Browse > Article
http://dx.doi.org/10.7236/JIWIT.2011.11.6.223

A Method for Semantic Access Control using Hierarchy Tree  

Kang, Woo-Jun (그리스도대학교 경영학부)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.11, no.6, 2011 , pp. 223-234 More about this Journal
Abstract
For advanced database security, various researches and challenges are being done to keep pace with new information technologies. We suggests new extended access control that make it possible to conform security policies even with uncertain context and purpose. There may be a discrepancy between the syntactic phrase in security policies and that in queries, called semantic gap problem. New access control derive semantic implications from context and purpose hierarchy tree and control the exceed privileges using semantic gap factor calculating the degree of the discrepancy. And then, We illustrate prototype system architecture and show performance comparison with existing access control methods.
Keywords
접근제어;개인정보보호;온톨로지;트리계층구조;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Weiser, M., "Hot Topics: Ubiquitous Computing", IEEE Computer, 1993.
2 Kumar, N., Chafle, G., "Context Sensitivity in Role-based Access Control", Operating Systems Review, Vol. 36, No. 3, IBM Journal, 2002
3 Wang, X.H., Xhang, D.Q., Gu, T., and Pung, H.K., "Ontology Based Context Modeling and Reasoning using OWL", in PerCom2004 Annual Conference on Pervasive computing and Communications Workshop, 2004
4 Powers, C.S., Ashley, P., Schunter, M., "Privacy Promises, Access Control and Privacy Management," Proc. of the 3rd International Symposium on Electronic Commerce, pp. 13-21, IEEE, 2002.
5 Bertino., E., Castano, S., Ferrari, E. and Mesiti, M., "Specifying and Enforcing Access Control Policies for XML Document Sources", WWW Journal, Baltzer Science Publishers, Vol. 3, No. 3, pp. 139-151, 2000.
6 Rastogi et al, "Access Control over Uncertain Data", PVLDB '08, 2008.
7 P. Balbiani, "Access control with uncertain surveillance", International Conference on Web Intelligence, 2005.
8 Dalvi et al, "Efficient query evaluation on probabilistic databases", VLDB J, 2007.
9 Sandhu, R., Ferraiolo, D., and Kuhm, R., "The NIST Model for Role-Based Access Control: Towards A Unified Standard", in Proceedings of the fifth ACM workshop on Role-based access control, 2000
10 강우준, "불확정 상황정보 상에서의 접근제어 방식", (사)인터넷방송통신학회 논문지 제10권 제6호, pp. 215-223, 2010.
11 Byun, J., Bertino, E., Li, N., "Purpose-based Access Control of Complex Data for Privacy Protection", SACMAT, pp102-110, 2005
12 Adam, N.R., Atluri, V., "A Content-based Authorization Model for Digital Libraries", IEEE Transactions on knowledge and data engineering, Vol. 14, No. 2, 2002.
13 Chandramouli, R., "A Framework for Multiple Authorization Types in a Healthcare Application System", Proc. of the 17th Annual Computer Security applications Conference (ACSAC 2001), pp. 137-148, IEEE, 2001.
14 Covington, M.J., Srinivasan, S., Abowd, G., "Securing context-aware applications using environment roles", in SACMAT 2001.
15 Bertino, E., Castano, S., and Ferrai, E., "Securing XML documents with Author-x", IEEE InternetComputing, May.June, pp. 21-31, 2001.
16 Qin, L., Atluri, V., "Concept-level Access Control for the Semantic Web", in ACM Workshop on XML Security, 2003.
17 Bitton, D., Dewitt, D.J., Turbyfill, C., "Benchmarking database systems: a system approach", In: 9th International Conference on Very Large Data Base, VLDB, 1983.