Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Design for Efficient Personal Policy of Service based RBAC

서비스 기반 RBAC의 효율적인 개인별 정책 설계에 관한 연구

  • Mun, Hyung-Jin (Division of Information and Communication Engineering, Baekseok University) ;
  • Han, Kun-Hee (Division of Information and Communication Engineering, Baekseok University)
  • 문형진 (백석대학교 정보통신학부) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2015.11.07
  • Accepted : 2016.02.20
  • Published : 2016.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

The organizations and companies establish personal information protection policy under the law and guidelines. They carry out access control without consideration for distinctiveness of the information although the damage degree varies when the information is leaked. Considering the distinctiveness, a policy needs to be made for individuals to protect his personal information. However, he is not able to write the policy because of lack of understanding the system. To write his own policy efficiently, the system that authorizes ones according to service list provided by organizations is necessary. This paper suggests the model and method that write personal policy for his information protection based on the service list provided by organizations. Through this model, fine-grained authorization and policy change are easily made and ultimately the access control customized according to one's own information is possible.

기업이나 기관에는 법률과 지침에 근거하여 개인정보 보호를 위한 정책이 수립한다. 하지만 개인별로 정보유출시 침해정도가 다름에도 기관은 개인정보의 특수성을 고려되지 않은 상태로 접근제어가 이루지고 있다. 개인정보의 특수성을 고려하여 개인이 자신의 정보를 보호하기 위한 정책을 수립할 필요하다. 하지만 기관에 있는 시스템의 이해가 부족한 개인이 자신의 정책을 수립하기는 쉽지 않다. 효율적으로 개인이 자신의 정책을 수립하기 위해 기관에서 제공하는 서비스별로 접근권한을 부여할 수 있는 시스템이 요구된다. 본 논문에서는 기관에서 제공된 서비스항목을 기준으로 개인별 정보보호 정책을 수립이 가능한 모델과 그 방법을 제안하다. 제안 방법을 통해 세밀한 권한부여와 자신의 수립한 정책변경이 용이하고, 궁극적으로 자신의 정보에 대한 맞춤형 접근제어가 가능하다.

Keywords

References

  1. J.Y Go, K.H Lee, "SNS disclosure of personal information in M2M environment threats and countermeasures", Journal of the Korea Convergence Society, Vol. 5, No. 1, pp.29-34, 2014. https://doi.org/10.15207/JKCS.2014.5.1.029
  2. BBC News. S. Korea credit card firms punished over data theft. BBC News Business. http://www.bbc.co.uk/news/business-26222283, Feb 17, 2014
  3. J.L. Yoo, "Personal Information Protection in Digital Era-Reviewing Personal information protection Act-", Journal of Digital Convergence, Vol. 9, No. 6, pp81-90, 2011.
  4. J.H. Kim, J.Y. Go, K.H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Journal of the Korea Convergence Society, Vol. 6, No. 1, pp85-91, 2015. https://doi.org/10.15207/JKCS.2015.6.1.085
  5. H. Zoo, H Lee, J. Kwak, Y Kim, "Data Protection and Privacy over the Internet: Towards Development of an International Standard", Journal of Digital Convergence, Vol. 11, No. 4, pp57-69, 2013.
  6. K.J. Lee,"Analysis of Threats Factor in IT Convergence Security", Journal of the Korea Convergence Society, Vol. 1, No. 1, pp49-55, 2010
  7. OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, 2013
  8. M.C. Mont, S. Pearson, P. Bramhall., "An Adaptive Privacy Management System For Data Repositories," TrustBus2005 (LNCS Vol. 3592), pp.236-245, 2005.
  9. H.J. Mun, K.M. Lee, S.H. Lee, "Person-Wise Privacy Level Access Control for Personal Information Directory Services," EUC2006 (LNCS Vol. 4096), pp.89-98, 2006.
  10. S. Sessay, Z. Yang, J. Chen, D. Xu, "A Secure Database encryption scheme", Proceedings of second IEEE Consumer Communications and Networking Conference, pp.49-53, 2005.
  11. R.S. Sandhu, E.J.Coyne, H.L. Feinstein, C.E. Youman, "Role Based Access Control Models." IEEE Computer, Vol. 29, No. 2. pp38-47
  12. D. F. Ferraiolo, D. R Kuhn, "Role-Based Access Control," Poceedings of the 15th National Computer Security Conference, pp.554-563, 1992.
  13. D.F. Ferraiolo, J.F. Barkley, D.R. Kuhn,"A Role Based Access Control Model and Reference Implementation within a Corporate Intranet", ACM Transactions on Information and System Security(TISSEC), Vol. 2, No. 1, pp.34-64, 1999. https://doi.org/10.1145/300830.300834
  14. H. Mun, N. Um, N. Sun, Y. Li, S. Lee," Subject-wise policy based access control mechanism for protection of personal information". In International conference on convergence information tech (ICCIT2007), pp.2242-2247, 2007.
  15. H.J. Mun, "A Role based personal sensitive information protection with subject policy", Ph.D. dissertation. Chungbuk University, 2008.
  16. H.J. Mun, J.S. Suh, "Sensitive personal information model for RBAC system". Journal of computer information, Vol. 13, No. 5, pp.103-110, 2008.
  17. Keun-Ho Lee, "A Method of Defense and Security Threats in U-Healthcare Service", Journal of the Korea Convergence Society, Vol. 3, No. 4, pp. 1-5, 2012.
  18. Kwang-Jae Lee, Keun-Ho Lee, "A Study of Security Threats in Bluetooth v4.1 Beacon based Coupon Convergence Service", Journal of the Korea Convergence Society, Vol. 6, No. 2, pp. 65-70, 2015. https://doi.org/10.15207/JKCS.2015.6.2.065
  19. Bo-Kyung Lee, "A Study on Security of Virtualization in Cloud Computing Environment for Convergence Services", Journal of the Korea Convergence Society, Vol. 5, No. 4, pp. 93-99, 2014. https://doi.org/10.15207/JKCS.2014.5.4.093

Cited by

  1. Technology Trends, Research and Design of AIM Framework for Authentication Information Management vol.14, pp.7, 2016, https://doi.org/10.14400/JDC.2016.14.7.373