Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.5.59

An Architecture of Access Control Model for Preventing Illegal Information Leakage by Insider  

Eom, Jung-Ho (Sungkyungkwan University)
Park, Seon-Ho (Sungkyungkwan University)
Chung, Tai-M. (Sungkyungkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.5, 2010 , pp. 59-67 More about this Journal
Abstract
In the paper, we proposed an IM-ACM(Insider Misuse-Access Control Model) for preventing illegal information leakage by insider who exploits his legal rights in the ubiquitous computing environment. The IM-ACM can monitor whether insider uses data rightly using misuse monitor add to CA-TRBAC(Context Aware-Task Role Based Access Control) which permits access authorization according to user role, context role, task and entity's security attributes. It is difficult to prevent information leakage by insider because of access to legal rights, a wealth of knowledge about the system. The IM-ACM can prevent the information flow between objects which have the different security levels using context role and security attributes and prevent an insider misuse by misuse monitor which comparing an insider actual processing behavior to an insider possible work process pattern drawing on the current defined profile of insider's process.
Keywords
IM-ACM; Insider threat; Access Control;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Sejong Oh and Seog Park, "Task-Role- Based Access Control Model", Information Systems, Vol. 28, Issue 6, pp. 533-562, Sep. 2003.   DOI   ScienceOn
2 Salvatore J. Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclair, Sean W. Smith, and Shlomo Hershkop, Insider Attack and Cyber Security Beyond the Hacker, Springer, 2008.
3 Frank Stajano, Security for ubiquitous computing, Wiley, 2002.
4 David F. Ferraiolo and D. Richard Kuhn, Ramaswamy Chandramouli, Role-Based Access Control, Artech House, 2003.
5 Antonio Corradi, Rebecca Montanari, and Daniela Tibaldi, "Context-based Access Control for Ubiquitous Service Provisioning", Proceedings of the COMPSAC' 04, pp. 444-451, Sep. 2004.
6 Weili Han, Junjing Zhang, and Xiaobo Yao, "Context-sensitive Access control Model and Implementation", Proceedings of The CIT'05, pp. 757-763, Sep. 2005.
7 Dawn Cappelli, Andrew Moore, Randall Trzeciak, and Timothy J. Shimeall, Common Sense Guide to Prevention and Detection of insider Threats, SEI Carnegie Mellon, Jan. 2009.
8 Role Based Access Control, American National Standards Institute, Feb. 2004.
9 "2010 Cyber Security Watch Survey", CSO magazine, U.S. Secret Service and Carnegie Mellon University&Deloitte, 2009.
10 Brian M. Bowen, Malek Ben Salem, and Shlomo Hershkop, "Designing Host and Network Sensors to Mitigate the Insider Threat", IEEE The Journal of Security & Privacy, Vol. 7 no. 6, pp. 22-29, Dec. 2009.
11 Felicia A. Duran, Stephen H. Conrad, Gregory N. Conrad, David P. Duggan, and Edward Bruce Held, "Building a System for Insider Security", IEEE The Journal of Security & Privacy, Vol. 7 no. 6, pp. 30-38, Dec. 2009.
12 엄정호, 박선호, 정태명, "NCW 컴퓨팅 환경에서 CA-TRBAC의 접근제어 효율성에 관한 연구", 정보보안논문지, 9(1), pp. 43-53, 2009년 3월.
13 Robert H. Anderson, Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems, RAND, Aug. 1999.
14 임희섭, "군사환경에 과업-역할기반 접근제어 모델을 적용하기 위한 제약조건", 석사학위논문, 서강대학교, 2002년.
15 Seon-Ho Park, Young-Ju Han, and Tai-Myoung Chung, "Context-Role Based Access Control for Context-Aware Application", High Performance Computing and Communications 2006, LNCS 4208, pp. 572-580, 2006.
16 엄정호, "유비쿼터스 전장 컴퓨팅 환경에서 상황 인식과 직무 역할 기반의 접근제어에 관한 연구", 박사학위논문, 성균관대학교, 2008년 2월.
17 Joon S. Park and Shuyuan Mary Ho, "Composite Role-Based Monitoring For Countering Insider Threats", The 2nd Symposium on Intelligence and Security Informatics 2004, pp. 201-213, 2004.