• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.1360-1364
• /
• 2004

This paper propose an extended model for role-permission assignment based on locations called "Enhanced Role-Based Access Control (ERBAC03)". The proposed model is built upon the well-known RBAC model. Assigning permissions to role is considered too complex activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. The concept of jobs and tasks is specifically introduced to facilitate role-permission assignment into a series of smaller steps. This model is suitable for any large organization that has many branches. Each branch consists of many users who work in difference roles. An administration tool has been developed to assist administrators with the administration of separation of duty requirements. It demonstrates how the specification of static requirements can be done based on "conflicting entities" paradigm. Static separation of duty requirements must be enforced in the administration environment. Finally, we illustrate how the ERBAC03 prototype is used to administer the separation of duty requirements.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.455-468
• /
• 2008

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.11
• /
• pp.2254-2271
• /
• 2011

Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.

• The Journal of Information Systems
• /
• v.14 no.3
• /
• pp.1-8
• /
• 2005

This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.151-166
• /
• 2007

As the number of users who are involved in a business process increases, it becomes imperative to effectively control their privileges of accessing sensitive data and information which are usually easily obtained by BPM system. Traditional RBAC (Role-based Access Control) model was first introduced to provide a logical framework to prevent unauthorized users from obtaining confidential, but in more dynamic environment such as B2B and SCM process, it usually lacks in capability of addressing such issues as configurability, customizability, or scalability of user privileges. In this study, we have proposed a privilege-template based RBAC model that can address such issues effectively. We also provided a design of the RBAC model along with illustrative examples and pseudo codes that can be used for implementing a prototype system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.6
• /
• pp.1256-1264
• /
• 2009

When unapproved users access to healthcare system and use medical information for other malicious purposes, it could severely threaten important information related to patients' life, because in ubiquitous environment healthcare service makes patient's various examination results, medical records or most information of a patient into data. Therefore, to solve these problems, we design RBAC(Role Based Access Control) for U-healthcare that can access control with location, time and context-awareness information like status information of user and protect patient's privacy. With implementation of the proposed model, we verify effectiveness of the access control model for healthcare in ubiquitous environment.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.8 no.1
• /
• pp.11-30
• /
• 2004

Access Control is one of essential branches to provide system's security. Depending on what standards we apply, in general, there are Role-based access control, History-based access control. The first is based on subject's role, The later is based on subject's history. In fact, RBAC has been implemented, we are using it by purchasing some orders through the internet. But, HBAC is so complex that there will occur some errors on the system. This is more and more when HBAC is used with other access controls. So HBAC's formalization and model which are general enough to encompass a range of policies in using more than one access control model within a given system are important. To simplify these, we design the mathematical model called non-access structure. This Non-access structure contains to historical access list. If it is given subjects and objects, we look into subject grouping and object relation, and then we design Non-access structure. Then we can determine the permission based on history without conflict.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.69-75
• /
• 2018

The key technology of Industry 4.0, Smart factory is evaluated as the driving force of our economic development hereafter and a lot of researches have been established. Various entities including devices, products and managers exist in smart factory, but roles of these entities may be continuous or variable and can become extinct not long after. Existing methods for access control are not suitable to adapt to the variable environment. If we don't consider certain security level, important industrial data can be the targets of attacks. We need a new access control method satisfying desired level of efficiency and security without excessive system loads. In this paper, we propose a new RBAC-PAC which extend AC defined for PKC to the authority attribute of roles. We distribute PACs for roles through block chain method to provide the efficient access control. We verified that RBAC-PAC is more efficient in the smart factory with large number of entities which need a frequent permission update.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.63-69
• /
• 2004

The purpose of this paper is to design a system model which is needed for integrating the secure role-based access control model into web-based application systems. For this purpose, firstly, the specific system architecture model using a user-pull method is presented. This model can be used as a design paradigm. Secondly, the practical system working model is proposed. which specifies the mechanism that performs role-based access control in the environment of web-based application systems. Finally, the comparison and analysis is shown in which the merits with the proposed system model is presented.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.564-565
• /
• 2019

The Internet of Things technology is regarded as the next major technology that will be the driving force behind the fourth industrial revolution. The characteristics of entities for Internet of Things application are changing more actively and actively, requiring a more detailed approach, but existing access control technologies are designed around users, requiring access control techniques that maintain efficiency and security with less system load to apply complex and variable content. Therefore, research on role-based access controls that are appropriate for Internet of Things entities is essential. In this study, the relevant research for the study of access control of the Internet of Things entities and the RBAC and AC methods that can define the properties of the various entities within the Internet of Things.