• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.63-69
• /
• 2004

The purpose of this paper is to design a system model which is needed for integrating the secure role-based access control model into web-based application systems. For this purpose, firstly, the specific system architecture model using a user-pull method is presented. This model can be used as a design paradigm. Secondly, the practical system working model is proposed. which specifies the mechanism that performs role-based access control in the environment of web-based application systems. Finally, the comparison and analysis is shown in which the merits with the proposed system model is presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.41-53
• /
• 2002

Role Based Access Control (RBAC), which is a method, using role as an access control, has been popular with users and it is recognized as an effective method to replace the Discretionary Access Control and the Mandatory Access Control However, the existing Role Based Access Control Models have only been limited to the bureaucracy organization in which a distinctive hierarchy system was used, incorporating a stable structure and a standardized work system. Only in some parts, some access control models have been used, which supports 'Team' concept, such as Team Based Access Control Model. However, it did not incorporate the characteristics of the adhocracy organization, which is similar to the company's task force team, whose characteristics are organic, temporary, no standardized operation procedures, and many frequent changes. In this study, we have discussed the characteristics of the adhocracy organization which is different from the existing bureaucracy organization, and we have also discussed the problems related to when the existing access control models are used as the access control model for the adhocracy organization due to its characteristics. In addition, based on the problems, we have suggested an improved role based access control model for the adhocracy organization, and have come up with the solutions when any problems occur in the access control system.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.3
• /
• pp.84-90
• /
• 2000

This paper presents a design of an access control mechanism that can resolves the complicated problems of access control requirements in internet environment. In this paper, we proposed an access control mechanism which can satisfy the combined goals of confidentiality integrity and availability of any resource. We defined an access control mechanism from the viewpoints of identity-based, rule-based and role-based policy and implemented 6 access control operations. The Proposed access control mechanism can protect resources from unauthorized accesses based on the multi-level security policies of security label, integrity level, role and ownership.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.17-30
• /
• 2006

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model. sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model. called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model. supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.7 no.6
• /
• pp.1134-1141
• /
• 2006

Java is platform-independent and supports uniform solutions from mobile area (J2ME) to enterprise area (J2EE), so Java is a good development tool for the environment of heterogeneous machines and distributed applications. Java applications need access control module as a Java package. In this paper, we design and implement it. Therefore Java developers can reduce development time, and system managers easily do access control work. Proposed module is based on Role-Based Access Control (RBAC) model and includes a Java package and administration tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.47-56
• /
• 1999

RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandatory Access Control). In this paper, we newly propose ERBAC$_{0}$(Extended RBAC$_{0}$) model by considering subject's and object's roles additionally to REAC$_{0}$ model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC$_{0}$ model provides finer grained access control on the base of subject and object level than RBAC$_{0}$ model.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.39 no.4
• /
• pp.431-436
• /
• 2002

This paper implements an improved model for access control enforcement in enterprise environments. The integration of the task role-based access control model and the "conflicting entities" administration paradigm supply a specification of static and dynamic separation of duty requirements in the workflow environment. The implemented Extended Task Role-Based Access Control model can deal with the conflicting entities for workflow oriented tasks. It will support elaborate separation of duty policy to tasks in enterprise environment through the classification of enterprise sessions according to their characteristics.

• The KIPS Transactions:PartC
• /
• v.13C no.6 s.109
• /
• pp.725-732
• /
• 2006

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.2
• /
• pp.250-256
• /
• 2007

Role-based Access Control (RBAC) model appears to be the most appropriate technique for access control to minimize the errors likely to occur in managing users and network resources. In this paper, we introduced the Work-concept RBAC model that is the result of the Work concept imported to the role based access control model. Using our extended access control model a user could select a work which is more abstract and more inclusive concept than role to do his work. Additionally even if the user has an authority through selecting a work, if a user has no relation to his assigned job, it will be automatically prohibited.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.6
• /
• pp.1886-1902
• /
• 2000

RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandator Access Control). In this paper, e newly propose ERBAC\ulcorner(Extended RBAC\ulcorner) model by considering subject's and object's roles and security levels for roles additionally to RBAC\ulcorner model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC\ulcorner model provides finer grained access control with multilevel security on he base of subject and object level than RBAC\ulcorner model.