Browse > Article
http://dx.doi.org/10.14400/JDC.2016.14.2.191

A Study on Design for Efficient Personal Policy of Service based RBAC  

Mun, Hyung-Jin (Division of Information and Communication Engineering, Baekseok University)
Han, Kun-Hee (Division of Information and Communication Engineering, Baekseok University)
Publication Information
Journal of Digital Convergence / v.14, no.2, 2016 , pp. 191-196 More about this Journal
Abstract
The organizations and companies establish personal information protection policy under the law and guidelines. They carry out access control without consideration for distinctiveness of the information although the damage degree varies when the information is leaked. Considering the distinctiveness, a policy needs to be made for individuals to protect his personal information. However, he is not able to write the policy because of lack of understanding the system. To write his own policy efficiently, the system that authorizes ones according to service list provided by organizations is necessary. This paper suggests the model and method that write personal policy for his information protection based on the service list provided by organizations. Through this model, fine-grained authorization and policy change are easily made and ultimately the access control customized according to one's own information is possible.
Keywords
RBAC; Service based Access Control; Privacy Protection; Personal Policy;
Citations & Related Records
Times Cited By KSCI : 7  (Citation Analysis)
연도 인용수 순위
1 J.Y Go, K.H Lee, "SNS disclosure of personal information in M2M environment threats and countermeasures", Journal of the Korea Convergence Society, Vol. 5, No. 1, pp.29-34, 2014.   DOI
2 BBC News. S. Korea credit card firms punished over data theft. BBC News Business. http://www.bbc.co.uk/news/business-26222283, Feb 17, 2014
3 J.L. Yoo, "Personal Information Protection in Digital Era-Reviewing Personal information protection Act-", Journal of Digital Convergence, Vol. 9, No. 6, pp81-90, 2011.
4 J.H. Kim, J.Y. Go, K.H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Journal of the Korea Convergence Society, Vol. 6, No. 1, pp85-91, 2015.   DOI
5 H. Zoo, H Lee, J. Kwak, Y Kim, "Data Protection and Privacy over the Internet: Towards Development of an International Standard", Journal of Digital Convergence, Vol. 11, No. 4, pp57-69, 2013.
6 K.J. Lee,"Analysis of Threats Factor in IT Convergence Security", Journal of the Korea Convergence Society, Vol. 1, No. 1, pp49-55, 2010
7 OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, 2013
8 M.C. Mont, S. Pearson, P. Bramhall., "An Adaptive Privacy Management System For Data Repositories," TrustBus2005 (LNCS Vol. 3592), pp.236-245, 2005.
9 H.J. Mun, K.M. Lee, S.H. Lee, "Person-Wise Privacy Level Access Control for Personal Information Directory Services," EUC2006 (LNCS Vol. 4096), pp.89-98, 2006.
10 S. Sessay, Z. Yang, J. Chen, D. Xu, "A Secure Database encryption scheme", Proceedings of second IEEE Consumer Communications and Networking Conference, pp.49-53, 2005.
11 R.S. Sandhu, E.J.Coyne, H.L. Feinstein, C.E. Youman, "Role Based Access Control Models." IEEE Computer, Vol. 29, No. 2. pp38-47
12 D. F. Ferraiolo, D. R Kuhn, "Role-Based Access Control," Poceedings of the 15th National Computer Security Conference, pp.554-563, 1992.
13 D.F. Ferraiolo, J.F. Barkley, D.R. Kuhn,"A Role Based Access Control Model and Reference Implementation within a Corporate Intranet", ACM Transactions on Information and System Security(TISSEC), Vol. 2, No. 1, pp.34-64, 1999.   DOI
14 Keun-Ho Lee, "A Method of Defense and Security Threats in U-Healthcare Service", Journal of the Korea Convergence Society, Vol. 3, No. 4, pp. 1-5, 2012.
15 H. Mun, N. Um, N. Sun, Y. Li, S. Lee," Subject-wise policy based access control mechanism for protection of personal information". In International conference on convergence information tech (ICCIT2007), pp.2242-2247, 2007.
16 H.J. Mun, "A Role based personal sensitive information protection with subject policy", Ph.D. dissertation. Chungbuk University, 2008.
17 H.J. Mun, J.S. Suh, "Sensitive personal information model for RBAC system". Journal of computer information, Vol. 13, No. 5, pp.103-110, 2008.
18 Kwang-Jae Lee, Keun-Ho Lee, "A Study of Security Threats in Bluetooth v4.1 Beacon based Coupon Convergence Service", Journal of the Korea Convergence Society, Vol. 6, No. 2, pp. 65-70, 2015.   DOI
19 Bo-Kyung Lee, "A Study on Security of Virtualization in Cloud Computing Environment for Convergence Services", Journal of the Korea Convergence Society, Vol. 5, No. 4, pp. 93-99, 2014.   DOI