• Journal of the Korea Society of Computer and Information
• /
• v.27 no.9
• /
• pp.131-138
• /
• 2022

In this paper, we propose an FA-RBAC (FA-RBAC) model based on flexible properties. This model is assigned attribute-role-centric, making it easy to manage objects, as efficient as access control, and as the network environment changes, it can provide flexible access control. In addition, fine-grained permissions and simple access control can be achieved while balancing the advantages and disadvantages of the RBAC and ABAC models, reducing the number of access control rules by combining static attribute-based roles and dynamic attribute-based rules, and verifying the validity and performance benefits of the proposed model through comparison analysis and simulation.

• The Journal of Information Technology
• /
• v.6 no.1
• /
• pp.11-20
• /
• 2003

With the development of Information Communication Technique, electronic commerce using PKIs is widely used over the Internet. The goal of access control is to counter the threat of unauthorized operations involving Web-server or data base systems. The RBAC(Role-Based Access Control) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls. In this paper we propose two methods, the RBAC system using attribute certificates and the RBAC system using SPKI certificates. And we analyze and compare the two methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.55-63
• /
• 2001

There are many information objects and users in a large company. It is important issue how to control users access in order that only authorized user can access information objects, Traditional access control models do not properly reflect the characteristics of enterprise environment. This paper proposes an improved access control model for enterprise environment. The characteristics of access control in an enterprise are examined and a task role-based access control(T-RBAC) model founded on concept of classification of tasks is introduced. T-RBAC deals with each task differently according to its class, and supports task level access control and supervision role hierarchy.

• Journal of Information Technology Applications and Management
• /
• v.14 no.3
• /
• pp.49-77
• /
• 2007

Role-based access control (RBAC) models are recently receiving considerable attention as a generalized approach to access control. In line with the increase in applications that deal with spatial data. an advanced RBAC model whose entities and constraints depend on the characteristics of spatial data is required. Even if some approaches have been proposed for geographic information systems. most studies focus on the location of users instead of the characteristics of spatial data. In this paper. we extend the traditional RBAC model in order to deal with the characteristics of spatial data and propose new spatial constraints. We use the object-oriented modeling based on open GIS consortium geometric model to formalize spatial objects and spatial relations such as hierarchy relation and topology relation. As a result of the formalization for spatial relations. we present spatial constraints classified according to the characteristics of each relation. We demonstrate our extended-RBAC model called OOGIS-RBAC and spatial constraints through case studies. Finally. we compare our OOGIS-RBAC model and the DAC model in the management of access control to prove the efficiency of our model.

• Proceedings of the IEEK Conference
• /
• 2000.07a
• /
• pp.549-552
• /
• 2000

We address an access control in the mobile agent-based workflow system. The Role Based Access Control (RBAC) is suitable to model the access control for business processes. However, current RBAC models are not adequate to mobile agent-based workflow system. Because separation of duties becomes complicated and it is impossible to perform several workflows at the same time. To solve these problems, we limit the scope of privilege within the specified task. We define considerations, specification of constraints needed in RBAC when tasks are involved. Also, we present an access control scenario and algorithms in the mobile agent-based workflow system.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.725-730
• /
• 2004

Separation of Duty(SOD), with delegation, is one of important security principles in access control area. The role-based access control model adopts SOD principle, but it has some problems; SOD concept is inconsistent with role hierarchy, permissions that have no relation with SOD may be restricted, and delegation may violate SOD. We propose permission-based SOD model on role-based access control. We establishes SOD as a set of permissions instead of role level SOD. Furthermore we propose a principle of role activation. It solves SOD problems of RBAC and supports easy implementation of SOD policy.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.53-60
• /
• 2009

In home network environments, the user authentication and authorization associated user's information and usability may be important security issue. The OSGi service platform, a well-known home network gateway already specifies the mechanism of that. The traditional authority method provided OSGi implements simple RBAC(Role Based Access Control) model. This is difficult to support efficient access control. In this paper, we propose the dynamic RBAC model based on OSGi. The proposed method describes the extended framework that manage two roles named as absolute role and relative role, extend existed framework with relative role and propose programming model to enable dynamic access control. Finally, we implement the proposed framework using AspectJ and Java annotation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.49-62
• /
• 2000

Role-Based Access Control(RBAC) has recently received considerable attention as a alternative to traditional discretionary and mandatory access control to apply variant organizations function hierarchy of commercial or govemment. Also RBAC provides a delegation that is one of control principles in organization. In general delegation occurring in real organization is performed by an user giving permissions to another user. But, RBAC cannot implement these user-level delegation correctly. And delegation result in security problem such as destroying separation of duty policy information disclosure due to inappro-priate delegation. Besides security adminsitrator directly deals with that problem. In this thesis we suggests some methods that is created by the user.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11b
• /
• pp.199-201
• /
• 2005

RBAC(Role Based Access Control) 이란 특정 사용자가 어떤 대상에 특정 행동을 하는 데에 있어서 그 사용자가 가진 역할 (Role) 에 의해 접근 가능유무를 판정하게 하는 방법이다. 그 RBAC 에 역할간의 계층관계를 추가한 것이 계층적 RBAC (Hierarchicai RBAC)이다. 본 논문에서는 그런 다른 어플리케이션에 쉽게 추가 되거나 아니면 독자적으로 인증 기능을 가지는 계층적 RBAC 서버에 사용될 수 있는 API 와 그와 관련된 응용 어플리케이션을 자바와 데이터베이스를 이용하여 설계 및 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.1
• /
• pp.65-75
• /
• 2000

역할 기반 접근 제어(RBAC: Role Based Access Control)는 각 시스템 자원의 안전성을 보장하기 위한 접근 제어 기술이다. 거대한 네트워크에서 보안 관리의 복잡성과 비용을 줄여주는 기능 때문에, 특히 상업적인 분야에서 더욱 큰 관심을 끌고 있다. 본 논문에서는 RBAC 역할 계층 구조 개념만을 사용할 경우의 취약점을 해결하기 위해 두 가지 연산을 제시하였다. 그리고 이를 통하여 사용자와 권한(pemission)을 간접적으로 연관시킴으로써, RBAC 관리자가 사용자마다 연산을 추가하거나 삭제할 수 있도록 하였고 직관적인 관리자 인터페이스를 제공하여 관리자가 쉽게 사용자 역할, 그리고 연산 사이의 관계를 파악할 수 있도록 하였다. 그리고 이를 기반으로 RBAC 시스템을 설계하고 대학의 종합정보 시스템을 모델로 구현하였다.