Journal of the Semiconductor & Display Technology (반도체디스플레이기술학회지)

The Korean Society Of Semiconductor & Display Technology (한국반도체디스플레이기술학회)
권호 표지

A Study on Dynamic Role-based Service Allocation for Service Oriented Architecture System

서비스 지향 아키텍처 시스템을 위한 동적 역할 기반 서비스 할당에 관한 연구

  • 박용범 (단국대학교 소프트웨어학과) ;
  • 권예진 (한국과학기술정보연구원)
  • Received : 2018.02.06
  • Accepted : 2018.03.21
  • Published : 2018.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, web-based service software has been used as to combine various information or to share information according to the needs of users and the convergence of specialized fields and individual dependent systems. According to the necessity of the user, the proper service environment and the selective service environment according to the purpose and the needs of the user have been studied in a variety of specialized and combined professional research fields and industries. Software based on cloud systems and web services is being used as a tool for appropriate group and user groups and roles. A service system combined dynamically needs a module to manage a user through internal logic and grant a service access authentication. Therefore, it has been considered various approaches that a user who accesses the system is given a service access authority for a certain period of time. Also, when the deadline is over, the authority that you are given to access system will go through the process of expire the right. In this paper, we define the roles of users who access web services, manage user rights according to each role, and provide appropriate service resources to users according to their rights and session information. We analyzed the procedure of constructing the algorithm for the service according to the procedure of each user accessing the web service, granting the service resource and constructing a new role.

Keywords

References

  1. Ferraiolo, David F., D. Richard Kuhn, and Ramaswamy Chandramouli. "Role-Based Access Control, Artech House." Inc., Norwood, MA , 2003.
  2. Nash, Michael J., and Keith R. Poland. "Some conundrums concerning separation of duty." Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on. IEEE, 1990.
  3. Sandhu, Ravi S., et al. "Role-based access control models." Computer 29.2, pp. 38-47, 1996. https://doi.org/10.1109/2.485845
  4. Sandhu, Ravi, David Ferraiolo, and Richard Kuhn. "The NIST model for role-based access control: towards a unified standard." ACM workshop on Role-based access control. Vol. 2000, pp. 1-11, 2000.
  5. Bacon, Jean, et al. "Access control in publish/subscribe systems." Proceedings of the second international conference on Distributed event-based systems. ACM, pp. 23-34, 2008.
  6. Xu, Zhongyuan, and Scott D. Stoller. "Algorithms for mining meaningful roles." Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, pp. 57-66, 2012.
  7. Wang, Jingzhu, and Sylvia L. Osborn. "A role-based approach to access control for XML databases." Proceedings of the ninth ACM symposium on Access control models and technologies. ACM, pp. 70-77, 2004.
  8. Chen, Tsung-Yi, et al. "Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise." Computers in Industry, Vol. 58, No. 1, pp. 57-73, 2007. https://doi.org/10.1016/j.compind.2006.04.003
  9. Nicklous, M., and Stefan Hepper. "JSR 286: Portlet specification 2.0." Standard Available (retrieved 2011- 06-25) at http://www.jcp.org/en/jsr/detail, 2008.
  10. Hepper, Stefan. "JSR 286: Java portlet specification version 2.0." Java Community Process, 2008.
  11. Specifications, Introducing Java Portlet. "JSR 168 and JSR 286." Nettiartikkeli lokakuu, 2008.
  12. Rezgui, Yacine. "Role-based service-oriented implementation of a virtual enterprise: A case study in the construction sector." Computers in Industry, Vol. 58, No. 1, pp. 74-86, 2007. https://doi.org/10.1016/j.compind.2006.04.009
  13. Kim, Tae-Young, et al. "A modeling framework for agile and interoperable virtual enterprises." Computers in industry, Vol. 57, No. 3, pp. 204-217, 2006. https://doi.org/10.1016/j.compind.2005.12.003
  14. Strembeck, Mark. "Scenario-driven role engineering." IEEE Security & Privacy, Vol. 8, No. 1, 2010.
  15. Fadhel, Ameni Ben, Domenico Bianculli, and Lionel Briand. "A comprehensive modeling framework for role-based access control policies." Journal of Systems and Software, Vol. 107, pp. 110-126, 2015. https://doi.org/10.1016/j.jss.2015.05.015
  16. Biswas, Prosunjit, Ravi Sandhu, and Ram Krishnan. "Uni-ARBAC: A unified administrative model for rolebased access control." International Conference on Information Security. Springer, Cham, pp.218-230, 2016.
  17. Le, Xuan Hung, et al. "An enhancement of the rolebased access control model to facilitate information access management in context of team collaboration and workflow." Journal of biomedical informatics, Vol.45, No. 6, pp. 1084-1107, 2012. https://doi.org/10.1016/j.jbi.2012.06.001