Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Object-Oriented Analysis and Design Methodology for Secure Database Design -focused on Role Based Access Control-

안전한 데이터베이스 설계를 위한 객체지향 분석·설계 방법론 -역할기반 접근제어를 중심으로-

  • Joo, Kyung-Soo (Dept. of Computer Software Engineering, SoonChunHyang University) ;
  • Woo, Jung-Woong (Dept. of Computer Software Engineering, SoonChunHyang University)
  • 주경수 (순천향대학교 컴퓨터소프트웨어공학과) ;
  • 우정웅 (순천향대학교 컴퓨터소프트웨어공학과)
  • Received : 2013.05.05
  • Accepted : 2013.06.10
  • Published : 2013.06.28
Download PDF
⟨ Previous Next ⟩

Abstract

In accordance with the advancement of IT, application systems with various and complex functions are being required. Such application systems are typically built based on database in order to manage data efficiently. But most object-oriented analysis design methodologies for developing web application systems have not been providing interconnections with the database. Since the requirements regarding the security issues increased, the importance of security has become emphasized. However, since the security is usually considered at the last step of development, it is difficult to apply the security during the whole process of system development, from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology for secure database design from the requirement analysis to implementation. This object-oriented analysis and design methodology for secure database design offers correlations with database that most existing object-oriented analysis and design methodologies could not provide. It also uses UMLsec, the modeling language, to apply security into database design. In addition, in order to implement security, RBAC (Role Based Access Control) of relational database is used.

IT의 발전에 따라 다양하고 복잡한 기능을 가진 응용 시스템들이 요구되고 있다. 이러한 응용 시스템들은 대부분 데이터를 효율적으로 관리하기 위해 데이터베이스를 기반으로 구축된다. 그러나 응용 시스템 개발을 위하여 사용되고 있는 대부분의 객체지향 분석 설계 방법론들은 데이터베이스와의 상호 연관성을 명확하게 제공하지 못하고 있다. 보안과 관련된 요구사항들이 증가되면서 보안에 대한 중요성 역시 점차 증가되고 있다. 하지만 이러한 보안은 대부분 개발 마지막 과정에서 고려되기 때문에 요구사항 분석부터 구현에 이르기까지 시스템 개발 전 주기에 따른 일관된 보안 적용은 어려운 실정이다. 따라서 본 논문에서는 요구사항 분석부터 구현에 이르기까지, 보안이 강조된 '안전한 데이터베이스 설계를 위한 객체지향 분석 설계 방법론'을 제안한다. 제안한 '안전한 데이터베이스 설계를 위한 객체지향 분석 설계 방법론'은 대부분의 객체지향 분석 설계 방법론들이 제시하지 못했던 데이터베이스와의 상호 연관성을 제공할 뿐만 아니라, 보안이 강조된 모델링 언어인 UMLsec을 사용하여 보안이 데이터베이스 설계에 반영토록 하였다. 아울러 보안에 따른 구현을 위하여 관계형 데이터베이스의 역할기반 접근제어(RBAC; Role Based Access Control)를 사용한다.

Keywords

References

  1. Joo Kyung-Soo, Woo Jung-Woong, "A Development of the Unified Object-Oriented Analysis and Design Methodology for Security-Critical Web Applications Based on Object-Relational Data - Forcusing on Oracle 11g-", Korea Society of Computer Infomation, Vol. 17, No. 12, pp. 169-177, 2012
  2. Han Jeong-Su, Kim Gwi-Jeong, Song Yeong-Jae, "Introduction to UML : Object-Oriented Design as in a friendly learning", Hanbit Media. Inc, pp. 58-66, 2009.
  3. Brett D. McLaughlin, Gary Pollice, David West, "Head First Object Oriented Analysis & Design", Hanbit Media. Inc, pp. 96-103, 2007.
  4. Eduardo Fernandez-Medinaa, Juan Trujillob, Rodolfo Villarroelc and Mario Piattinia, "Developing secure data warehouses with a UML extension", Journal Information Systems archive, vol. 32 No. 6, pp.826-856, 2007 https://doi.org/10.1016/j.is.2006.07.003
  5. G.Popp, J. Jurjens, G.Wimmel, R. Breu, "Security-Critical System Development with Extended Use Case", Asia-Pacific Software Engineering Conference, 5-1 self, 2003.
  6. Madan, s, "Security Standards Perspective to Fortify Web Database Applications From Code Injection Attacks", International Conference on Intelligent Systems, Modelling and Simulation(ISMS), vol. 10, pp. 226-230, 2010.
  7. lqra Basharat, Farooque Anam, Abdul Wahab Muzaffar, "Database Security and Encryption: A Survey Study", International Journal of Computer Application, vol. 47, No. 12, pp28-34, 2012
  8. David Basin, Jurgen Doser and Torsten Lodderstedt, "Model Driven Security: from UML Models to Access Control Infrastructures", ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 15 No. 1, pp39-91, 2006 https://doi.org/10.1145/1125808.1125810
  9. Cho Wan-Su, "UML 2 & UP Object-Oriented Analysis&design", pp.189-205, Hongrung Publishing Company, 2005.
  10. Jeon Byeong-Seon, "CBD, WHAT&HOW", Wowbooks, pp. 189-205, 2005.
  11. Joo Kyung-Soo, Jho Do-Hyung, "Development of Integrated Design Methodology for Relational Database Application -Focusing on Object-Oriented Analysis and Design Methodology-", Korea Society of Computer Information, Vol. 16, No. 11, pp. 25-34, 2011. https://doi.org/10.9708/jksci.2011.16.11.025
  12. Chae Heung-Seok, Object-oriented CDB Project for UML and Java as learning, Hanbit Media. Inc, pp. 84-112, 2009.
  13. Cho Jeong-Gil, "An Efficient Transformation Techn ique from Relational Schema to Redundancy Free XML Schema", Korean Society for Internet Information, Vol. 11, No. 6, pp. 123-133, 2010
  14. Bang Seung-Yun, Joo Kyung-Soo, "Design Metho dology for XML Schema Application based on UML", Soonchunhyang Univ, pp.71-75, 2003.

Cited by

  1. 운영단계 안전중시시스템에서 제기되는 설계변경요구에 대해 아키텍처 DB의 추적성을 통한 변경프로세스의 개선 vol.16, pp.1, 2013, https://doi.org/10.12812/ksms.2014.16.1.69
  2. 안정적인 DB보안 시스템 구축을 위한 보안기술요소 분석에 관한 연구 vol.19, pp.12, 2014, https://doi.org/10.9708/jksci.2014.19.12.143
  3. 안정적인 DB보안 시스템 구축을 위한 보안기술요소 분석에 관한 연구 vol.19, pp.12, 2014, https://doi.org/10.9708/jksci.2014.19.12.143