Browse > Article
http://dx.doi.org/10.9708/jksci.2010.15.1.167

An Integrated Management Model of OS-RBAC and Separation Of Duty Policy  

Byun, Chang-Woo (인하공업전문대학 컴퓨터시스템과)
Publication Information
Journal of the Korea Society of Computer and Information / v.15, no.1, 2010 , pp. 167-175 More about this Journal
Abstract
Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.
Keywords
Security; Access Control; Separation of Duty; Role Based Access Control; Organizational Structure-RBAC;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Sejong Oh, Changwoo Byun, Seog Park "An Organizational Structure-Based Administration Model for Decentralized Access Control," Journal of Information Science and Engineering, Vol.22, No. 6, pp. 1465-1483, 2006.
2 Changwoo Byun, Seog Park, Sejong Oh "OS-DRAM: A Delegation Administration Model in a Decentralized Enterprise Environment," The Seventh International Conference on Web-Age Information Management (WAIM 2006), Lecture Notes in Computer Science (LNCS)4016, pp. 593-604, June, 2006.
3 황유동, 박동규, "유비쿼터스 환경의 접근제어를 위한 확장된 GTRBAC 모델," 한국 컴퓨터정보학회 논문지, 제10권, 제 3호, 45-54쪽, 2005년 7월
4 N. Li, and Q. Wang, "Beyond Separation of Duty: An Algebra for Specifying High-level Security Policies," CCS'06, pp. 356-369, 2006.
5 V. D. Gligor, S. I. Gavrila and D. Ferraiolo, "On the Formal Definition of Separation-of-Duty Polices and their Composition," IEEE Symposium on Security and Privacy, pp. 172-183, May, 1998.
6 R. Sandhu, D. Ferraiolo, and D. Kuhn, "The NIST model for role-based access control: towards a unified standard", in Proc. of Fifth ACM Workshop on Role-Based Access Control, pp. 47-63, 2000.
7 문형진, 서정석, "역할기반 접근제어시스템에 적용 가능한 민감한 개인정보 보호모델," 한국컴퓨터정보학회 논문지, 제 13권, 제 5호, 103-110쪽, 2008년 9월
8 R. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 model for role-based administration of roles," ACM Trans. Inf. And Syst. Sec. 1, 2, pp. 105-135, 1999.   DOI
9 S. Perelson, R. Botha and J. Eloff, "Separation of Duty Administration," South African Computer Journal, Number 27, pp. 64-69, 2001.
10 J. B. D. Joshi, E. Bertino, B. Shafiq, A. Ghafoor, "Dependencies and Separation of Duty Constraints in GTRBAC," SACMAT'03, pp. 51-64, June 2003.
11 M. Streambeck, "Conflict Checking of Separation of Duty Constraints in RBAC Implementation Experiences," in Proc. of the Conference on Software Engineering (SE2004), pp. 224-229, Feb. 2004.
12 H. Chen and N. Li, "Constraint Generation for Separation of Duty," SACMAT'06, pp. 130-138, June 2006.
13 T.Mossakowski,M. Drouineaud andK. Sohr, "Atemporal-logic extension or role-based access control covering dynamic separation of duties," 4th International Conference on Temporal Logic, pp. 83-90, July 2003.
14 오세종, "역할기반 접근제어 환경에서 접근권한 기반의 임무분리 모델," 정보처리학회논문지 C, 제11-C권, 제 6호, 725-730쪽, 2004년 12월   과학기술학회마을   DOI
15 C. J. Moon, D. H. Park, S. J. Park, D. K. Baik, "Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration," Computers & Security, Vol 23, pp.126-136, 2004.   DOI
16 M. J. Nash and K. R. Poland, "Some Conundrums Concerning Separation of Duty," IEEE Symposium on Research in Security and Privacy, 7-9, pp. 201-209, 1990.