The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

An Access Control Method considering Semantic Context for Privacy-preserving

개인정보 보호를 위한 의미적 상황을 반영하는 접근제어 방식

  • Kang, Woo-Jun (Dept. of Business Admin, Korea Christian University)
  • 강우준 (그리스도대학교 경영학부)
  • Received : 2014.10.22
  • Accepted : 2015.02.13
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

To conform to new emerging computing paradigm, various researches and challenges are being done. New information technologies make easy to access and acquire information in various ways. In other side, however, it also makes illegal access more powerful and various threat to system security. In this paper, we suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules, based on their semantic information. New method is to derive security policy rules using context tree structure and to control the exceed granting of privileges through the degree of the semantic discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

새롭게 대두되는 컴퓨팅 패러다임에 대응하기 위해 전통적인 접근제어 방식을 확장하는 다양한 연구들이 수행되고 있다. 정보에 대한 접근과 획득 방식이 훨씬 다양하고 용이해지고 있는 반면 강력하고 다양한 도구를 이용한 불법접근이 가능하도록 하는 부작용이 초래되고 있다. 본 연구에서는 상황정보의 의미를 기반으로 보안정책에 의해 명시된 상황제약조건이 질의에 수반되는 상황제약조건의 구문과 일치하지 않는 경우에도 적절한 보안정책 집행이 가능하도록 하는 접근제어 방식을 제안한다. 상황정보를 트리구조로 구성하여 함의에 의한 보안규칙을 유도하고 함의에 의한 과도한 권한부여를 방지할 수 있는 방법을 제시한다. 그리고 제안방식을 구현하는 프로토타입 시스템의 구조를 제시하고 성능평가를 통해 이전 접근제어 방식들과 비교한다.

Keywords

References

  1. Weiser, M., "Hot Topics: Ubiquitous Computing", IEEE Computer, 1993.
  2. Kumar, N., Chafle, G., "Context Sensitivity in Role-based Access Control", Operating Systems Review, Vol. 36, No. 3, IBM Journal, 2002
  3. Wang, X.H., Xhang, D.Q., Gu, T., and Pung, H.K., "Ontology Based Context Modeling and Reasoning using OWL", in PerCom2004 Annual Conference on Pervasive computing and Communications Workshop, 2004
  4. Powers, C.S., Ashley, P., Schunter, M., "Privacy Promises, Access Control and Privacy Management," Proc. of the 3rd International Symposium on Electronic Commerce, pp. 13-21, IEEE, 2002.
  5. Y. Kim, J. Kim, J. Han, "The structural relationships among user citizenship behavior, aberrant user behavior, social connectedness, privacy concern, and user satisfaction", Journal of the Korea Academia-Industrial cooperation Society, Vol.13, No.11 pp.4994-5004, 2012 https://doi.org/10.5762/KAIS.2012.13.11.4994
  6. B. Rhee, Y. Jeong, S. Lee, "Privacy Model based on RBAC for U-Healthcare Service Environment", Journal of Korean Institute of Information Technology, vol. 9, issue 9, April, 2011.
  7. Bertino., E., Castano, S., Ferrari, E. and Mesiti, M., "Specifying and Enforcing Access Control Policies for XML Document Sources", WWW Journal, Baltzer Science Publishers, Vol. 3, No. 3, pp. 139-151, 2000.
  8. Rastogi et al, "Access Control over Uncertain Data", PVLDB '08, 2008.
  9. P. Balbiani, "Access control with uncertain surveillance", International Conference on Web Intelligence, 2005.
  10. Dalvi et al, "Efficient query evaluation on probabilistic databases", VLDB J, 2007.
  11. Woo-Jun Kang, "A Method for Access Control on Uncertain Context", Journal of the Institute of Internet, Broadcasting and Communication (JIIBC), Vol. 10, No. 6, pp. 215-223, 2010.
  12. Woo-Jun Kang, "A Method for Semantic Access Control using Hierarchy Tree", Journal of the Institute of Internet, Broadcasting and Communication (JIIBC), Vol. 11, No. 6, pp. 223-234, 2011.
  13. Woo-Jun Kang, "An Efficient Privacy Preserving Method based on Semantic Security Policy Enforcement", Journal of the Institute of Internet, Broadcasting and Communication (JIIBC), Vol. 13, No. 6, pp. 173-186, 2013. https://doi.org/10.7236/JIIBC.2013.13.6.173
  14. Sandhu, R., Ferraiolo, D., and Kuhm, R., "The NIST Model for Role-Based Access Control: Towards A Unified Standard", in Proceedings of the fifth ACM workshop on Role-based access control, 2000
  15. Byun, J., Bertino, E., Li, N., "Purpose-based Access Control of Complex Data for Privacy Protection", SACMAT, pp102-110, 2005
  16. Qin, L., Atluri, V., "Concept-level Access Control for the Semantic Web", in ACM Workshop on XML Security, 2003.
  17. Adam, N.R., Atluri, V., "A Content-based Authorization Model for Digital Libraries", IEEE Transactions on knowledge and data engineering, Vol. 14, No. 2, 2002.
  18. Chandramouli, R., "A Framework for Multiple Authorization Types in a Healthcare Application System", Proc. of the 17th Annual Computer Security applications Conference (ACSAC 2001), pp. 137-148,
  19. Covington, M.J., Srinivasan, S., Abowd, G., "Securing context-aware applications using environment roles", in SACMAT 2001.
  20. Bertino, E., Castano, S., and Ferrai, E., "Securing XML documents with Author-x", IEEE InternetComputing, May.June, pp. 21-31, 2001.
  21. Haarslev, V., Moller, R., "Racer: A Core Inference Engine for the Semantic Web", in Proceedings of the 2nd International Workshop on Evaluation of Ontology-based Tools (EON2003), located at the 2nd International Semantic Web Conference ISWC 2003, Sanibel Island, Florida, USA, October 20, 2003.
  22. Bitton, D., Dewitt, D.J., Turbyfill, C., "Benchmarking database systems: a system approach", In: 9th International Conference on Very Large Data Base, VLDB, 1983.