• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.181-184
• /
• 2010

이 논문에서는 Linking Open Data 프로젝트를 기반으로 개발된 어플리케이션들의 접근제어를 위하여 기존 RBAC 모델을 연결 데이터에 적용 가능하도록 확장한 모델을 제안한다. 제안 모델은 온톨로지의 구조에 RBAC 모델에 적용할 수 있도록 RBAC 모델에 사용자를 위한 제약조건을 온톨로지로 표현하였으며, 지능형 엔진을 통해 사용자에게 적합한 권한을 추론한다. 사용자에 적합한 접근권한을 주기 위해 FOAF, flickr, 트위터 등의 데이터가 연결되어있는 연결 데이터로부터 사용자 프로파일을 확장할 수 있는 정보를 획득할 수 있으며, 이를 기존 정보에 확장하여 사용자의 권한을 부여한다. 본 논문에서 제안한 모델의 실효성을 검증하기 위하여 DBpedia Mobile을 위한 접근제어 시스템을 설계하였으며 안드로이드 SDK 환경에 프로토타입을 구현하여 제안 모델을 연결 데이터 환경의 어플리케이션에 적용 가능함을 보였다.

• Annual Conference of KIPS
• /
• 2009.04a
• /
• pp.881-884
• /
• 2009

유비쿼터스 환경에 관한 연구가 진행되고 있는 가운데 각 서비스의 접근 제어 역시 중요한 문제로 대두되었다. 이러한 관리 문제의 해결책 중 하나로 상황인지 역할기반 접근제어(Context-Aware Role-Based Access Control, CA-RBAC)가 제안되어 현재 많은 연구가 진행되고 있다. 지금까지의 연구를 보면 CA-RBAC는 단일 사용자의 시간, 위치 등 물리적 상황만을 역할 부여의 조건으로 활용하는데 그치고 있다. 본 논문에서는 기존의 CA-RBAC에 권한 충돌 조정 기능을 적용한 CA-RBAC을 보인다. 권한 충돌 조정 기능은 동일한 물리적 환경에서 서로 다른 권한을 가지는 사용자들이 함께 행동하여 접근 불가능한 대상에 접근이 가능해지는 문제를 조정한다.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3020-3033
• /
• 1999

Role-Based Access Control(RBAC) security policy is being widely accepted not only as an access control policy for information security but as both a natural modeling tool for management structure of organizations and flexible permission management framework in various commercial environments. Important functions provided by the current RBAC model are to administrate the information on the components of RBAC model and determine whether user's access request to information is granted or not, and most researches on RBAC are for defining the model itself, describing it in formal method and other important properties such as separation of duty. As the current RBAC model which does not define the definition, design and operation for applications is not suitable for automated information systems that consist of various applications, it is needed that how applications should be designed and then executed based on RBAC security model. In this paper, we describe dynamic properties of session which is taken for a passive entity only activated by users, as a vehicle for building and executing applications in an automated information systems. And, a framework for session-oriented separation of duty property, application design and operation is also presented.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.53-60
• /
• 2009

In home network environments, the user authentication and authorization associated user's information and usability may be important security issue. The OSGi service platform, a well-known home network gateway already specifies the mechanism of that. The traditional authority method provided OSGi implements simple RBAC(Role Based Access Control) model. This is difficult to support efficient access control. In this paper, we propose the dynamic RBAC model based on OSGi. The proposed method describes the extended framework that manage two roles named as absolute role and relative role, extend existed framework with relative role and propose programming model to enable dynamic access control. Finally, we implement the proposed framework using AspectJ and Java annotation.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.2
• /
• pp.9-18
• /
• 2002

SECOS(SoonChunHyang E-Commerce System) is the e-commerce system which was developed by e-commerce software research center in soonchunhyang univ. The system was composed of payment system, retrieving system and framework being used to combine these systems. The modules in the system was composed of components which was developed by CBSE(Component Based Software Engineering) method. In this paper. we implement the Role Based Access Control(RBAC) component for access control of SECOS. We use Attribute Certificates(ACs) in order to implement RBAC in the distributed retrieving system, and implement Attribute Authorities(AAs) which can provide ACs. The Proposed system is implemented by EIB component based JAVA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.47-56
• /
• 1999

RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandatory Access Control). In this paper, we newly propose ERBAC$_{0}$(Extended RBAC$_{0}$) model by considering subject's and object's roles additionally to REAC$_{0}$ model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC$_{0}$ model provides finer grained access control on the base of subject and object level than RBAC$_{0}$ model.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.470-482
• /
• 2008

This paper propose role base access control model that use context information for ubiquitous environment. Concept of access control that use context information assigns permission that can approach in some information or object in part. And do so that can assigned user in part to it and acquire permission. So it can approach in information or object. Therefore, user approaches in information or object in assigned role, and the role that is allocated ro own is having. So, do so that can secure information or utilization of object safety. Proposa1 model investigated lacking restriction item in GEO-RBAC model. So, it considered that present new restriction condition and role conflict in various case. Also, to GEO-RBAC model proposed suitable model, analyzed old model's advantage, shortcoming. And it presented proposal model to GEO-RBAC because improving this.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.307-318
• /
• 2013

Smart grid is composed of variable domains including different systems, and different types of the access control are needed in the multiple domain. Therefore, the access control model suitable for the smart grid environment is required to minimize access control error and deny the unauthorized access. This paper introduce the access control requirements in the smart grid environment and propose the access control model, SG-RBAC, satisfied with the requirements. SG-RBAC model imposes constraints on the access right activation according to the user property, the role property, and the system property. It also imposes constraints on the delegation and the inheritance of access right according to temporal/spatial information and a crisis occurrence.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.151-166
• /
• 2007

As the number of users who are involved in a business process increases, it becomes imperative to effectively control their privileges of accessing sensitive data and information which are usually easily obtained by BPM system. Traditional RBAC (Role-based Access Control) model was first introduced to provide a logical framework to prevent unauthorized users from obtaining confidential, but in more dynamic environment such as B2B and SCM process, it usually lacks in capability of addressing such issues as configurability, customizability, or scalability of user privileges. In this study, we have proposed a privilege-template based RBAC model that can address such issues effectively. We also provided a design of the RBAC model along with illustrative examples and pseudo codes that can be used for implementing a prototype system.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.217-225
• /
• 2010

Among web-based systems being widely used now, there are so many systems which are still using an user-level access control method. By successfully applying role-based access control(RBAC) to web-based application systems, we can expect to have an effective means with reinforced security for Internet-based systems. In order to apply RBAC to web-based application systems, we should come up with a system architecture for it. I proposed a system architecture which is needed to apply RBAC to web-based application systems. The proposed system architecture is largely composed of system composition and system functioning. For details, firstly, a certificate used by RBAC is specified. Secondly, a system architecture using a user-pull method is proposed and overall system components are mentioned with a role server being centered. Then, I showed how the system architecture can work to carry out RBAC on web-based application systems. Lastly, the analyses on the proposed system architecture are described for the purpose of proving its feasibility.