DOI QR코드

DOI QR Code

A Study on Design for Efficient Personal Policy of Service based RBAC

서비스 기반 RBAC의 효율적인 개인별 정책 설계에 관한 연구

  • Mun, Hyung-Jin (Division of Information and Communication Engineering, Baekseok University) ;
  • Han, Kun-Hee (Division of Information and Communication Engineering, Baekseok University)
  • 문형진 (백석대학교 정보통신학부) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2015.11.07
  • Accepted : 2016.02.20
  • Published : 2016.02.28

Abstract

The organizations and companies establish personal information protection policy under the law and guidelines. They carry out access control without consideration for distinctiveness of the information although the damage degree varies when the information is leaked. Considering the distinctiveness, a policy needs to be made for individuals to protect his personal information. However, he is not able to write the policy because of lack of understanding the system. To write his own policy efficiently, the system that authorizes ones according to service list provided by organizations is necessary. This paper suggests the model and method that write personal policy for his information protection based on the service list provided by organizations. Through this model, fine-grained authorization and policy change are easily made and ultimately the access control customized according to one's own information is possible.

Keywords

RBAC;Service based Access Control;Privacy Protection;Personal Policy

References

  1. J.Y Go, K.H Lee, "SNS disclosure of personal information in M2M environment threats and countermeasures", Journal of the Korea Convergence Society, Vol. 5, No. 1, pp.29-34, 2014.
  2. BBC News. S. Korea credit card firms punished over data theft. BBC News Business. http://www.bbc.co.uk/news/business-26222283, Feb 17, 2014
  3. J.L. Yoo, "Personal Information Protection in Digital Era-Reviewing Personal information protection Act-", Journal of Digital Convergence, Vol. 9, No. 6, pp81-90, 2011.
  4. J.H. Kim, J.Y. Go, K.H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Journal of the Korea Convergence Society, Vol. 6, No. 1, pp85-91, 2015.
  5. H. Zoo, H Lee, J. Kwak, Y Kim, "Data Protection and Privacy over the Internet: Towards Development of an International Standard", Journal of Digital Convergence, Vol. 11, No. 4, pp57-69, 2013.
  6. K.J. Lee,"Analysis of Threats Factor in IT Convergence Security", Journal of the Korea Convergence Society, Vol. 1, No. 1, pp49-55, 2010
  7. OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, 2013
  8. M.C. Mont, S. Pearson, P. Bramhall., "An Adaptive Privacy Management System For Data Repositories," TrustBus2005 (LNCS Vol. 3592), pp.236-245, 2005.
  9. H.J. Mun, K.M. Lee, S.H. Lee, "Person-Wise Privacy Level Access Control for Personal Information Directory Services," EUC2006 (LNCS Vol. 4096), pp.89-98, 2006.
  10. S. Sessay, Z. Yang, J. Chen, D. Xu, "A Secure Database encryption scheme", Proceedings of second IEEE Consumer Communications and Networking Conference, pp.49-53, 2005.
  11. R.S. Sandhu, E.J.Coyne, H.L. Feinstein, C.E. Youman, "Role Based Access Control Models." IEEE Computer, Vol. 29, No. 2. pp38-47
  12. D. F. Ferraiolo, D. R Kuhn, "Role-Based Access Control," Poceedings of the 15th National Computer Security Conference, pp.554-563, 1992.
  13. D.F. Ferraiolo, J.F. Barkley, D.R. Kuhn,"A Role Based Access Control Model and Reference Implementation within a Corporate Intranet", ACM Transactions on Information and System Security(TISSEC), Vol. 2, No. 1, pp.34-64, 1999. https://doi.org/10.1145/300830.300834
  14. H. Mun, N. Um, N. Sun, Y. Li, S. Lee," Subject-wise policy based access control mechanism for protection of personal information". In International conference on convergence information tech (ICCIT2007), pp.2242-2247, 2007.
  15. H.J. Mun, "A Role based personal sensitive information protection with subject policy", Ph.D. dissertation. Chungbuk University, 2008.
  16. H.J. Mun, J.S. Suh, "Sensitive personal information model for RBAC system". Journal of computer information, Vol. 13, No. 5, pp.103-110, 2008.
  17. Keun-Ho Lee, "A Method of Defense and Security Threats in U-Healthcare Service", Journal of the Korea Convergence Society, Vol. 3, No. 4, pp. 1-5, 2012.
  18. Kwang-Jae Lee, Keun-Ho Lee, "A Study of Security Threats in Bluetooth v4.1 Beacon based Coupon Convergence Service", Journal of the Korea Convergence Society, Vol. 6, No. 2, pp. 65-70, 2015.
  19. Bo-Kyung Lee, "A Study on Security of Virtualization in Cloud Computing Environment for Convergence Services", Journal of the Korea Convergence Society, Vol. 5, No. 4, pp. 93-99, 2014. https://doi.org/10.15207/JKCS.2014.5.4.093

Cited by

  1. Technology Trends, Research and Design of AIM Framework for Authentication Information Management vol.14, pp.7, 2016, https://doi.org/10.14400/JDC.2016.14.7.373