• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.12a
• /
• pp.373-377
• /
• 1999

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. The administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system is required the consistency of a relationships between user and role in the RBAC Database. In this paper, we propose formal specification in order to manage user-role and role-role relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. This paper can easily derive the implementation of the RBAC administration tool by formal specification of operations.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.151-166
• /
• 2007

As the number of users who are involved in a business process increases, it becomes imperative to effectively control their privileges of accessing sensitive data and information which are usually easily obtained by BPM system. Traditional RBAC (Role-based Access Control) model was first introduced to provide a logical framework to prevent unauthorized users from obtaining confidential, but in more dynamic environment such as B2B and SCM process, it usually lacks in capability of addressing such issues as configurability, customizability, or scalability of user privileges. In this study, we have proposed a privilege-template based RBAC model that can address such issues effectively. We also provided a design of the RBAC model along with illustrative examples and pseudo codes that can be used for implementing a prototype system.

• Journal of Korea Society of Industrial Information Systems
• /
• v.5 no.4
• /
• pp.16-21
• /
• 2000

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. Administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system must be maintain the integrity of user-role and role-role relationships in the RBAC Database. Therefor, it is required set functions, properties defining integrity of database. When it will be designed security systems which is applying RBAC policy on the Linux(server system environments, this paper defines integrity of database for user-role and role-role relationships, and we propose formal specification of operation in order to manage these relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. Also, this paper can easily derive the implementation of the RBAC administration tool by formal specification of operations. It leads us tn the minimal set for a more efficiently implementation of administration tool.

• The KIPS Transactions:PartC
• /
• v.13C no.6 s.109
• /
• pp.725-732
• /
• 2006

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.11
• /
• pp.163-171
• /
• 2010

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.307-316
• /
• 2009

RFID technique which is recognizable without the physical contact between the reader and the tag is the core to archive ubiquitous environment, and has been attracting a lot of interest from both industry and academic institutes. Especially, RFID based logistic service management can get the low priced cost and the advancement of the appointed date of delivery. In this paper, we first analyze security requirements of international logistics process, and then propose a RBAC based security model and represent access control constraints using UML.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• KSBB Journal
• /
• v.14 no.5
• /
• pp.606-610
• /
• 1999

The purpose of this study was to develop and evaluate rotating biological activated carbon(RBAC) process for nitrogen and phosphorus removal with increasing loading rate. The removal efficiency of $NH_4^+$-N was observed to be higher than 96.5% at all runs, and the relative stable levels of effluent $NH_4^+$-N, $NO_2^-$-N, $NO_3^-$-N could be maintained. The removal efficiency of T-N was observed to be higher than 90%, except RUN 1. The T-P removal efficiency was kept between 32.7% and 49.8%, and the amount of biomass was kept between 269 mg/g support and 473 mg/g support with varying loading rate.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.169-177
• /
• 2012

In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.415-426
• /
• 2006

The essential characteristic of ubiquitous is context-awareness, and that means ubiquitous computing can automatically process the data that change according to space and time, without users' intervention. However, in circumstance of context awareness, since location information is able to be collected without users' clear approval, users cannot control their location information completely. These problems can cause privacy issue when users access their location information. Therefore, it is important to construct the location information system, which decides to release the information considering privacy under the condition such as location, users' situation, and people who demand information. Therefore, in order to intercept an outflow information and provide securely location-based information, this paper suggests a new system based CS-RBAC with the existing LBS, which responds sensitively as customer's situation. Moreover, it accommodates a merit of PCP reflecting user's preference constructively. Also, through privacy weight, it makes information not only decide to providing information, but endow 'grade'. By this method, users' data can be protected safely with foundation of 'Role' in context-aware circumstance.