The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

An Advanced Permission-Based Delegation Model in RBAC

RBAC을 기반으로 하는 향상된 권한 위임 모델

  • 김태식 (동국대학교 대학원 컴퓨터공학과) ;
  • 장태무 (동국대학교 컴퓨터공학과)
  • Published : 2006.10.30
Download PDF
⟨ Previous Next ⟩

Abstract

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

역할 기반 접근 제어(Role-Based Access Control)은 역할 계층 구조에서 역할 상속과 의무 분리 등을 제공하여 접근제어의 관리를 쉽게 하는 장점이 있다. 그러나 RBAC은 실 세계에서 빈번하게 이루어지는 권한의 위임을 효율적으로 처리하지 못 한다. 본 논문에서는 위임된 권한의 영속성을 보장하고 최소 권한의 보안 원칙과 의무분리 원칙에 위배되지 않는 향상된 권한 위임 모델(APBDM)을 제안한다. APBDM은 RBAC96을 바탕으로 하며, 사용자 대 사용자, 역할 대 역할의 위임을 제공한다. 위임자는 원하는 권한을 특정인에게 부여 할 수 있고, 위임자가 원하는 시점에서 권한이 회수 될 수 있다. 본 논문에서는 APBDM을 분석하고 이의 유효성을 입증하였다.

Keywords

References

  1. D. Ferraiolo And D.R.Kuhn, 'Role-based access controls', 15th NIST_NICS National Computer Security Conference, pp.554-563, Baltimore, MD, October 13-16, 1992
  2. D. Ferraiolo, J. Cugini and D.R.Kuhn, 'Role-based Access Control : Features and Motivations', In Annual Computer Security Applications Conference, pp.241-248, November 09, 1995
  3. Ravi Sandhu, Edward j. Coyne, Hal L. Feinstein and Charles E. Youman, 'Role-based Access Control Model', IEEE, pp.38-47, Feb., 1996
  4. Ezedin Barka and Ravi Shanhu, 'A Role-Based Delegation model and Some Extensions', Proc, Of 23rd National Information System Security Conference(NISSC 2000), pp.168-176, December, 2000
  5. Ezedin Barka and Ravi Shanhu, 'Framework for Role-based Delegation Model and Some Extensions', Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, pp.101-114, Baltimore, USA, October, 2000. 3
  6. Gail-Joon Ahn, 'Specification and Classification of Role-based Authorization Policies', In Proceedings of 8th IEEE International Workshop on Enterprise Security (WETICE2003), pp.202-207, June 9-11, 2000
  7. Gail-Joon Ahn and Ravi Shanhu, 'Role-based Authorization Constraints Specification', ACM Trans on Information and System Security, Vol.3, No.4, pp.207-226, November, 2000 https://doi.org/10.1145/382912.382913
  8. Zhang L, Gail-Joon Ahn and Chun B.T, 'A Rule-based Framework for Role-based Delegation Revocation', ACM Transactions on Information and System Security, Vol.6, No.3, pp.404-441, August, 2003 https://doi.org/10.1145/937527.937530
  9. XinWen Zhang, Sejong Oh and Ravi Sandhu, 'PBDM: A Flexible Delegation Model in RBAC', 8th ACM Symposium on Access Control Models and Technologies(SACMAT -03), pp.149-157, June, 2003 https://doi.org/10.1145/775412.775431
  10. Chunxiao Ye, Yunqing Fu, Zhingfu Wu, 'An attribute-Based-Delegation-Model', ACM International Conference Proceeding Series, Vol85, Proceedings of the 3rd international Conference in Information security, pp.220-221, November 14-16, 2004 https://doi.org/10.1145/1046290.1046338
  11. Nighui Li, Mahesh V, Triounitara, 'Security Analysis in Role-Based Access Control', Proceedings of the Ninth ACM Symposium in Access Control Models and Techniques (SACMAT 2004), pp.126-135, June 2-4, 2004 https://doi.org/10.1145/990036.990058
  12. Serban I, Bavrila, Jogn F, Barklev, 'Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management', ACM Workshop on Role-Based Access Control, pp.81-90, 1998 https://doi.org/10.1145/286884.286902