Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Time Constraints Permission Based Delegation Model in RBAC

RBAC을 기반으로 하는 시간제한 권한 위임 모델

  • 김태식 (동국대학교 컴퓨터공학과) ;
  • 장태무 (동국대학교 IT학부 컴퓨터공학과)
  • Received : 2010.09.13
  • Accepted : 2010.10.13
  • Published : 2010.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

역할 기반 접근제어는 역할 계층 구조에서 역할 상속과 의무 분리 등을 제공하여 접근제어의 관리를 쉽게 하는 장점이 있다. 위임은 사용자에게 접근 권한을 할당하는 메커니즘이다. RBDM0과 RDM2000은 사용자 대 사용자 위임으로서의 역할 위임이다. 그러나 RBAC은 실세계에서 빈번하게 이루어지는 역할이나 권한위임을 효율적으로 처리하지 못 한다. 본 논문에서는 위임된 권한의 영속성을 보장하고 최소 권한의 보안 원칙과 의무분리 원칙에 위배되지 않는 시간제한 권한 위임 모델(TCPBDM)을 제안한다. TCPBDM은 RBAC96을 바탕으로 하며, 위임에 시간제한과 함께 사용자 대 사용자, 역할 대 역할의 위임을 제공한다. 위임자는 원하는 권한을 특정인에게 부여 할 수 있고, 시간제한을 활용하여 위임자가 원하는 시점에서 권한이 회수될 수 있다. 본 논문에서는 TCPBDM을 분석하고 이의 유효성을 입증하였다.

Keywords

References

  1. Ravi S Sandhu, Edward j. Coyne, Hal L. Feinstein and Charles E. Youman, "Role-based Access Control Model," IEEE, pp. 38-47, Feb., 1996.
  2. Gail-Joon Ahn. "Specification and Classification of Role-based Authorization Policies," In Proceedings of 8th IEEE International Workshop on Enterprise Security(WETICE2003), pp. 202-207, June 9-11, 2003.
  3. Ezedin Barka and Ravi Sanhu, "Framework for Role-based Delegation Model and Some Extensions," Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, pp.101-114, Baltimore,USA, October, 2000.
  4. Ezedin Barka and Ravi S Shanhu, "A Role-Based Delegation model and Some Extensions," Proc, Of 23rd National Information System Security Conference(NISSC2000), pp. 168-176, Dec., 2000.
  5. Gail Ahn and Ravi Snahu, "Role-based Authorization Constraints Specification," ACM Trans on Information and System Security, Vol.3, No.4, pp.207-226, November, 2000. https://doi.org/10.1145/382912.382913
  6. Zhang L, Ahn .G.J and Chun B.T, "A Rule-based Framework for Role-based Delegation Revocation," ACM Transactions on Information and System Security , Vol. 6, No. 3, pp. 404-441, August, 2003. https://doi.org/10.1145/937527.937530
  7. XinWen Zhang, Sejong Oh and Ravi Sandhu," PBDM: A Flexible Delegation Model in RBAC," 8th ACMSympo siumon Access Control Models and Technologies (SACMAT-03), pp.149-157, June, 2003.
  8. Chunxiao Ye, Yunqing Fu, Zhingfu Wu, "An attribute- Based-Delegation-Model," ACM International Confer ence Proceeding Series, Vol. 85, Proceedings of the 3rd international Conference in Information security, pp. 220-221, November 14-16, 2004.
  9. Serban I, Bavrila, Jogn F, Barklev, "Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management," ACM Workshop on Role-Based Access Control, pp. 81-90, 1998.
  10. J.B.D. Joshi, E. Bertino. U. Latif, A. Gahfoor. Gemeralized, "A generalized Temporal Role Based Access Control Model," IEEE Transactions on Knowledge and Data Engineering, 17 (1), pp. 4-23, Jan., 2005 . https://doi.org/10.1109/TKDE.2005.1
  11. J.B.D. joshi, E. Bertino."Fine-grained role-based delegation in presence of the hybrid role hierarchy," Proc. 11th ACM, Access control model and Technologies. pp. 81-90, Jun., 2006.
  12. J. Wainer and A. Kumar, "A Fine-Grained, Controllable, User-to-User Delegation Method in RBAC," Proc. 10th ACM Symp. Access Control Models and Technologies(SACMAT '05), pp. 59-66, June 2005.
  13. Y. Zhang. "Achieving Flexible Task Delegation in Role-Based Agent Teams," Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, 2007, pp. 3801-3806, 7-10 Oct. 2007.
  14. Hagstrom, A, Jajodia, S, Parisi-Presicce, F, Wijesekera, D,"Revocation-a Classification," Computer Security Foundations Workshop, 2001. Proceedings. 14th IEEE, pp. 44-58, Oakland, May 7-9, 2001.