• Title/Summary/Keyword: Role-based Security Management Model

Search Result 86, Processing Time 0.026 seconds

A Role-driven Security and Access Control Model for Secured Business Process Management Systems

  • Won Jae-Kang;Kim Kwang-Hoon
    • The Journal of Information Systems
    • /
    • v.14 no.3
    • /
    • pp.1-8
    • /
    • 2005
  • This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

  • PDF

Role Based Petri-Net : Role Based Expression Model for an Efficient Design of Attack Scenarios (Role Based Petri Net : 공격 시나리오의 효율적 설계를 위한 역할 기반 표현 모델)

  • Park, Jun-Sik;Cho, Jae-Ik;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.1
    • /
    • pp.123-128
    • /
    • 2010
  • Graph expression of attack scenarios is a necessary method for analysis of vulnerability in server as well as the design for defence against attack. Although various requirement analysis model are used for this expression, they are restrictive to express combination of complex scenarios. Role Based Petri Net suggested in this paper offer an efficient expression model based role on Petri Net which has the advantage of concurrency and visuality and can create unknown scenarios.

Design and Analysis of Role-based Security Management Model for Policy-based Security Management in SNMPv3 Network (SNMPv3 통신망의 정책기반 보안관리를 위한 역할기반 보안관리 모델의 설계 및 분석)

  • Ju, Gwang-Ro;Lee, Hyeong-Ho;No, Bong-Nam
    • The KIPS Transactions:PartC
    • /
    • v.8C no.5
    • /
    • pp.573-584
    • /
    • 2001
  • Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

  • PDF

Role Graph Security Management Model based on Lattice (격자기반 역할그래프 보안 관리 모델)

  • Choi, Eun-Bok;Park, Ju-Gi;Kim, Jae-Hoon
    • Journal of Internet Computing and Services
    • /
    • v.7 no.5
    • /
    • pp.109-121
    • /
    • 2006
  • In this paper, we suggest lattice based role graph security management model which changes security level in mandatory access control model as well as constraint and role hierarchy systematically in role base access control model. In this model, we solved privilege abuse of senior role that is role graph model's problem, and when produce conflict between privileges, we can keep integrity of information by reseting grade of subject through constraint. Also, we offer strong security function by doing to be controlled by subject's security level as well as privilege inheritance by role hierarchy, Finally, we present the role graph algorithms with logic to disallow roles that contain conflicting privileges.

  • PDF

Design of Security Management Function for SNMPv3 using Role-Based Access Control Model (역할기반 접근통제 모델을 이용한 SNMPv3 보안관리기능 설계)

  • 이형효
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2001.05a
    • /
    • pp.1-10
    • /
    • 2001
  • SNMPv3 provides the security services such as authentication and privacy of messages as well as a new flexible and extensible administration framework. Therefore, with the security services enabled by SNMPv3, network managers can monitor and control the operation of network components more secure way than before. But, due to the user-centric security management and the deficiency of policy-based security management facility, SNMPv3 might be inadequate network management solution for large-scaled networks. In this paper, we review the problems of the SNMPv3 security services, and propose a Role-based Security Management Model(RSM), which greatly reduces the complexity of permission management by specifying and enforcing a security management policy far entire network.

  • PDF

Role of Management and Protection Motivation's influence on the Intention of Compliance with Information Security Policies: Based on the Theory of Planned Behavior (경영진 역할과 보호동기 요인이 정보보안정책 준수 의지에 미치는 영향: 계획행동이론을 기반으로)

  • Shin, Hyuk;Kang, Min Hyung;Lee, Cheol Gyu
    • Convergence Security Journal
    • /
    • v.18 no.1
    • /
    • pp.69-84
    • /
    • 2018
  • This study examines antecedents of the intention of compliance with information security policies based on Ajzen's Theory of Planned Behavior. The study conducted the following: Verification of casual relations between role of management and protection motivation and the antecedents of planned behavior as parameters to determine the effect on the intention of compliance with information security policy, and comparative analysis between the research model and a competition model. The result of the study disclosed that, in the research model, attitude and subjective norm took an intermediary role on management beliefs, response efficacy, response cost, self-efficacy, and compliance intention, and perceived behavior control on management beliefs, self-efficacy and compliance intention.

  • PDF

An Integrated Management Model of OS-RBAC and Separation Of Duty Policy (OS-RBAC과 임무분리 정책의 통합 관리 모델)

  • Byun, Chang-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.1
    • /
    • pp.167-175
    • /
    • 2010
  • Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

An Integrated Computer Security Model Based on the General Trust Theory (신뢰성이론을 바탕으로 한 통합 컴퓨터 보안 모형에 관한 연구)

  • Lee, Sang-Gun;Yoo, Sang-Jin
    • Asia pacific journal of information systems
    • /
    • v.12 no.1
    • /
    • pp.123-138
    • /
    • 2002
  • For the last two decades, there has been much research on computer abuse from the perspective of the general deterrence theory based on objectism, which covers security policy, security awareness programs, and physical security system. The traditional view offered by the general deterrence theory indicates that security policy, security awareness, and security system play a major role in preventing computer abuse. In spite of continuous organizational efforts and investments based on these systematic factors, the incidence of computer abuse in organizations is still rapidly increasing. This paper proposes another perspective-the social control theory based on subjectism-in preventing computer abuse. According to the social control theory, organizational trust, which comprises organizational attachment, commitment, involvement and norms, can prevent computer abuse by reducing insider's computer abuse. The aim of this article is to assess the role of organizational trust come from attachment, commitment, involvement, norms in preventing computer abuse. The results indicate that both organizational trust and deterrent factors are effective in preventing computer abuse.

Master Integrity Principle for Effective Management of Role Hierarchy (효과적인 역할계층 관리를 위한 기본 무결성 규칙)

  • Oh Se-Jong
    • The KIPS Transactions:PartC
    • /
    • v.12C no.7 s.103
    • /
    • pp.981-988
    • /
    • 2005
  • Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.

A Study on An Architecture of the Security improved Document DRM for preventing Information Leakage in Military Information System Environment (국방 정보시스템 환경에서 정보유출 방지를 위한 보안성이 강화된 문서 DRM 설계에 관한 연구)

  • Eom, Jung Ho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.1
    • /
    • pp.41-49
    • /
    • 2011
  • We designed a security improved document DRM for protecting document based military information which is transmitted in the military information system environment. The user should be could not access document which not related to his/her role and duty, and must view the only document appropriate for his/her role and security level according to the security level of document. We improved the security of document DRM by adding to the access control module in DRM server. Our system allows operation mode authorizations for the document, considering the user's role & security level and the security level of document. And it prevents indiscriminate access to the document and damage the confidentiality and integrity of information.