The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

RBAC Based Security Model for International Logistic Service

국제 물류 서비스를 위한 RBAC 기반 보안 모델

  • 황정희 (남서울대학교 컴퓨터학과) ;
  • 신문선 (건국대학교 컴퓨터시스템학과) ;
  • 이종연 (충북대학교 컴퓨터교육과) ;
  • 황익수 (한국무역정보통신)
  • Published : 2009.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

RFID technique which is recognizable without the physical contact between the reader and the tag is the core to archive ubiquitous environment, and has been attracting a lot of interest from both industry and academic institutes. Especially, RFID based logistic service management can get the low priced cost and the advancement of the appointed date of delivery. In this paper, we first analyze security requirements of international logistics process, and then propose a RBAC based security model and represent access control constraints using UML.

RFID 기술은 유비쿼터스 환경을 구현하기 위한 핵심기술 중 하나로 물리적인 접촉 없이 인식 가능한 기술로써 기업과 학술적 분야에서 많은 관심을 받고 있다. 특히 물류 환경에서 RFID 기술 기반의 물류 환경 관리는 비용 및 납기의 개선 등에 큰 효율성을 가져올 수 있다. 이 논문에서는 국제 물류 프로세스에 대한 보안 요구사항을 분석하고 RBAC 기반의 접근 제어 모델을 제안한다. 그리고 접근제어의 제약조건을 UML로 표현한다.

Keywords

References

  1. 대한상공회의소, 'http://scm.korcham.net/download/SCM_guide.pdf, 2005
  2. 안규희, 이기열, 정목동, 'RFID 애플리케이션을 위한 엔터프라이즈 애플리케이션 프레임워크와 비즈니스 프로세스 모델,' 한국정보과학회 가을 학술 논문집, 제 33권 제2호, 2006.10
  3. 최길영, 성낙선, 모희숙, 박찬원, 권성호, 'RFID 기술 및 표준화동향,' 전자통신동향분석 제22권 제3호, 2007. 6
  4. 산은경제연구소. 'RFID산업의 동향과 전망,' 2007.09
  5. EPCglobal. 'The EPCglobal architecture framework final version,' July 1,2005
  6. EPCglobal. 'EPC Information Services(EPCIS) Version 1.0 Specification,' April 12, 2007
  7. EPCglobal. 'Object Naming Service(ONS) Version 1.0,' October 4,2005
  8. EPCglobal, 'EPCglobal Tag Data Standard Version 1.3 Ratified Specification,' http://www.epcglobalinc.org, March 8, 2006
  9. EPCglobal, 'Reader Protocol Standard, Version 1.1 Ratified Standard,' http://www.epcglobalinc.org, June 21, 2006
  10. NIST(National Institute of Standards and Technology). 'Guidelines for Securing Radio Frequency Identification System,' April, 2007
  11. EPCglobal, 'EPCglobal Data Exchange Joint Discussion Group,' September 19, 2006
  12. A Basic Introduction to RFID Technology and Its use in the Supplychain, http://www.printronix.com/uploadedFiles/Laran_WhitePaper_RFID.pdf, January 2004
  13. N.Mayer, A. Rifaut and E.Dubois, 'Towards Risk-Based Security Requirements Engineering Framework,' In Proceedings of the 11the International Workshop on Requirements Engineering: Foundation for Software Quality, 2005
  14. L.Liu, E.S.K.Yu and J.Mylopoulus, 'Security and Privacy Requirements Analysis within a Social Setting,' In Proceedings of the 11the IEEE International Workshop on Requirements Engineering Conference, 2003
  15. S.Lee, R.Gandhi and G.Ahn 'Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems,' In Proceedings of the 3rd Symposium on Requirements Engineering for Information Security, 2005
  16. A. Poniszewska-Maranda, 'Role Engineering of information system using extended RBAC,' In Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, WETICE 2005 https://doi.org/10.1109/WETICE.2005.50
  17. P. Epstein, R. Sandhu, 'Toward A Uml Based Approach to Role Engineering,' In Proceedings of the fourth ACM workshop on Role-based access control table of contents, 1999 https://doi.org/10.1145/319171.319184
  18. I. Ray, N. Li, R. France, 'Using UML To Visualize Role-Based Access Contol Constraints,' In Proceedings of the ninth ACM symposium on Access control models and technologies table of contents, 2004 https://doi.org/10.1145/990036.990054