Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.6.31

An Implementation of NEIS′DB Security Using RBAC based on PMI  

Ryoo Du-Gyu (숭실대학교)
Moon Bong-Keun (숭실대학교)
Jun Moon-Seog (숭실대학교)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.6, 2004 , pp. 31-45 More about this Journal
Abstract
Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.
Keywords
Authentication; Digital Signature; Attribute Certificate; Role Based Access Control;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Rabi S. Sandhu. Edward J. Coyne. 'Role-Based Access Control Models', IEEE Computer, pp. 38-47, February 1996
2 Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein and Charls E. Younman, 'Role-based access control model'. IEEE Computer, Volume 29, pp. 38-47, February 1996
3 이덕규, 이임영, 'PMI를 이용한 확장 권한위임에 관한 연구', 정보처리학회 춘계학술발표논문집, 제9권 제1호, pp. 947-950, March, 2002
4 이승훈, 송주석, 'PMI 인증서 검증 위임 및 검증 프로토콜', 정보보호학회논문지, 제13권 제1호, pp. 59-67, February 2003
5 ITU_T Recommendation X.509. 'PublicKey And Attribute Certificate Frameworks', ISO/lEC 9594-8, May 2001
6 Adams, et al, 'Internet X.509 Public Key Infrastructure Time-Stamp Protocol'. IETF RFC3161, August 2001
7 D.W.Chadwick, A. Otenko. E. Ball. 'Implementing Role Based Access Controls Using X.509 Attribute Certificates'. IEEE Internet Computing, March-April 2003. pp. 62-69
8 문봉근, 홍성식, 유황빈, 'RSA 방식을 이용한 데이터베이스 암호화 구현', 통신정보보호학회논문지, 제3권 제2호, pp 53-62. December 1993
9 C. Adams, S. Farrell, 'Internet X.509 Public Key Infrastructure Certificate Protocols', IETF RFC2510, March 1999
10 박지숙, '고객정보보호를 위한 DB 암호화 구현 사례', 삼성SDS, IT ERVIEW, 2003
11 R. Housely, W. Ford, W. Polk, D. Solo, 'Internet X.509 Public Key Infraxtructure Certificate and CRL Profile', IETF RFC2459, January 1999
12 M. Myers, R. Ankney, A. Malpani, S. Galperin. C. Adams. 'X.509 Internet Public Key Infrastructure Online Certificate Status Protocol'. IETF RFC2560. June 1999
13 Ravi S. Sandhu. 'Rational for the RBAC96 Family of Access Control Models', In Proceedings of 1st ACM Workshop on Role-based Access control, ACM, Article No. 9, 1996
14 S. Farrell, R. Housley, 'An Internet Attribute Certificate Profile for Authorization', IETF RFC 3281 April 2002
15 John Barkly, 'Comparing Simple Role Based Access Control Models and Access Control Lists', In Proc.of ACM RBAC 97, pp. 127-132, 1997
16 전문석, 유두규, 문주영, 문봉근, 엄기원, 고명선, 강정호, '정보이론 및 PKI', 미래컴, October 2003