• Journal of Korea Society of Industrial Information Systems
• /
• v.4 no.4
• /
• pp.137-142
• /
• 1999

This paper applies role-based access control(RBAC) policy for solving security problems when it will be operated business of many field on the Linux sever environments and designed RBAC＿Linux security systems that it is possible to manage security systems on the Linux environments. In this paper, the RBAC_Linux is security system which is designed for applicable on the Linux enviroment The applying RBAC model is based on RBAC96 model due to Sandhu et al. Therefor, the using designed RBAC_Linux security system on the Linux sever system have the advantage of the following: it can be implemented sever system without modifying its source code, high migration, easy and simple of secure managing.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.12a
• /
• pp.373-377
• /
• 1999

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. The administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system is required the consistency of a relationships between user and role in the RBAC Database. In this paper, we propose formal specification in order to manage user-role and role-role relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. This paper can easily derive the implementation of the RBAC administration tool by formal specification of operations.

• Journal of Korea Society of Industrial Information Systems
• /
• v.5 no.4
• /
• pp.16-21
• /
• 2000

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. Administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system must be maintain the integrity of user-role and role-role relationships in the RBAC Database. Therefor, it is required set functions, properties defining integrity of database. When it will be designed security systems which is applying RBAC policy on the Linux(server system environments, this paper defines integrity of database for user-role and role-role relationships, and we propose formal specification of operation in order to manage these relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. Also, this paper can easily derive the implementation of the RBAC administration tool by formal specification of operations. It leads us tn the minimal set for a more efficiently implementation of administration tool.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.12
• /
• pp.699-707
• /
• 2003

RBAC is accepted as a more advanced control method than existing DAC and MAC. Studies on the permission-role part of RBAC model are relatively insufficient compared with those on the user-role part, and researches on symmetric RBAC models to overcome this is also in an incipient stage. Therefore there is much difficulty in assigning permissions suitable for roles. This paper proposes an symmetric RBAC model that supplements the constraints on permission assignment set forth by previous studies. The proposed symmetric RBAC model reflects the conflicts of interests between roles and the sharing and integration of permissions on the assignment of permissions by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration. In addition, by expressing constraints prescribing prerequisite relations between dynamic permissions through AND/OR graphs, it is possible to effectively limit the complicated prerequisite relations of permissions. The constraints on permission assignment for the proposed symmetric RBAC model reduce errors in permission assignment by properly detailing rules to observe at the time of permission assignment.

• Review of KIISC
• /
• v.10 no.2
• /
• pp.51-60
• /
• 2000

역할기반 접근 통제(RBAC)는 사용자의 역할에 기반을 둔 접근통제 방법으로 Ravi S. Sandhu가 제안한 기본 모델 이후로 다양한 모델들이 제안되어졌다 그러나 이러한 모델들은 RBAC을 구성하는 특성들에 대한 일반적인 합의 없이 이루어지고 있으며 표준 참조 모델의 부재는 RBAC의 사용과 의미에 대해 혼란을 가져오고 있다. NIST(National Institute of Standards and Technology)에서는 이러한 문제점을 해결하기 위하여 현재까지 제안된 RBAC 모델과 상용제품등을 통하하여 단일화된 RBAC 모델을 제안하였고 앞으로 표준 제정을 위한 기초로서 활용한 예정이다 본논문에서는 NIST가 제안한 RBAC 표준 참조모델을 소개한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.382-389
• /
• 2006

Developing context awareness service In these day, It demands high security in context awareness service. So GEO-RBAC that provide user assignment of spatial role, assignment of permission, role schema, role instance and spatial role hierarchy to context awareness service is access control model to perfect in context awareness service. But GEO-RBAC is not considering temporal constraints that have to need context awareness environment. Consequently this paper improves the flexibleness of GEO-RBAC to consider time and period constraints notion and the time of GTRBAC that presents effective access control model. also we propose GEO-RBAC to consider temporal constraints for effective access control despite a various case.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1155-1160
• /
• 2003

This paper applies RBAC policy for solving on the security problems when it will be operated several business on the distributed environments and designed Extended RBAC (ERBAC) model that it is possible to manage security systems on the distributed environments. The designed ERBAC model is based on RBAC96 model due to Sandu et al and added role delegations. Therefor, the designed ERBAC model have the advantage of the following . it can be processed of business without interrupts and implemented server system without modifying its source code, high migration, easy and simple of secure managing.

• Review of KIISC
• /
• v.9 no.2
• /
• pp.45-58
• /
• 1999

역할기반 접근제어(RBAC)는 기업을 위한 응용분야에서 특별히 주목을 받고 있는 보안 기술이다. 그 이유는 RBAC이 대규모의 네트워크로 연결된 응용분야에서 보안 관리의 복잡성과 비용을 절감시켜 주기 때문이다. 본 기술 논문은 지금까지 연구된 RBAC의 연구 결과를 소개하고 향후의 과제에 대해 제시하는데 그 목적이 있다. 먼저 RBAC의 출현배경 과 기본 모델의 여러 요소들에 대해 소개한다. 그리고 RBSAC에 관련된 연구동향을 적용시 스템을 중심으로 분석한다. 특별히 Web 환경에서 RBAC의 적용에 초점을맞춘다. Web 환 경 특별히 인트라넷에서의 보안 필요성을 제시하고 여기에 적용된 RBSC(인터라넷-RBAC) 의 내용과 더불어 인트라넷-RBAC의 구현에 대해서도 소개한다. 마지막으로 향후에 추가적 으로 연구되어야할 과제들에 대해 분석한다.

• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.173-180
• /
• 2010

Information technology is being applied to the development of ubiquitous healthcare system, which provides both efficient patient care and convenient treatment regardless of patient's location. However, the increasing number of users and medical information give rise to the problem of user management and the infringement of privacy. In order to address this problem we propose a user access scheme based on the RBAC (Role Based Access Control) model. The preceding trust management model for Grid security, FAS(Federation Agent Server), was analyzed and extended to provide supplementary functions for role-based access control in u-Healthcare system. The RBAC model provides efficient user management and access control, but very vulnerable in case when one with valid role tries to leak confidential inner medical information. In order to resolve this problem, a RBAC-WS (Work Status with RBAC) model has been additionally developed which allows only qualified staffs to access the system while on duty. Th proposed RBAC and RBAC-WS model have been merged together and applied to the PACS (Picture Archiving and Communication System).

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.171-179
• /
• 2008

RBAC(Role based Access Control) is effective way of managing user's access to information object in enterprise level and e-government system. The concept of RBAC is that the access right to object in a system is not directly assigned o users but assigned by being a member of a role which is defined in a organization. RBAC is utilized for controling access range of privacy but it does not support the personal legal right of control over information and right of limited access to the self. Nor it contains the way of observation of privacy flow that is guided in a legal level. In this paper, extended RBAC model for protecting privacy will be suggested and discussed. Two components of Data Right and Assigning Data Right are added to existed RBAC and the definition of each component is redefined in aspect of privacy preservation. Data Right in extended RBAC represents the access right to privacy data. This component provides the way of control over who can access which privacy and ensures limitation of access quantity of privacy. Based on this extended RBAC, implemented examples are presented and the evaluation is discussed by comparing existed RBAC with extended RBAC.