DOI QR코드

DOI QR Code

XACML 기반 홈 네트워크 접근제어 시스템의 설계 및 구현

Design and Implementation of Access Control System Based on XACML in Home Networks

  • 이준호 (한국전자통신연구원 정보보호연구단 홈네트워크보안연구팀) ;
  • 임경식 (경북대학교 전자전기컴퓨터학부) ;
  • 원유재 (한국정보보호진흥원 IT 기반보호단 응용기술팀)
  • 발행 : 2006.10.30

초록

홈 네트워크가 활성화되기 위해서는 보안 서비스의 제공이 필수적이며 특히 사용자에 대한 접근제어는 안전하고 차별화 된 홈 네트워크 서비스의 제공을 가능하게 한다. 그러나 기존의 흠 네트워크 보안 기술은 접근제어를 거의 고려하지 않거나 특정 미들웨어에 종속적인 구조를 가진다. 따라서 본 논문에서는 상호 호환성 및 확장성이 뛰어난 차세대 접근제어 표준인 extensible Access Control Markup Language(XACML)를 이용하여 흠 네트워크에서 통합적인 접근제어를 제공하기 위한 방안을 제시하고 이를 바탕으로 XACML 접근제어 시스템을 설계하고 구현한다. 또한 구현된 XACML 접근제어 시스템을 OSGi기반 UPnP 프락시 시스템에 적용하여 다양한 정책에 대한 실험을 수행함으로써 기존 홈 네트워크 시스템과의 호환성을 검증하였다.

For activating home network, the security service is positively necessary and especially the access control supports secure home network services and differentiated services. But, the existing security technology for home network seldom consider access control or has a architecture to be dependent on specific middleware. Therefore, in this paper we propose a scheme to support integrated access control in home network to use XACML, access control standard of next generation, to have compatability and extensibility and we design and implement XACML access control system based on this. we also had m access control experiment about various policy to connect developed XACML access control system with the UPnP proxy based on OSGi in order to verify compatability with existing home network system.

키워드

참고문헌

  1. A. Herzog, N. Shahmehri, A. Bednarski, I. Chisalita , U. Nordqvist, L. Saldamli, D. Szentivanyi, M. Ostring, 'Security Issue in E-Home Network and Software Infrastructures,' Proceedings of the 3rd Conference on Computer Science and Systems Engineering in Linkoping. Norrkoping, Sweden. Pages: 155-161. Linkopings universitet. 2001
  2. G. Steven and Ungar, 'Home Network Security.'Proceedings of 2002 IEEE 4th International Workshop on Network appliances, pp.41-48, January 15-16, 2002 https://doi.org/10.1109/IWNA.2001.980802
  3. UPnP Forum, Understanding UPnP, June 2000, http://www.upnp.org/download/UPNP_UnderstandingUPNP.doc
  4. Sun Microsystems, Jini Architecture Specification, December 2001, http://www.jini.org/
  5. Sony, Specification of the Home Audio/Video Interoperability Architecture Version 1.0, January 2000, http://www.havi.org
  6. OSGi, Open Service Gateway Initiative 1.0, May 2000, http://www.osgi.org/
  7. UPnP Forum, Device Security and Security Console v1.0, Nomember 2003, http://www.upnp.org/standardizeddcps/security.asp
  8. Dae-Ha Park. Doo-Kwon Baik, 'OSSEM a security model for OSGi service framework,' SCI 2003. 7th World Multiconference on Systemics, Cybernetics and Informatics Proceedings. IIIS. Part Vol.11, 2003, pp.189-94 Vol.11. Orlando, FL, USA
  9. OASIS, XACML 1.0 Specification, February 2003, http://www.oasis-open.org/committees/download.php/2406/oasis -xacml-1.0.pdf
  10. OASIS, SAML 1.1 Specification, 2 September 2003, http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1pdf
  11. NSA, 'Security Enhanced Linux,' http://www.nsa.gov/selinux/
  12. Anne Anderson, 'Java Access Control Mechanisms,' Technical report, Sun Microsystems, March 2002, http://lists.oasis-open.org/archives/xacml/20020l/pdf00000.pdf

피인용 문헌

  1. Home gateway operating model using reference monitor for enhanced user comfort and privacy vol.54, pp.2, 2008, https://doi.org/10.1109/TCE.2008.4560120
  2. Dynamic RBAC Model based on OSGi vol.9, pp.1, 2009, https://doi.org/10.5392/JKCA.2009.9.1.053