Sensitive Personal Information Protection Model for RBAC System

Hyung Jin Moon; 서정석

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2008, 13(5), pp.103-110
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Hyung Jin Moon ¹, 서정석 ²

¹延大科學技術大學
²나사렛대학교

ABSTRACT

Due to the development of the e-commerce, the shopping mall such as auction collects and manages the personal information of the customers for efficient service. However, because of the leakage of the personal information in auction, the image of the companies as well as the information subjects is damaged. Even though the organizations and the companies store the personal information as common sentences and protect using role based access control technique, the personal information can be leaked easily in case of getting the authority of the database administrator. And also the role based access control technique is not appropriate for protecting the sensitive information of the information subject. In this paper, we encrypted the sensitive information assigned by the information subject and then stored them into the database. We propose the personal policy based access control technique which controls the access to the information strictly according to the personal policy of the information subject. Through the proposed method we complemented the problems that the role based access control has and also we constructed the database safe from the database administrator. Finally, we get the control authority about the information of the information subject
KEYWORDS

개인정보(Personal Information), Access Control, Privacy, SpRBAC, SIMS
REFERENCES (14)

[journal] 양형규 / 2007 / A Study on Personal Information Hacking using Domestic Search Engines / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(3) : 195~202

[web] OECD / 2001 / OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data / http://www1.oecd.org/publications/e-book/ 9302011E.PDF

[book] W. Stallings / Cryptography and Network Security

[journal] M.C. Mont / 2005 / An Adaptive Privacy Management System For Data Repositories / TrustBus2005(LNCS 3592) : 236~245

[confproc] S.Sessay / 2005 / A Secure Database encryption scheme / second IEEE Consumer Communications and Networking Conference : 49~53

[journal] H.J. Mun / 2006 / Person-Wise Privacy Level Access Control for Personal Information Directory Services / EUC2006(LNCS 4096) : 89~98

[journal] Hyung-Jin Mun / 2007 / Subject-wise Policy based Access Control Mechanism for Protection of Personal Information / ICCIT2007(IEEE CS) : 2242~2247

[journal] 문형진 / 2006 / Design of a Policy based Privacy Protection System using Encryption Techniques / 정보보호학회논문지 / 한국정보보호학회 16(2) : 33~43

[journal] 문형진 / 2007 / Effective Access Control mechanism for Protection of Senstive Personal Information / 한국통신학회논문지C / 한국통신학회 32(7) : 667~673

[thesis] 문형진 / 2008 / 주체정책을 반영한 역할기반 개인정보 보호기법 / 충북대학교

[journal] D. F. Ferraiolo / 1992 / Role-Based Access Control / Poceedings of the 15th National Computer Security Conference : 554~563

[journal] R.S. Sandhu / 1996 / Role- Based Access Control Models / IEEE Computer 29(2) : 38~47

[confproc] D.F.Ferraiolo / 1999 / A Role Based Access Control Model and Reference Implementation within a Corporate Intranet / ACM Transactions on Information and System Security

[journal] Joon S. Park / 2001 / Role-based Access Control on the Web / ACM Transactions on Information and System Security 4(1) : 37~71
KCI Citation (6)

KJC Korea
Journal Central

Statistics

Tools