The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

An Integrated Management Model of Administrative Role-Based Access Control and Delegation Policy

ARBAC과 위임 정책의 통합 관리 모델

  • 오세종 (단국대학교 컴퓨터과학전공) ;
  • 김우성 (호서대학교 컴퓨터학부)
  • Published : 2004.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

Delegation is one of important security policies in the access control area. We propose a management model of delegation integrated with ARBAC model for environment of distributed access control. We Integrate PBDM delegation model with ARBAC97 model, and suggest integrity rules of delegation for preventing security threats in new model. Our model supports both free delegation for users without intervention of administrators, and controlling delegation for security administrators.

위임(delegation)은 접근제어 분야에서 중요한 보안 정책 중의 하나이다. 본 논문에서는 분산 접근제어 환경에서 위임을 구현하기 위해 위임정책을 관리 역할기반 접근제어(ARBAC) 모델에 통합한 모델을 제안한다. 이를 위해 PBDM 위임 모델과 ARBAC97 모델이 통합된 새로운 모델을 제시하고 새로운 모델에서 위임이 가질 수 있는 보안 위협 요소를 제어하기 위한 위임 무결성 규칙을 제안하였다. 제안된 ARBAC-위임 통합 모델은 사용자들에게 필요시 보안 관리자의 개입 없이 주어진 범위 안에서 자유롭게 자신의 권한을 다른 사용자에게 위임 할 수 있게 하면서 동시에 보안 관리자들에게는 사용자들의 위임 행위를 제어할 수 있는 수단을 제공한다.

Keywords

References

  1. Lynn Andrea Stein, 'Delegation Is Inheritance,' Proc. of Object-Oriented Programming System, Languages, and Applications(OOPSLA '87). Vol.22, No.12, pp.138-146, 1987 https://doi.org/10.1145/38765.38820
  2. Moffett, J.D., 'Delegation of Authority Using Domain Based Access Rules,' PhD Thesis. Dept of Computing, Imperial College, University of London, 1990
  3. Morrie Gasser, Ellen McDermott, 'An architecture for practical Delegation in a Distributed System,' Proc. of IEEE Computer Society Symposium on Research in Security and Provacy, pp.20-30, 1990 https://doi.org/10.1109/RISP.1990.63835
  4. Nataraj Nagaratnam, Doug Lea, 'Securt Delegation for Distributed Object Environments,' Proc. of USENIX Conference on Object Oriented Technologies and Systems, pp. 101-116, 1998
  5. Cheh Goh and Adrian Baldwin, 'Towards a more complete Model of Role,' Proc. of 3rd ACM Workshop on Role-Based Access Control, pp.55-62, 1998
  6. Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer, 'The ARBAC97 Model for Role-Based Administration of Roles,' ACM Transactions on Information and System Security, Vol.2, No.1, pp.105-135, 1999 https://doi.org/10.1145/300830.300839
  7. Ezedin Barka and Ravi Sandhu, 'Framework for Role-Based Delegation Models,' Proc. of 16th Annual Computer Security Application Conference(ACSAC 2000), pp.168-176, 2000 https://doi.org/10.1109/ACSAC.2000.898870
  8. Ezedin Barka and Ravi Sandhu, 'A Role-Based Delegation Model and Some Extensions,' Proc. of 23rd national Information Systems Security Conference (NISSC 2000), pp. 2000
  9. Longhua Zhang, Gail-Joon Ahn, and Bei-Tseng Chu, 'A Rule-Based Framework for Role-Based Delegation,' Proc. of 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001), pp.404-441, 2001
  10. Sejong Oh, Ravi Sandhu, 'A Model of role Administration Using Organization Structure,' Proc. of 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp.155-162, 2002 https://doi.org/10.1145/507711.507737
  11. Xingwen Zhang, Sejong Oh and Ravi Sandhu, 'PBDM : A Felxible Delegation Model in RBAC,' Proc. of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp.149-157, 2003 https://doi.org/10.1145/775412.775431