• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.37-45
• /
• 2003

Role-based Access Control(RBAC) model has advantage of easy management of access control with constraints such as permission inheritance and separation of duty in role hierarchy. However, previous RBAC studies could not properly reflect the real-world organization structure with its role hierarchy. User who is a member of senior role can perform all permissions because senior role inherits all permissions of junior roles in the role hierarchy. Therefore there is a possibility for senior role members to abuse permissions due to violation of the least privilege principle. In this paper, we present a new model of role hierarchy, which restricts the unconditional permission inheritance. In the proposed model, a role is divided into sub roles(unconditional inheritance. restricted inheritance, private role), keeping organization structure in corporate environment. With restricted inheritance, the proposed model prevents permission abuse by specifying the degree of inheritance in role hierarchy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.129-138
• /
• 2003

Role-Based Access Control(RBAC) model is becoming a promising model for enterprise environments with various organization structures. In terms of role hierarchy, each senior role inherits all the permissions of its junior roles in the role hierarchy, and a user who is a member of senior role is authorized to carry out the inherited permissions as well as his/her own ones. But there is a possibility for senior role members to abuse permissions. Since senior role members need not have all the authority of junior roles in the real world, enterprise environments require a restricted inheritance rather than a unconditional or blocked inheritance. In this paper, we propose a new role-based delegation model using the role hierarchy model with restricted inheritance functionality, in which security administrator can easily control permission inheritance behavior using sub-roles. Also, we describe how role-based user-to-user, role-to-role delegations are accomplished in the model and the characteristics of the proposed role-based delegation model.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.981-988
• /
• 2005

Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1834-1839
• /
• 2005

Database security is essential to protect their data in most organization such as hospitals, central or local governments, banks which manage the private, sensitive and important data. Because the duty of the department recently became more various and complicated, the changes of security requirement are needed more frequently. Therefore, easily changeable, flexible security policy and efficient security management with preserving the integrity of security policy are very important. In this paper, we implemented a flexible database security system in the specimen and clinical information management system of leukemic research center using IRH(Improved Role Hierarchy). Data is protected by MAC and we propose a flexible access control and effective administration by using the IRH that is an improved role hierarchy of RBAC. If security policy is needed for changes, this system can do it easily by simply modifying the IRH with the decentralized administration. The modified security policy can be applied flexibly after alteration because the security level of the subject is not fixed but can be derived automatically from the IRH when user connects the system.

• Language and Information
• /
• v.18 no.1
• /
• pp.53-75
• /
• 2014

This study discovers the dynamic nature of an interactional hierarchy as well as an institutional hierarchy in the use of Korean honorifics. Data was collected from the conversations of two Korean female interlocutors. The interlocutors met for the first time in the U.S. and often changed their use of honorifics. The paper examines the method in which the two interlocutors negotiate hierarchies during interaction and how the negotiation is reflected in their use of honorific shifts. The paper also investigates honorific shifts in terms of self-representation to suggest that there is another hierarchy at work other than the institutional hierarchy. An examination of the data shows that the shifts occurred not randomly but strategically. The findings suggest that 1) interlocutors may negotiate interactional hierarchy during their conversation, often in the same sentence, 2) interactional hierarchy often cross the boundary of the institutional hierarchy to obtain interactional goals, in this case, intimacy, and 3) the utterance contents may play a significant role in the interlocutors' honorific shifts.

• Korean Institute of Interior Design Journal
• /
• no.13
• /
• pp.197-202
• /
• 1997

In this study, we surveyed historical housing settlements of Hwangjon in Bonghwa-a clan village in Youngnam district which was formed in the Chosun Dynasty. We observe the relationships among the spatial layout of clan villages, the water flows and the family hierarchies as follows; (1) when a clan village was initially formed, the water flow, which is the phylosophical foundation of Poong Soo, was the most important factor for determining the original location; (2) as villages prosper, the water flow and the family hierarchy still played an important role in determining the following geological locations; (3) in modern age, however, the water flow and the family hierarchy lost the role in detrmining the geological locations; (4) consequently, in present days, each household becomes isolated from the village. Reflecting on these observations, for village to be maintained, we conclude that we need novel practical and cohesive village forming drives that can replace the water flows and the family hierarchy in the past.

• Journal of Fisheries and Marine Sciences Education
• /
• v.23 no.3
• /
• pp.503-514
• /
• 2011

Port Authority in Korea does not have financial independence nor fair recruitment practices, thus the prospects of the establishment of the Port Authority is not adequate. Therefore independent and effective port administration cannot be achieved. To overcome this situation, this paper examines the port administration system in Korea and identifies its problems. This paper then provides an 'modeling of Analytical Hierarchy structure' for evaluation. An alternative solution is provided by carrying out a public survey, analysing the significance of the evaluation factor using the techniques of the Analytical Hierarchy Process. The significance of profitability was identified. The role of central government is significant when assessing the public service function of port administration; and the role of the private company is significant when assessing the independence. In addition, the private company is significant when assessing profitability. The private company is the alternative for port administration in Korea, based on the evaluation of various alternatives.

• Journal of the Korea Safety Management & Science
• /
• v.13 no.2
• /
• pp.129-135
• /
• 2011

Logistics parks make profits using the efficiency of time and space. Such logistics parks play an important role in a corporation creating operating profits as well as acting as a method of alternative investment for individuals. Logistics parks no longer simply store materials, but have become a place that plays an important role in various areas of corporate and individual activities, and thus the analysis of the selection of the location of logistics parks and the related characteristics is extremely important. The estimation model is established by the weights for industry derived from AHP(Analytic Hierarchy Process).

• The KIPS Transactions:PartD
• /
• v.8D no.6
• /
• pp.853-860
• /
• 2001

In the object-oriented software development, redesigning of classes and reorganizing of class hierarchy structures should be necessary to reduce many of the headaches of object-oriented software design and maintenance. To support this task, in this paper, we propose a theoretical foundation for class hierarchy reorganizations that is relatively complete, correct, formal and easy to understand and use. We introduce the flattened class hierarchy that characterizes the class hierarchy structures in object-oriented software evolution. And we also present an algorithm which transforms a given class hierarchy into the normalized form. The flattened class hierarchy helps us map the inheritance and aggregation paths in a class hierarchy to paths in an object hierarchy that is an instance of the class hierarchy. By applying the algorithm into a given class hierarchy, we can make a new, object-preserved, and flattened class hierarchy that is the cornerstone for reorganization of class hierarchy structure and plays an important role as a bridge on the incremental evolutionary changes and reuse of object-oriented software to reorganize class hierarchies.

• Journal of Internet Computing and Services
• /
• v.7 no.5
• /
• pp.109-121
• /
• 2006

In this paper, we suggest lattice based role graph security management model which changes security level in mandatory access control model as well as constraint and role hierarchy systematically in role base access control model. In this model, we solved privilege abuse of senior role that is role graph model's problem, and when produce conflict between privileges, we can keep integrity of information by reseting grade of subject through constraint. Also, we offer strong security function by doing to be controlled by subject's security level as well as privilege inheritance by role hierarchy, Finally, we present the role graph algorithms with logic to disallow roles that contain conflicting privileges.