Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

The Definitions of Security Requirements for Control Access on the Step of Analysis

분석단계에서 접근 통제의 보안 요건 정의

  • Shin, Seong-Yoon (Dept. of Computer Information Engineering, Kunsan National University)
  • 신성윤 (군산대학교 컴퓨터정보공학과)
  • Received : 2014.08.12
  • Accepted : 2014.10.08
  • Published : 2014.11.29
Download PDF
⟨ Previous Next ⟩

Abstract

The access control means the process to record and manage access restrictions and permits for protecting information in records. This paper emphasizes the control of access and authorization based on the roles and the data using activities of users as task performers. Also, it requires to gain the necessary approval in advance for important tasks such as mass inquiry and change on important information to influence the very existence of the whole organization. And then, it suggests that it is necessary to control some session of information with non-activity for certain time. Generally, this paper is to explain security elements of access control through various cases.

접근 통제란 기록과 기록이 담고 있는 정보를 보호하기 위하여 기록에 대한 접근을 제한하거나 허용하는 기록관리 과정을 말한다. 본 논문에서는 업무수행자인 사용자의 역할과 데이터 사용행위를 기반으로 한 접근 및 권한 통제가 이루어져야 한다는 점을 강조한다. 조직의 운명을 좌우하는 매우 중요한 정보의 대량 조회 및 변경 작업은 반드시 사전 결재를 취득해야 가능하다는 점도 제시한다. 또한, 일정한 시간 동안 아무런 행위도 하지 않는 세션에 대하여 통제를 하는 것은 당연하다는 것도 제시한다. 그리고 접근 통제에 대한 보안 요건에 관한 사례를 직접 들어 설명하도록 하였다.

Keywords

References

  1. http://flyingwolf.co.kr/110185021556
  2. Jong-Il Baek, "Access Control Security Technology for the Protection Vulnerable DB Objects, Department of IT Application Technology, The Graduate School of Venture, Hoseo University, 2012
  3. Kyong-Ho Choi, Sung-Kwan Kang, Kyung-Yong Chung, Jung-Hyun Lee, "A Study of Network 2-Factor Access Control Model for Prevention the Medical-Data Leakage," Jouranl of Digital Convergence, Vol. 10, No. 6, pp. 341-347, 2012
  4. Jorg Caumanns, Raik Kuhlisch, Oliver Pfaff, Olaf Rode, "IHE IT Infrastructure Technical Framework White Paper - Access Control," IHE International, 2009
  5. Michelle L. Mazurek, Yuan Liang, William Melicher, Manya Sleeper, Lujo Bauer, Gregory R. Ganger, Nitin Gupta, and Michael K. Reiter, "Toward strong, usable access control for shared distributed data," FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies, PP. 89-103, 2014
  6. Peisert, Sean, and Matt Bishop. "Dynamic, flexible, and optimistic access control." Dept. of Computer Science, University of California at Davis, Davis, CA, USA, Technical Report CSE-2013-76, 2013
  7. JongMin Kim, KyongHo Choi, DongHwi Lee, "Network Group Access Control system using piggy-backing prevention technique based on Infrared-Ray," Journal of Korea Convergence Security Association, Vol. 12, No. 4, pp.109-114, 2012
  8. KyongHo Choi, JongMin Kim, Daesung Lee, "Network 2-Factor Access Control system based on RFID security control system," Journal of Korea Convergence Security Association, Vol. 12, No. 6, pp. 53-58, 2012
  9. Park HM, Lee YL, Lee HH, "Analysis of Access Control Model for Ubiquitous Computing," Review of KIISC Vo. 19, No. 2, 2009
  10. Sun-Joo Kim, In-June Jo, "Access Control Method for Software on Virtual OS Using the Open Authentication Protocol," The Journal of the Korea Contents Association, Vol. 13, No. 12, pp. 568-574, 2013 https://doi.org/10.5392/JKCA.2013.13.12.568
  11. Young-soo Kim, Sun-goo Jo, "Indirection based Multilevel Security Model and Application of Rehabilitation Psychology Analysis System," J. Korea Inst. Inf. Commun. Eng., Vol. 17, No. 10, pp. 2301-2308, Oct. 2013 https://doi.org/10.6109/jkiice.2013.17.10.2301
  12. http://terms.naver.com/entry.nhn?docId=441192&cid=442&categoryId=442