• Title/Summary/Keyword: role based access control

Search Result 273, Processing Time 0.026 seconds

An Extended Role-based Access Control Model with Privacy Enforcement (프라이버시 보호를 갖는 확장된 역할기반 접근제어 모델)

  • 박종화;김동규
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.8C
    • /
    • pp.1076-1085
    • /
    • 2004
  • Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

A Role-Based Access Control Model ensuring Confidentiality and Integrity (비밀성과 무결성을 보장하는 역할기반 접근제어모델)

  • Byun Chang-Woo;Park Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.3
    • /
    • pp.13-29
    • /
    • 2005
  • An important characteristic of role-based access control model(RBAC) is that by itself it is policy neutral. This means RBAC articulates security policy without embodying particular security policy. Because of this reason, there are several researches to configure RBAC to enforce traditional mandatory access control(MAC) policy and discretionary access control(DAC) policy. Specifically, to simulate MAC using RBAC several researches configure a few RBAC components(user, role, role-hierarchy, user-role assignment and session) for keeping no-read-up rule and no-write-down rule ensuring one-direction information flow from low security level to high security level. We show these researches does not ensure confidentiality. In addition, we show the fact that these researches overlook violation of integrity due to some constraints of keeping confidentiality. In this paper we propose a RBAC model satisfying both confidentiality and integrity. We reexamine a few RBAC components and constructs additional constraints.

Dynamic Access Control for Personalized Environment in Ubiquitous Computing

  • Kim, Yuna;Shin, IlShik;Hong, Sung Je;Kim, Jong
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.2 no.4
    • /
    • pp.233-241
    • /
    • 2007
  • In an ubiquitous environment, for controlling user access according to environment of users, a number of access control models enforcing dynamic environment of users have been proposed. However, they do not support personalized environments of each user and have a run-time overhead of searching active roles. In this paper, we propose a new model, PE-RBAC, that extends the RBAC architecture by addition of a personalized environment component as a constraint to accommodate dynamic and mobile users. In this model, a dynamic role activation is presented by using a new role-to-environment structure instead of the conventional role hierarchy, which makes it efficient to find the active roles according to a user's personalized environment.

  • PDF

Extended GTRBAC Model for Access Control Enforcement in Enterprise Environments (기업환경의 접근제어를 위한 확장된 GTRBAC 모델)

  • Park Dong-Eue;Hwang Yu-Dong
    • Journal of Korea Multimedia Society
    • /
    • v.8 no.2
    • /
    • pp.211-224
    • /
    • 2005
  • With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model and sub-role hierarchies concept. The proposed model, called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) Model, supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control now dependency and separation of duty constraints(SoDs). Also it supports unconditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies in order to allow expressing access control policies at a finer granularity in corporate enterprise environments.

  • PDF

Extending Role-based Access Control for Privacy Preservation in Academic Affairs System (교무업무시스템에서의 개인정보보호를 위한 역할기반 접근 제어 확장)

  • Kim, Bo-Seon;Hong, Eui-Kyeong
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.14 no.2
    • /
    • pp.171-179
    • /
    • 2008
  • RBAC(Role based Access Control) is effective way of managing user's access to information object in enterprise level and e-government system. The concept of RBAC is that the access right to object in a system is not directly assigned o users but assigned by being a member of a role which is defined in a organization. RBAC is utilized for controling access range of privacy but it does not support the personal legal right of control over information and right of limited access to the self. Nor it contains the way of observation of privacy flow that is guided in a legal level. In this paper, extended RBAC model for protecting privacy will be suggested and discussed. Two components of Data Right and Assigning Data Right are added to existed RBAC and the definition of each component is redefined in aspect of privacy preservation. Data Right in extended RBAC represents the access right to privacy data. This component provides the way of control over who can access which privacy and ensures limitation of access quantity of privacy. Based on this extended RBAC, implemented examples are presented and the evaluation is discussed by comparing existed RBAC with extended RBAC.

An Architecture of Access Control Model for Preventing Illegal Information Leakage by Insider (내부자의 불법적 정보 유출 차단을 위한 접근통제 모델 설계)

  • Eom, Jung-Ho;Park, Seon-Ho;Chung, Tai-M.
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.59-67
    • /
    • 2010
  • In the paper, we proposed an IM-ACM(Insider Misuse-Access Control Model) for preventing illegal information leakage by insider who exploits his legal rights in the ubiquitous computing environment. The IM-ACM can monitor whether insider uses data rightly using misuse monitor add to CA-TRBAC(Context Aware-Task Role Based Access Control) which permits access authorization according to user role, context role, task and entity's security attributes. It is difficult to prevent information leakage by insider because of access to legal rights, a wealth of knowledge about the system. The IM-ACM can prevent the information flow between objects which have the different security levels using context role and security attributes and prevent an insider misuse by misuse monitor which comparing an insider actual processing behavior to an insider possible work process pattern drawing on the current defined profile of insider's process.

Role Based Smart Health Service Access Control in F2C environment (F2C 환경에서 역할 기반 스마트 헬스 서비스 접근 제어)

  • Mi Sun Kim;Kyung Woo Park;Jae Hyun Seo
    • Smart Media Journal
    • /
    • v.12 no.7
    • /
    • pp.27-42
    • /
    • 2023
  • The development of cloud services and IoT technology has radically changed the cloud environment, and has evolved into a new concept called fog computing and F2C (fog-to-cloud). However, as heterogeneous cloud/fog layers are integrated, problems of access control and security management for end users and edge devices may occur. In this paper, an F2C-based IoT smart health monitoring system architecture was designed to operate a medical information service that can quickly respond to medical emergencies. In addition, a role-based service access control technology was proposed to enhance the security of user's personal health information and sensor information during service interoperability. Through simulation, it was shown that role-based access control is achieved by sharing role registration and user role token issuance information through blockchain. End users can receive services from the device with the fastest response time, and by performing service access control according to roles, direct access to data can be minimized and security for personal information can be enhanced.

A System Architecture Design for Web-Based Application Systems using Role-Based Access Control (직무기반 접근제어를 사용하는 웹기반 응용 시스템의 시스템 아키텍처 설계)

  • Lee, Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.12
    • /
    • pp.217-225
    • /
    • 2010
  • Among web-based systems being widely used now, there are so many systems which are still using an user-level access control method. By successfully applying role-based access control(RBAC) to web-based application systems, we can expect to have an effective means with reinforced security for Internet-based systems. In order to apply RBAC to web-based application systems, we should come up with a system architecture for it. I proposed a system architecture which is needed to apply RBAC to web-based application systems. The proposed system architecture is largely composed of system composition and system functioning. For details, firstly, a certificate used by RBAC is specified. Secondly, a system architecture using a user-pull method is proposed and overall system components are mentioned with a role server being centered. Then, I showed how the system architecture can work to carry out RBAC on web-based application systems. Lastly, the analyses on the proposed system architecture are described for the purpose of proving its feasibility.

Master Integrity Principle for Effective Management of Role Hierarchy (효과적인 역할계층 관리를 위한 기본 무결성 규칙)

  • Oh Se-Jong
    • The KIPS Transactions:PartC
    • /
    • v.12C no.7 s.103
    • /
    • pp.981-988
    • /
    • 2005
  • Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.

User-Level Delegation in Extended Role-Based Access Control Model (확장된 역할기반 접근제어 모델에서의 사용자 수준의 위임기법)

  • 박종화
    • The Journal of Information Technology
    • /
    • v.4 no.4
    • /
    • pp.15-24
    • /
    • 2001
  • In current role-based systems, security officers handle assignments of users to roles. This may increase management efforts in a distributed environment because of the continuous involvement from security officers. The role-based delegation provides a means for implementing RBAC in a distributed environment. The basic idea of a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a user-level delegation model, which is based on Extended Role-Based Access Control(ERBAC). ERBAC provides finer grained access control on the base of subject and object level than RBAC model.

  • PDF