• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.265-272
• /
• 2003

RBAC is an Access Control Mechanism for security administration of system resource and technique attracting in commercial fields because of reducing cost and complexity of security administration in large network. Many RBAC's research is progressive but several problems such as the delegation of role have been pointed out concerning the mechanism. It is necessary that a person's role delegate someone with reliability by reasons of a leave of absence, sick leave and the others. But the existing RBAC standards don't give definition of the delegation of roles. In this paper, we propose RBAC model that delegator can delegate subset of role and permission to a delegatee so that more efficient access control may be available.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.1-9
• /
• 2006

With role-based access control, access decisions are based on the roles that individual users have as part of an organization. In this paper, we propose a new RBAC model that a user delegate a permission to another user with function-unit for practical organization. A function-unit delegation is more safe than existing delegations on RBAC model. And FuRBAC model has a authentication to supervise security problems.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.45-54
• /
• 2005

The existing access control models have the demerits that do not provide the limit function of using resources by time constraint, the restricted inheritance function as a superior role in role hierarchy, the delicate delegation policy and the limit function of using resources by the location information about a user for the access control in ubiquitous environment. This paper proposes an Extended-GTRBAC model is suited to the access control in ubiquitous environment by applying to sub-role concept of GTRBAC model that the application of resources can be restricted by the period and time and PBDM and considering the location information about a user on temporal constraint. The proposal model can restrict the inheritance of permission in role hierarchy by using sub-role, provide the delicate delegation policy such as user-to-user delegation, role to role delegation, multi-level delegation. multi-step delegation, and apply diverse and delicate access control policy which is suited the characteristic of ubiquitous environment by considering the location information about a user on temporal constraint.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.470-482
• /
• 2008

This paper propose role base access control model that use context information for ubiquitous environment. Concept of access control that use context information assigns permission that can approach in some information or object in part. And do so that can assigned user in part to it and acquire permission. So it can approach in information or object. Therefore, user approaches in information or object in assigned role, and the role that is allocated ro own is having. So, do so that can secure information or utilization of object safety. Proposa1 model investigated lacking restriction item in GEO-RBAC model. So, it considered that present new restriction condition and role conflict in various case. Also, to GEO-RBAC model proposed suitable model, analyzed old model's advantage, shortcoming. And it presented proposal model to GEO-RBAC because improving this.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.303-306
• /
• 2011

System solutions for access control to the user's personal when you want to authenticate to the system is used. The valid user is really just a part of authorized users, the suitability of a valid user has been authenticated are not sure whether the problem is the fact. For example, one developer in the Unix operating system can be valid, but do not have permission to access the system should be limited for. In this paper, a single account for multiple users to use the system operational issues to improve the fine-grained delegation of authority, the session audit, the administrator account's policy-based management, with full rights the administrator account of distribution management and auditing the system overall is the study of access control measures.