The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

An Efficient Privacy Preserving Method based on Semantic Security Policy Enforcement

의미적 보안정책 집행에 의한 효율적 개인정보보호 방식

  • Kang, Woo-Jun (Dept. of Business Admin., Korea Christian University)
  • 강우준 (그리스도대학교 경영학부)
  • Received : 2013.11.20
  • Accepted : 2013.12.13
  • Published : 2013.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

New information technologies make it easy to access and acquire information in various ways. However, It also enable powerful and various threat to system security. To challenge these threats, various extended access control methods are being studied. We suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules via their semantic relationship. New our approach derives semantic implications using tree hierarchy structure and coordinates the exceed privileges using semantic gap factor calculating the degree of the discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

새로운 정보기술의 발전으로 인해 정보 접근과 획득 방식이 훨씬 다양하고 용이해지고 있는 반면 다양하고 성능 좋은 도구를 이용한 불법적인 접근이 가능하도록 하는 부작용이 초래되고 있다. 이러한 새로운 컴퓨팅 환경에서의 위협에 대응하고자 전통적인 접근제어를 확장한 다양한 연구들이 수행되고 있다. 본 연구에서는 정책집행의 제약조건 중 주요 요소인 상황과 목적에 대한 의미적 정보를 기반으로 명시적으로 기술되는 정책 제약조건과 보안집행과정에서의 질의 제약조건이 서로 구문적으로 일치하지 않는 경우에도 그 의미를 파악하여 적절한 정책집행이 가능하도록 하는 접근제어 방식을 제안한다. 의미적 보안 정책집행을 위해 온톨로지를 기반으로 트리 계층 구조를 구성하고 이를 이용하여 의미적 함의 관계를 유도하고 함의관계에 의해 유도되는 추가적 함의 때문에 발생할 수 있는 과도한 권한부여를 의미 차 인수를 이용하여 방지할 수 있는 방법을 제시한다. 그리고 제안방식을 구현하는 프로토타입 시스템의 구조를 제시하고 성능평가를 통해 이전 접근제어 방식들과 비교한다.

Keywords

References

  1. Weiser, M., "Hot Topics: Ubiquitous Computing", IEEE Computer, 1993.
  2. Kumar, N., Chafle, G., "Context Sensitivity in Role-based Access Control", Operating Systems Review, Vol. 36, No. 3, IBM Journal, 2002
  3. Wang, X.H., Xhang, D.Q., Gu, T., and Pung, H.K., "Ontology Based Context Modeling and Reasoning using OWL", in PerCom2004 Annual Conference on Pervasive computing and Communications Workshop, 2004
  4. Powers, C.S., Ashley, P., Schunter, M., "Privacy Promises, Access Control and Privacy Management," Proc. of the 3rd International Symposium on Electronic Commerce, pp. 13-21, IEEE, 2002.
  5. Y. Kim, J. Kim, J. Han, "The structural relationships among user citizenship behavior, aberrant user behavior, social connectedness, privacy concern, and user satisfaction", Journal of the Korea Academia-Industrial cooperation Society, Vol.13, No.11 pp.4994-5004, 2012 https://doi.org/10.5762/KAIS.2012.13.11.4994
  6. B. Rhee, Y. Jeong, S. Lee, "Privacy Model based on RBAC for U-Healthcare Service Environment", Journal of Korean Institute of Information Technology, vol. 9, issue 9, April, 2011.
  7. Bertino., E., Castano, S., Ferrari, E. and Mesiti, M., "Specifying and Enforcing Access Control Policies for XML Document Sources", WWW Journal, Baltzer Science Publishers, Vol. 3, No. 3, pp. 139-151, 2000.
  8. Rastogi et al, "Access Control over Uncertain Data", PVLDB '08, 2008.
  9. P. Balbiani, "Access control with uncertain surveillance", International Conference on Web Intelligence, 2005.
  10. Dalvi et al, "Efficient query evaluation on probabilistic databases", VLDB J, 2007.
  11. Sandhu, R., Ferraiolo, D., and Kuhm, R., "The NIST Model for Role-Based Access Control: Towards A Unified Standard", in Proceedings of the fifth ACM workshop on Role-based access control, 2000
  12. 강우준, "불확정 상황정보 상에서의 접근제어 방식", (사)인터넷방송통신학회 논문지 제10권 제6호, pp. 215-223, 2010.
  13. Byun, J., Bertino, E., Li, N., "Purpose-based Access Control of Complex Data for Privacy Protection", SACMAT, pp102-110, 2005
  14. 강우준, "계층트리를 이용하는 의미적 접근제어 방식", (사)인터넷방송통신학회 논문지 제11권 제6호, pp. 223-234, 2011.
  15. Adam, N.R., Atluri, V., "A Content-based Authorization Model for Digital Libraries", IEEE Transactions on knowledge and data engineering, Vol. 14, No. 2, 2002.
  16. Chandramouli, R., "A Framework for Multiple Authorization Types in a Healthcare Application System", Proc. of the 17th Annual Computer Security applications Conference (ACSAC 2001), pp. 137-148,
  17. Covington, M.J., Srinivasan, S., Abowd, G., "Securing context-aware applications using environment roles", in SACMAT 2001.
  18. Bertino, E., Castano, S., and Ferrai, E., "Securing XML documents with Author-x", IEEE InternetComputing, May.June, pp. 21-31, 2001.
  19. Qin, L., Atluri, V., "Concept-level Access Control for the Semantic Web", in ACM Workshop on XML Security, 2003.
  20. Haarslev, V., Moller, R., "Racer: A Core Inference Engine for the Semantic Web", in Proceedings of the 2nd International Workshop on Evaluation of Ontology-based Tools (EON2003), located at the 2nd International Semantic Web Conference ISWC 2003, Sanibel Island, Florida, USA, October 20, 2003.
  21. Bitton, D., Dewitt, D.J., Turbyfill, C., "Benchmarking database systems: a system approach", In: 9th International Conference on Very Large Data Base, VLDB, 1983.

Cited by

  1. Key-pair(Public key, Private key) conflict analysis using OpenSSL vol.15, pp.8, 2014, https://doi.org/10.5762/KAIS.2014.15.8.5294
  2. Deduction of Humanistic Metaphor based on Searching, Participation, Sharing and Analysis of Wearable Device vol.14, pp.3, 2014, https://doi.org/10.7236/JIIBC.2014.14.3.125