• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.175-177
• /
• 1998

분산 컴퓨팅 환경에서 응용 프로그램들은 다른 응용 프로그램들과 자원을 공유하고 통신하면서 보다 효율적으로 작업을 수행하게 된다. 이러한 과정에서 침입자들에 의한 자원 손실을 막고 정보 무결성을 유지하는 것은 중요한 문제가 된다. 따라서 분산 환경에서는 분산된 자원 사용에 대한 인증(Authentication) 및 인가(Authorization)과정 등의 중요성이 증대되었다. 이질적인 시스템간의 분산 환경을 구축할 수 있는 미들웨어(Middleware)중 가장 활발히 연구되고 이는 CORBA 에서는 보안 서비스를 제공해 주기 위해 COSS (Common Object Service Specification)3에서 보안 서비스를 정의했다. 하지만 COSS3에서 정의한 객체 접근제어 기법만으로는 효율적인 보안 정책 관리가 어렵다. 따라서 본 논문에서는 CORBA 보안 서비스 중 객체 접근제어를 위해 역할-기반 접근제어 (RBAC : Role - Based Access Control)기법을 이용한 효율적이고 융통성 있는 보안정책 관리에 대해 논한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.317-319
• /
• 2003

현재 다양한 분야에서 XML을 이용한 웹 서비스와 애플리케이션이 활용되고 있다. XML 관련 웹 서비스를 실제 환경에서 적용하기 위해서는 XML 데이터와 관련서비스들에 대한 보안 메커니즘이 필요하다. 본 논문에서는 XML 문서의 보안성 확보를 위한 접근제어 모델을 제안한다. 제안된 모델에서는 실시간 동시 작업이 이루어지는 서비스 환경에 적합한 모델구현을 위해서 역할기반 접근제어의 개념을 이용하여, 중요 정보에 대한 암호화 과정을 통해 XML 문서 및 데이터에 대한 안전성을 보장한다.

• Journal of Korea Multimedia Society
• /
• v.7 no.11
• /
• pp.1620-1629
• /
• 2004

The objectives of access control are to protect computing and communication resources from illegal use, alteration, disclosure and destruction by unauthorized users. Although Biba security model is well suited for protecting the integrity of information, it is considered too restrictive to be an access control model for commercial environments. And, Role-Based Access Control(RBAC) model, a flexible and policy-neutral security model that is being widely accepted in commercial areas, has a possibility for compromising integrity of information. In this paper, We present the role graph model which enhanced flexibility and integrity to management of many access permission. Also, In order to represent those rule and constraints clearly, formal descriptions of role assignment rule and constraints in Z language are also given.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1121-1124
• /
• 2007

정보시스템에서 자원에 대한 접근 통제는 핵심 보안기술의 하나다. 최근에는 역할을 중심으로 접근을 제어하는 RBAC모델이 웹 어플리케이션에 널리 활용되고 있으나, 대규모 기업이나 분산 환경 조직에서는 다수의 사용자, 역할과 상호관계로 인해 관리에 상당한 노력이 요구되고 있다. 본 논문에서는 조직의 구조를 반영한 역할 관리 모델(OS-RBAC)을 기반으로 사용자와 역할과의 할당 관계에 그룹Groups)이라는 개념을 추가한 전자영사시스템의 접근제어 모델을 구현함으로서 역할관리의 효율성을 제고하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.2
• /
• pp.250-256
• /
• 2007

Role-based Access Control (RBAC) model appears to be the most appropriate technique for access control to minimize the errors likely to occur in managing users and network resources. In this paper, we introduced the Work-concept RBAC model that is the result of the Work concept imported to the role based access control model. Using our extended access control model a user could select a work which is more abstract and more inclusive concept than role to do his work. Additionally even if the user has an authority through selecting a work, if a user has no relation to his assigned job, it will be automatically prohibited.

• Journal of Korea Multimedia Society
• /
• v.8 no.5
• /
• pp.679-690
• /
• 2005

Business model in Web environments is usually provided by multimedia data. Information exchange between users and service providers should be made in encrypted data. Encrypted data are secure from being hacked. Application of DB encryption is a main technology for contents protection. We have applied the access control based on RBAC and prevented the unauthorized users from using the contents. In this paper, we propose a new DB encryption scheme which uses RHAC and digital signature based on PMI.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.265-272
• /
• 2003

RBAC is an Access Control Mechanism for security administration of system resource and technique attracting in commercial fields because of reducing cost and complexity of security administration in large network. Many RBAC's research is progressive but several problems such as the delegation of role have been pointed out concerning the mechanism. It is necessary that a person's role delegate someone with reliability by reasons of a leave of absence, sick leave and the others. But the existing RBAC standards don't give definition of the delegation of roles. In this paper, we propose RBAC model that delegator can delegate subset of role and permission to a delegatee so that more efficient access control may be available.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.53-60
• /
• 2009

In home network environments, the user authentication and authorization associated user's information and usability may be important security issue. The OSGi service platform, a well-known home network gateway already specifies the mechanism of that. The traditional authority method provided OSGi implements simple RBAC(Role Based Access Control) model. This is difficult to support efficient access control. In this paper, we propose the dynamic RBAC model based on OSGi. The proposed method describes the extended framework that manage two roles named as absolute role and relative role, extend existed framework with relative role and propose programming model to enable dynamic access control. Finally, we implement the proposed framework using AspectJ and Java annotation.

• Journal of Korea Multimedia Society
• /
• v.8 no.2
• /
• pp.211-224
• /
• 2005

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model and sub-role hierarchies concept. The proposed model, called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) Model, supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control now dependency and separation of duty constraints(SoDs). Also it supports unconditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies in order to allow expressing access control policies at a finer granularity in corporate enterprise environments.

• KIISE Transactions on Computing Practices
• /
• v.22 no.9
• /
• pp.441-448
• /
• 2016

RBAC(Role-Based Access Control), which is widely used in Medical Information Systems, is vulnerable to illegal access through abuse/misuse of permissions. In order to solve this problem, treatment based risk assessment of access requests is necessary. In this paper, we propose a risk evaluation method based on treatment information. We use network analysis to determine the correlation between treatment information and access objects. Risk evaluation can detect access that is unrelated to the treatment. It also provides indicators for information disclosure threats of insiders. We verify the validity using large amounts of data in real medical information systems.