A System Architecture Design for Web-Based Application Systems using Role-Based Access Control (직무기반 접근제어를 사용하는 웹기반 응용 시스템의 시스템 아키텍처 설계)

Ho Lee (이호)

A System Architecture Design for Web-Based Application Systems using Role-Based Access Control

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2010, 15(12), pp.217-225
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Ho Lee ¹

¹한국재활복지대학

Accredited

ABSTRACT

Among web-based systems being widely used now, there are so many systems which are still using an user-level access control method. By successfully applying role-based access control(RBAC) to web-based application systems, we can expect to have an effective means with reinforced security for Internet-based systems. In order to apply RBAC to web-based application systems, we should come up with a system architecture for it. I proposed a system architecture which is needed to apply RBAC to web-based application systems. The proposed system architecture is largely composed of system composition and system functioning. For details, firstly, a certificate used by RBAC is specified. Secondly, a system architecture using a user-pull method is proposed and overall system components are mentioned with a role server being centered. Then, I showed how the system architecture can work to carry out RBAC on web-based application systems. Lastly, the analyses on the proposed system architecture are described for the purpose of proving its feasibility.

KEYWORDS

RBAC(Role-Based Access Control), 직무기반접근제어(RBAC), 접근제어(Access Control)

Citation status

* References for papers published after 2023 are currently being built.

[confproc] A. Schaad / 2001 / Detecting Conflicts in a Role-Based Delegation Model / Proc.of the 17th Annual Conference on Computer Security Applications : 117~127

[journal] Ravi S.Sandhu, / 1996 / Role-Based Access Control Models / IEEE Computer : 38~47

[confproc] Bandmann O / 2002 / Constrained Delegation / Proc.of IEEE Symposium on Security and Privac : 131~140

[confproc] Joon S. Park / 1998 / Decentralized User-Role Assignment for Web-based Intranets / Proc.of ACM on RBAC : 1~12

[confproc] Joon S.Park / 1999 / RBAC on the Web by Smart Certificates / Proc.of ACM on RBAC : 1~9

[confproc] Gail-Joon Ahn / 2000 / Injecting RBAC to Secure a Web-based Workflow System / Proc.of ACM on RBAC : 1~10

[confproc] Andreas Schaad / 2001 / The RBAC of a European Bank / Proc.of ACM on RBAC : 3~9

[thesis] Joon S.Park / 1999 / Secure Attribute Services on the Web / 박사 / George Mason University

[journal] 이호 / 2000 / 안전한 인터넷 사용을 위한 접근 제어 메커니즘 설계 / 한국컴퓨터정보학회 5(3) : 84~90

[journal] 이호 / 2002 / 웹기반 응용을 위한 직무기반접근 제어 모델의 설계 / 정보보증논문지 / 한국사이버테러정보전학회 2(2) : 59~66

[confproc] Elisa Bertino, / 2001 / On Specifying Policies for Web Documents with an XML-based Language / Proc.of ACM on RBAC : 57~65

[confproc] Microsoft / 2000 / Internet Information Server / IIS Help File with Windows 2000 Advanced Server : 1~8

[confproc] Serban I.Gavrila, / 1998 / Formal Specification for RBAC User/Role and Role/Role Relationship Management / Proc.of ACM 3rd Workshop on RBAC : 81~90

[journal] 이호 / 2004 / Design of a Simulation Model for Integrated Access Control / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 9(4) : 49~54

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65