• Title/Summary/Keyword: Role-Based Access Control

Search Result 273, Processing Time 0.029 seconds

A Role-Based Delegation Model Using Role Hierarchy with Restricted Permission Inheritance (권한상속제한 역할계층을 이용한 역할기반 위임 모델)

  • 박종순;이영록;이형효;노봉남;조상래
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.129-138
    • /
    • 2003
  • Role-Based Access Control(RBAC) model is becoming a promising model for enterprise environments with various organization structures. In terms of role hierarchy, each senior role inherits all the permissions of its junior roles in the role hierarchy, and a user who is a member of senior role is authorized to carry out the inherited permissions as well as his/her own ones. But there is a possibility for senior role members to abuse permissions. Since senior role members need not have all the authority of junior roles in the real world, enterprise environments require a restricted inheritance rather than a unconditional or blocked inheritance. In this paper, we propose a new role-based delegation model using the role hierarchy model with restricted inheritance functionality, in which security administrator can easily control permission inheritance behavior using sub-roles. Also, we describe how role-based user-to-user, role-to-role delegations are accomplished in the model and the characteristics of the proposed role-based delegation model.

Role-Based Access Control in Object-Oriented GIS (객체지향 지리정보시스템에서의 역할 기반 접근 제어)

  • Kim, Mi-Yeon;Lee, Cheol-Min;Lee, Dong-Hoon;Moon, Chang-Joo
    • Journal of Information Technology Applications and Management
    • /
    • v.14 no.3
    • /
    • pp.49-77
    • /
    • 2007
  • Role-based access control (RBAC) models are recently receiving considerable attention as a generalized approach to access control. In line with the increase in applications that deal with spatial data. an advanced RBAC model whose entities and constraints depend on the characteristics of spatial data is required. Even if some approaches have been proposed for geographic information systems. most studies focus on the location of users instead of the characteristics of spatial data. In this paper. we extend the traditional RBAC model in order to deal with the characteristics of spatial data and propose new spatial constraints. We use the object-oriented modeling based on open GIS consortium geometric model to formalize spatial objects and spatial relations such as hierarchy relation and topology relation. As a result of the formalization for spatial relations. we present spatial constraints classified according to the characteristics of each relation. We demonstrate our extended-RBAC model called OOGIS-RBAC and spatial constraints through case studies. Finally. we compare our OOGIS-RBAC model and the DAC model in the management of access control to prove the efficiency of our model.

  • PDF

A Model of Role Hierarchies providing Restricted Permission Inheritance (권한상속 제한 기능을 제공하는 역할계층 모델)

  • 이용훈;김용민;이형효;진승헌
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.37-45
    • /
    • 2003
  • Role-based Access Control(RBAC) model has advantage of easy management of access control with constraints such as permission inheritance and separation of duty in role hierarchy. However, previous RBAC studies could not properly reflect the real-world organization structure with its role hierarchy. User who is a member of senior role can perform all permissions because senior role inherits all permissions of junior roles in the role hierarchy. Therefore there is a possibility for senior role members to abuse permissions due to violation of the least privilege principle. In this paper, we present a new model of role hierarchy, which restricts the unconditional permission inheritance. In the proposed model, a role is divided into sub roles(unconditional inheritance. restricted inheritance, private role), keeping organization structure in corporate environment. With restricted inheritance, the proposed model prevents permission abuse by specifying the degree of inheritance in role hierarchy.

Access Control Model using RBAC in BYOD(Bring Your Own Device) (RBAC(Role Based Access Control)을 이용한 BYOD(Bring Your Own Device) 접근제어 관한 연구)

  • Bae, Yo-Han;Lee, Hee-Jo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2014.04a
    • /
    • pp.379-382
    • /
    • 2014
  • BYOD 는 다양한 기기에서 상호 운용되고, 상황에 따라 다른 접근권한을 가질 수 있다. BYOD 는 기업의 입장에서는 생산성 향상과 기기에 대한 비용 감소 등의 장점을 가지고 있다. 하지만 보안의 중대한 취약점을 가지고 있고 기업은 개인이 사용하는 각기 다른 기기들에 대해서 통제하기 힘들다는 점과 관리비용은 오히려 상승할 수도 있다는 점 등의 단점들이 부각이 되고 있다. BYOD 에 접근 가능한 권한들을 효율적으로 관리하여 접근권한 관련 설정 오류를 최소화하고, 권한이 없는 사용자의 접근을 차단하기 위한 'BYOD 환경에 적합한 접근 제어 기술'이 요구된다. 따라서 본 논문에서는 BYOD 시장의 급속한 발달과, 스마트 폰 하드웨어,소프트웨어의 발전에 맞춰 RBAC(Role Based Access Control)을 이용한 접근제어 방법을 제안한다. 이는 사용자 특성, 역할 특성, 시스템 특성에 따라 권한 활성화 제약이 가능하며, 권한 위임과 권한 상속 시에 시간, 위치정보, 위기 상황 발생여부에 따라 제약을 할 수 있다.

Implementation of Secure Role Based Access Control System on the WWW (WWW에서 안전한 역할 기반 접근 제어 시스템 구현)

  • 이희규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.1
    • /
    • pp.65-75
    • /
    • 2000
  • 역할 기반 접근 제어(RBAC: Role Based Access Control)는 각 시스템 자원의 안전성을 보장하기 위한 접근 제어 기술이다. 거대한 네트워크에서 보안 관리의 복잡성과 비용을 줄여주는 기능 때문에, 특히 상업적인 분야에서 더욱 큰 관심을 끌고 있다. 본 논문에서는 RBAC 역할 계층 구조 개념만을 사용할 경우의 취약점을 해결하기 위해 두 가지 연산을 제시하였다. 그리고 이를 통하여 사용자와 권한(pemission)을 간접적으로 연관시킴으로써, RBAC 관리자가 사용자마다 연산을 추가하거나 삭제할 수 있도록 하였고 직관적인 관리자 인터페이스를 제공하여 관리자가 쉽게 사용자 역할, 그리고 연산 사이의 관계를 파악할 수 있도록 하였다. 그리고 이를 기반으로 RBAC 시스템을 설계하고 대학의 종합정보 시스템을 모델로 구현하였다.

A Trust Management Model for PACS-Grid

  • Cho, Hyun-Sook;Lee, Bong-Hwan;Lee, Kyu-Won;Lee, Hyoung
    • Journal of information and communication convergence engineering
    • /
    • v.5 no.2
    • /
    • pp.144-149
    • /
    • 2007
  • Grid technologies make it possible for IT resources to be shared across organizational and security domains. The traditional identity-based access control mechanisms are unscalable and difficult to manage. Thus, we propose the FAS (Federation Agent Server) model which is composed of three modules: Certificate Conversion Module (CCM), Role Decision Module (RDM), and Authorization Decision Module (ADM). The proposed FAS model is an extended Role-Based Access Control (RBAC) model which provides resource access capabilities based on roles assigned to the users. FAS can solve the problem of assigning multiple identities to a shared local name in grid-map file and mapping the remote entity's identity to a local name manually.

Application of Multi-Resolution Modeling in Collaborative Design (협업 설계에서의 다중해상도 모델링 응용)

  • Kim, Taeseong;Han, Junghyun
    • Journal of the Korea Computer Graphics Society
    • /
    • v.9 no.2
    • /
    • pp.1-9
    • /
    • 2003
  • Information assurance(IA) refers to methodologies to protect engineering information by ensuring its availability, confidentiality, integrity, non-repudiation, authentication, access control, etc. In collaborative design, IA techniques are needed to protect intellectual property, establish security privileges and create "need to know" protections on critical features. Aside from 3D watermarking, research on how to provide IA to distributed collaborative engineering teams is largely non-existent. This paper provides a framework for information assurance within collaborative design, based on a technique we call role-based viewing. Such role-based viewing is achieved through integration of multi-resolution geometry and security models. 3D models are geometrically partitioned, and the partitioning is used to create multi-resolution mesh hierarchies. Extracting an appropriately simplified model suitable for access rights for individual designers within a collaborative design environment is driven by an elaborate access control mechanism.

  • PDF

Minimization of Security Policies in Database Security System applying Role-Based Access Control (역할기반 접근 제어를 적용한 데이터베이스 보안 시스템에서의 보안 정책 최소화)

  • Jung Min-A;Lee Kwang-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.6
    • /
    • pp.1364-1370
    • /
    • 2005
  • There are many security models for database systems using policy-based access control. RBAC (Role-based Access Control) is used for complementing MAC (Mandatory Access Control) and DAC (Discretionary Access Control) and is for performing flexibly security policies meet applied environment. We implemented the database security system that applies DAC, MAC, and RBAC to meet security requirements of users. However, security policies are constructed redundantly whenever security policies are needed to each user in this system. Even though the proposed security system can flexibly control more complicated 'read' access to various data sizes for individual users, it is obvious that there is a possibility that a new policy can be a duplication of existing policies. In this paper, we introduce the problem of policy duplication and propose the policy management module. With this proposed module, constructed policies are checked for duplication and deleted or merged with existing policies.

Definition of Security Requirement in Access Control (접근 통제의 보안 요건 정의)

  • Shin, Seong-Yoon;Kim, Chang-Ho;Jang, Dai-Hyun;Lee, Hyun Chang;Rhee, Yang-Won
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.192-193
    • /
    • 2014
  • Attendant services (user) roles (Role) and act on the data used should be based access control and permissions. Large amounts of important information to view and change the pre-approval must be acquired. Non-constant time for the session must control actions.

  • PDF

Application Design and Execution Framework in Role-Based Access Control Systems (역할기반 접근통제 시스템에서 응용 프로그램의 설계 및 시행지원 프레임워크)

  • Lee, Hyeong-Hyo;Choe, Eun-Bok;No, Bong-Nam
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.11
    • /
    • pp.3020-3033
    • /
    • 1999
  • Role-Based Access Control(RBAC) security policy is being widely accepted not only as an access control policy for information security but as both a natural modeling tool for management structure of organizations and flexible permission management framework in various commercial environments. Important functions provided by the current RBAC model are to administrate the information on the components of RBAC model and determine whether user's access request to information is granted or not, and most researches on RBAC are for defining the model itself, describing it in formal method and other important properties such as separation of duty. As the current RBAC model which does not define the definition, design and operation for applications is not suitable for automated information systems that consist of various applications, it is needed that how applications should be designed and then executed based on RBAC security model. In this paper, we describe dynamic properties of session which is taken for a passive entity only activated by users, as a vehicle for building and executing applications in an automated information systems. And, a framework for session-oriented separation of duty property, application design and operation is also presented.

  • PDF