An Integrated Management Model of OS-RBAC and Separation Of Duty Policy

변창우

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2010, 15(1), pp.167-175
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

변창우 ¹

¹인하공업전문대학

ABSTRACT

Like most large organizations, there are business rules such as ‘separation of duty’ and ‘delegation’ which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer’s authority range without the security officer’s intervention.
KEYWORDS

Security, Access Control, Separation of Duty, Role Based Access Control, Organizational Structure- RBAC
REFERENCES (16)

[confproc] M.J.Nash / 1990 / Some Conundrums Concerning Separation of Duty / IEEE Symposium on Research in Security and Privacy : 201~209

[confproc] V.D.Gligor, / 1998 / On the Formal Definition of Separation-of-Duty Polices and their Composition / IEEE Symposium on Security and Privacy, : 172~183

[confproc] R.Sandhu / 2000 / The NIST model for role-based access control:towards a unified standard / ,in Proc.of Fifth ACM Workshop on Role-Based Access Control, : 47~63

[journal] 문형진 / 2008 / Sensitive Personal Information Protection Model for RBAC System / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 13(5) : 103~110

[journal] R.Sandhu, / 1999 / The ARBAC97 model for role-based administration of roles / ACM Trans.Inf.And Syst.Sec 1(2) : 105~135

[journal] S.Perelson / 2001 / Separation of Duty Administration / South African Computer Journal 27 : 64~69

[confproc] J. B. D. Joshi / 2003 / Dependencies and Separation of Duty Constraints in GTRBAC / SACMAT’03 : 51~64

[confproc] M.Streambeck / 2004 / Conflict Checking of Separation of Duty Constraints in RBAC Implementation Experiences / in Proc.of the Conference on Software Engineering(SE2004) : 224~229

[confproc] H. Chen / 2006 / Constraint Generation for Separation of Duty / SACMAT’06 : 130~138

[confproc] T. Mossakowski / 2003 / A temporal-logic extension or role-based access control covering dynamic separation of duties / 4th International Conference on Temporal Logic : 83~90

[journal] 오세종 / 2004 / Permission-Based Separation of Duty Model on Role-Based Access Control / 정보처리학회논문지C / 한국정보처리학회 11(7) : 725~730

[journal] C.J.Moon / 2004 / Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration / Computers & Security 23 : 126~136

[journal] Sejong Oh / 2006 / An Organizational Structure-Based Administration Model for Decentralized Access Control / Journal of Information Science and Engineering 22(6) : 1465~1483

[confproc] Changwoo Byun / 2006 / OS-DRAM:A Delegation Administration Model in a Decentralized Enterprise Environment / The Seventh International Conference on Web-Age Information Management(WAIM 2006),Lecture Notes in Computer Science(LNCS) : 593~604

[journal] 황유동 / 2005 / Extended GTRBAG Model for Access Control Enforcement in Ubiquitous Environments / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 10(3) : 45~54

[confproc] N.Li / 2006 / Beyond Separation of Duty:An Algebra for Specifying High-level Security Policies / CCS’06 : 356~369
KCI Citation (0)

KJC Korea
Journal Central

Statistics

Tools