• Proceedings of the Korea Society for Simulation Conference
• /
• 2005.11a
• /
• pp.51-55
• /
• 2005

Assuring integrity of permission assignment (PA) constraints is a difficult task in role-based access control (RBAC) because of the large number of constraints, users, roles and permissions in a large enterprise environment. We provide solutions for this problem using the conflict concept. This paper introduces the conflict model in order to understand the conflicts easily and to detect conflicts effectively. The conflict model is classified as a permission-permission model and a role-permission model. This paper defines two type conflicts using the conflict model. The first type is an inter-PA-constraints (IPAC) conflict that takes place between PA constraints. The other type is a PA-PAC conflict that takes place between a PA and a PA constraint (PAC) Also, the conditions of conflict occurrence are formally specified and proved. We can assure integrity on permission assignment by checking conflicts before PA and PA constraints are applied.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.12
• /
• pp.699-707
• /
• 2003

RBAC is accepted as a more advanced control method than existing DAC and MAC. Studies on the permission-role part of RBAC model are relatively insufficient compared with those on the user-role part, and researches on symmetric RBAC models to overcome this is also in an incipient stage. Therefore there is much difficulty in assigning permissions suitable for roles. This paper proposes an symmetric RBAC model that supplements the constraints on permission assignment set forth by previous studies. The proposed symmetric RBAC model reflects the conflicts of interests between roles and the sharing and integration of permissions on the assignment of permissions by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration. In addition, by expressing constraints prescribing prerequisite relations between dynamic permissions through AND/OR graphs, it is possible to effectively limit the complicated prerequisite relations of permissions. The constraints on permission assignment for the proposed symmetric RBAC model reduce errors in permission assignment by properly detailing rules to observe at the time of permission assignment.

• Proceedings of the IEEK Conference
• /
• 2001.06c
• /
• pp.221-224
• /
• 2001

Role-Based Access Control(RBAC) is a flexible and policy-neutral access control technology. But, for large systems, managing roles, users, permissions and their interrelationships is a formidable task that cannot be centralized in a small team of security administrators. Using RBAC to manage RBAC provides addition히 administrative convenience. In this paper we demonstrate the implementation of one of the components of ARBAC99 which deals with permission-role assignment and is called PRA99. We implement it by using EJB component and use Oracle stored procedures to implement it.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.111-117
• /
• 2004

In distributed-computing environments, there is a strong demand for the authentication and the access control of distributed-shared resources. I have presented role-based access control (RBAC) concept that is in the spotlight recently. RBAC model shows the standardized access control of complicated organization's resources. In RBAC, senior role has junior role's permission by virtue of role hierarchy. But, junior role cannot perform the permission, which is granted to the senior or other role groups. Inheritances of permissions in role hierarchies are static. In order to tackle this problem, I propose a dynamic role assignment, which classified into passive role assignment and active role assignment, and design dynamic role assignment protocol and implement role assignment server.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.1360-1364
• /
• 2004

This paper propose an extended model for role-permission assignment based on locations called "Enhanced Role-Based Access Control (ERBAC03)". The proposed model is built upon the well-known RBAC model. Assigning permissions to role is considered too complex activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. The concept of jobs and tasks is specifically introduced to facilitate role-permission assignment into a series of smaller steps. This model is suitable for any large organization that has many branches. Each branch consists of many users who work in difference roles. An administration tool has been developed to assist administrators with the administration of separation of duty requirements. It demonstrates how the specification of static requirements can be done based on "conflicting entities" paradigm. Static separation of duty requirements must be enforced in the administration environment. Finally, we illustrate how the ERBAC03 prototype is used to administer the separation of duty requirements.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.25 no.12B
• /
• pp.2109-2119
• /
• 2000

In this paper, the Packet CDMA Reservation ALOHA protocol is proposed to support the multi-traffic services such as voice and videophone services with handoff calls, high-rate data and low-rate data services efficiently on the multi-rate transmission in uplink cellular systems. The frame structure, composed of the access slot and the transmission slot, and the proposed access permission probability based on the estimated number of contending users for each service are presented to reduce MAI. The assured priority to the voice and the videophone handoff calls is given through higher access permission probability. And through the proposed code assignment scheme, the voice service can be provided without the voice packet dropping probability in the CDMA/PRMA protocols. The code reservation is allowed to the voice and the videophone services. The low-rate data service uses the available codes during the silent periods of voice calls and the remaining codes in the codes assigned to the voice service to utilize codes efficiently. The high-rate data service uses the assigned codes to the high-rate data service and the remaining codes in the codes assigned to the videophone service. Using the Markov-chain subsystem model for each service including the handoff calls in uplink cellular systems, the steady-state performances are simulated and analyzed. After a round of tests for the examples, through the proposed code assignment scheme and the access permission probability, the Packet CDMA Reservation ALOHA protocol can guarantee the priority and the constant QoS for the handoff calls even at large number of contending users. Also, the data services are integrated efficiently on the multi-rate transmission.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2001.06a
• /
• pp.461-464
• /
• 2001

역할기반 접근제어(RBAC)는 역할(Role)과 역할계층(Role hierarchy)을 통해 사용자 및 접근권한 관리를 효율적으로 수행할 수 있도록 해준다. 그러나 시스템에 수많은 사용자, 역할, 권한이 존재하는 경우 한사람의 보안 관리자가 이들을 모두 관리하는 컷은 불가능하므로 역할을 관리하는 관리역할을 두어 시스템을 효율적으로 관리할 수 있는 방법(ARBAC)이 제안되었다. ARBAC는 URA(User Role Assignment), PRA(Permission Role Assignment), RRA(Role Role Assignment)로 구성되어있다. 본 논문에서는 URA99 모델을 기반으로 사용자-역할 관리를 위하여 관리도구를 구현한다. 구현된 관리도구는 오라클의 저장 프로시저를 사용하고 자바를 기반으로 한 EJB 컴포넌트로 구현한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.382-389
• /
• 2006

Developing context awareness service In these day, It demands high security in context awareness service. So GEO-RBAC that provide user assignment of spatial role, assignment of permission, role schema, role instance and spatial role hierarchy to context awareness service is access control model to perfect in context awareness service. But GEO-RBAC is not considering temporal constraints that have to need context awareness environment. Consequently this paper improves the flexibleness of GEO-RBAC to consider time and period constraints notion and the time of GTRBAC that presents effective access control model. also we propose GEO-RBAC to consider temporal constraints for effective access control despite a various case.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.37 no.1
• /
• pp.32-43
• /
• 2000

In this paper, we investigate the existing medium access control (MAC) protocols to integrate the voice and data services in packet-based CDMA networks and furthermore, propose a new approach to circumvent the operational limits inherent in them. We propose the $P^2R$-CDMA (Prioritized Packet Reservation Code Division Multiple Access) protocol for the uplink in the synchronous multi-code CDMA system, which employs the centralized frame-based slot reservation along with the dynamic slot assignment in the base station using the QoS-oriented dynamic priority of individual terminal. The simulation results show that, as compared with the existing scheme based on the adaptive permission probability control (APC), the proposed approach can significantly improve the system capacity while guaranteeing the real-time requirement of voice service.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.