Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A RBAC Model Considering the Characteristics of the Adhocracy Organization

애드호크러시 조직의 특성을 고려한 역할기반 모델

  • 심완보 (서강대학교 컴퓨터학과) ;
  • 박석 (서강대학교 컴퓨터학과)
  • Published : 2002.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Role Based Access Control (RBAC), which is a method, using role as an access control, has been popular with users and it is recognized as an effective method to replace the Discretionary Access Control and the Mandatory Access Control However, the existing Role Based Access Control Models have only been limited to the bureaucracy organization in which a distinctive hierarchy system was used, incorporating a stable structure and a standardized work system. Only in some parts, some access control models have been used, which supports 'Team' concept, such as Team Based Access Control Model. However, it did not incorporate the characteristics of the adhocracy organization, which is similar to the company's task force team, whose characteristics are organic, temporary, no standardized operation procedures, and many frequent changes. In this study, we have discussed the characteristics of the adhocracy organization which is different from the existing bureaucracy organization, and we have also discussed the problems related to when the existing access control models are used as the access control model for the adhocracy organization due to its characteristics. In addition, based on the problems, we have suggested an improved role based access control model for the adhocracy organization, and have come up with the solutions when any problems occur in the access control system.

접근제어는 사용자가 자원에 접근시 해당자원에 대한 접근권한이 있는지를 검토해 접근을 허가하거나 거부하는 것을 말한다. 대표적인 접근제어 방법으로는 임의적 접근제어, 강제적 접근제어, 역할기반 접근제어가 있으며 현재는 역할기반 접근제어 방법이 좋은 평가를 받고 있다. 그러나 지금까지의 역할기반 접근제어 모델은 업무가 표준화 되어 있고 변화가 없는 안정적인 구조의 상하관계가 명백한 관료제의 조직 구조들을 지원하는 모델들이었다. 일부 Team Based Access Control Model 과 같은 팀 개념을 지원하는 접근제어 모델이 제안되긴 하였지만 기업의 태스크포스팀과 같은 유기적이며 임시적이고 업무가 표준화되어 있지 않고 환경변화가 많으며 상하관계가 분명치 않은 애드호크러시 조직의 특성을 충분히 반영하지는 못했다. 본 논문에서는 기존의 관료제 조직과 다른 애드호크러시 조직의 특성을 살펴보고 이러한 특성으로 인해 기존의 접근제어 모델들이 애드호크러시 조직의 접근제어 모델로서 사용시 발생되는 문제들을 살펴보았고 이러한 문제들을 해결하기 위한 개선된 역할기반 접근제어 모델을 제안하고 주요 평가기준에 따라서 분석하였다.

Keywords

References

  1. Organizational Theory 3rd Edition Gareth R.Jones
  2. Adhocracy Robert H;Jr.Waterman
  3. Department of Defence Trusted Computer System Evaluation Criteria. DOD 5200.28-STD U.S.Department of Defence
  4. Proc.of the 1987 IEEE Symposium on Security and Privacy A Comparison of Commercial and Military Computer Security Policies David D.Clark;David R.Wilson
  5. IEEE Computer Magazine v.29 Role-Based Access Control Models Ravi Sandhu;E.Coyne;H.Feinstein;C.Younman
  6. Proc.of the 6th SACMAT Flexible Team-based Access Control Using Contexts Georgiadis C;Mavridis I;Pangalos G;R.Thomas
  7. ACM RBAC'97 Team-based Access Control(TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments Rosan K.Thomas
  8. University of Dortmund. SACMAT Modular Authorization Horst F.Wedde
  9. Proc.of the 15th Annual Computer Security Applications Conference Security Policy Coordination Systems John Hale;Pable Galiasso;Mauricio Papa;Sujeet Shenoi
  10. Proc.of the 6th SACMAT Access Control Mechanisms for In-ter-Organizational Workflow Myong H.Kang;S.Park;Judith N.Froscher
  11. DEXA Task-Role Based Access Control(T-RBAC):An Improved Access Control Model for Enterprise Environment Sejong Oh;Seog Park
  12. ACM Transactions of Database Systems Flexible Support for Multiple Access Control Policies S.Jajodia;P.Samarati;ML Sapino;VS Subradmanian
  13. Proc.of the IEEE Symposium on Security and Privacy Supporting Multiple Access Control Policies in Database Systems Elisa Bertino;Sushil Jajodia;Pierangela Samarati
  14. ACM Transactions on Database Systems v.16 no.1 A model of authorization for next-generation database systems Rabitti,Fausto;Bertino,Elisa;Kim,Won;Woelk,Darrell
  15. Proc. of ACM CSCW Access Control for Collaborative Environments HongHai Shen;Prasun Dewan
  16. Proc.of the 8th IEEE ICPADS Implementing Web Access Control System for the Multiple Web Servers in the Same Domain Using RBAC Concept Won Bo Shin;Seog Park
  17. Web Intelligence : Research and Development ,LNAI 2198 The Work Concept RBAC Model for the Access Control of the Distributed Web Server Environment Won Bo Shim;Seog Park
  18. 11th IFIP Working Conference on Database Security Task-based Authorization Controls(TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management Rosan K.Thomas;Ravi Sandhu