https://doi.org/10.1145/775412.775416