The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Role-Based Delegation Model Using Available Time

가용 시간을 이용한 역할 기반 위임 모델

  • 김경자 (세종대학교 컴퓨터공학과) ;
  • 장태무 (동국대학교 컴퓨터공학과)
  • Published : 2007.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

The existing RBAC models are not sufficient for managing delegations or separation of roles. Researches have been done on RBDM(Role Based Delegation Model) that deal with delegating role or permission to other users. In this paper, we divide the delegated roles into two groups: periodic and temporary delegation roles. When a role is delegated, a time period is assigned together, which is used to revoke the permission of delegated role automatically. In our model, the role of monotonic delegation by an original user can be revoked at any time in case of malicious use by the delegated user. The contribution of our model is that the malicious use of delegated role can be prohibited and security vulnerability in the role hierarchy due to role delegations can be alleviated. The proposed model, T RBDM(Time out Based RBDM) is analyzed and compared with the conventional models, such as RBDM0, RBDM1 and PBDM. Our model shows an advantage over other models in terms of security robustness.

기존의 RBAC(Role Based Access Control) 모델들은 사용자간의 역할 위임이나 역할 분리를 운용하기에는 역부족이다. 이에 RBAC을 바탕으로 역할이나 권한을 다른 사용자에게 위임하는 모델인 RBDM(Roie Based Delegation Model)이 연구되고 있다. 반면에, 역할을 위임 받은자의 악의적인 남용을 막을 수 있는 방안이 필요하다. 본 논문은 역할의 위임으로 인하여 위임 받은자의 악의적인 도용을 막기 위한 모델로서 위임 역할에 대한 폐지 절차를 시간상으로 제한을 두고, 위임하는 역할에 대하여 원사용자의 권한을 그대로 유지함으로써 위임으로 인한 역할간 계층구조의 보안상 취약점을 보완하고자 한다. 즉, 역할을 위임하고자 할때에는 위임에 대한 유효 기간을 같이 부여하는 기법으로 위임된 역할의 사용 권한을 시간상으로 폐지할 수 있게 한다. 또한, 위임된 역할에 대해서는 원사용자의 역할에 대한 권한을 계속 보유할 수 있도록 함으로써 위임으로 인하여 역할에 대한 사용이 정당하지 않은 경우에는 언제든지 회수가 가능할 수 있게 하였다. 본 제안 기법인 T-RBDM (Time-out based RBDM)은 기존의 위임 모델인 RBDM0, RBDM1, PBDM과 비교 분석함으로 기존의 위임 모델에 비해 보안 측면에서 더 강인함을 보인다.

Keywords

References

  1. R. Sandhu, J. Edward. Ciyne, L. Hal. Feinstein, and Charles E. Youman. Role Based access control models. IEEE Computer, 29(2):38-47, February, 1996 https://doi.org/10.1109/2.485845
  2. L. Zhang, Gail J. Ahn and B. Chu, A Rule Based Framework for Role Based Delegation and Revocation, ACM Transactions on Information and System Security (TISSEC) archive Volume 6, Issue 3, August, 2003 https://doi.org/10.1145/937527.937530
  3. O. Bandmann, M. Dam, B. Firozabadi, Constrained Delegation, Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on, pp.131-140, 2002 https://doi.org/10.1109/SECPRI.2002.1004367
  4. O Canovas, Antonio F. Gomez, Delegation in Distributed Systems: Challenges and Open Issues, In Proceedings of IEEE International Workshop on Database and Expert Systems Applications (DEXA '03) September, 2003 https://doi.org/10.1109/DEXA.2003.1232073
  5. A. Schaad, Detecting Conflicts in a Role based Delegation Model, Proceedings of the 17th Annual Conference on Computer Security Applications, p.l17, December, 10-14, 2001
  6. A. Zhand and Chu, A Rule Based Framework for Based Delegation. Proceeding of the $6^{th}$ ACM Symposium on Access Control Models and Technologies, Pages 153-162, Chantilly, VA, May 3-4, 2001 https://doi.org/10.1145/373256.373289
  7. E. Barka, R. Sandhu, 'Role Based Delegation Model/Hierarchical Roles (RBDM1)', in Proceedings of 20th. Annual Computer Security Applications Conference, Tucson, AZ, USA, 2004 https://doi.org/10.1109/CSAC.2004.31
  8. E. Barka and R. Sandhu. A Role Based Delegation Model and Some Extensions. Proceedings of 23rd National Information System Security Conference, pp.101-114, Baltimore, Oct. 16-19, 2000
  9. E. Barka and R. Sandhu. Framework for Role Based Delegation Models. In Proceedings of 16th Annual Computer Security Application conference, New Orleans, LA, December 11-15 2000, pp.168-176 https://doi.org/10.1109/ACSAC.2000.898870
  10. L. HyungHyo, L. YoungLok, N. BongNam, A New Role Based Delegation Model Using Sub role Hierarchies, International Symposium on Computer and Information Sciences (ISCIS 2003) LNCS 2869 pp.811-818 November, 2003
  11. L. Hyun suk, K. Hyeog Man, and E. Young Ik, Reliable Cascaded Delegation Scheme for Mobile Agent Environments, WISA2003, Springer Verlag, Aug., 2003, pp.55-68
  12. R. Tamassia Danfeng Yao William H. Winsborough, Role Based Cascaded Delegation, SACMAT'04, June 2-4 2004 https://doi.org/10.1145/990036.990061
  13. X. Zhang, S. Oh, and R. Sandhu, PBDM: A Flexible Delegation Model in RBAC, In SAC MAT 2003, 8th ACM Symposium on Access Control Models and Technologies, June 2-3, 2003 https://doi.org/10.1145/775412.775431
  14. A. Quan Pham, Privilege Delegation and Revocation for Distributed Pervasive Computing Environments, Proceedings of the Second Australian Students' Computing Conference, 2004
  15. A. Hagstorm, S. Jajodia, Framxesco Parisi presicce, Revocation a Classification. 2001 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland. May 7-9, 2001