Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Type based Access Control Model and Application of Rehabilitation Psychology Analysis System

재활심리분석시스템의 타입기반 접근제어 모델 및 응용

  • Kim, Young-Soo (Research and Business Foundation, Korea Nazarene University) ;
  • Kim, Jung-Dae (Research and Business Foundation, Korea Nazarene University)
  • Received : 2013.08.07
  • Accepted : 2013.09.07
  • Published : 2013.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

As rehabilitation psychology analysis system which manages examination information becoming more popular, interoperability, portability and security are becoming major concerns of modern computing. We propose a security model on the type information based access control system for rehabilitation psychology analysis that can enhance both security and availability by separating the functions delivered from object-oriented databases to solve these problems. We apply the access control model specifically to enhancement of security system and also perform a test to verify the security and availability of our model.

상담자의 심리검사에 대한 정보와 자원을 관리하는 재활심리분석시스템은 정보교환의 호환성과 보안 문제를 발생시키고 있다. 이런 문제를 해결하기 위하여 네트워크와 데이터에 대한 접근 투명성을 제공하는 객체지향시스템을 폭넓게 사용되고 있으나 보안을 보장하기 위해 사용하는 메서드와 속성 지향적인 접근제어기법은 저장된 데이타가 방대하고 다수의 사용자가 서비스 요청시 가용성을 제한되고 효과적이지 못하다. 따라서 본 논문에서는 재활심리분석을 위한 데이터베이스시스템에서 접근처리지연과 네트워크 폭주의 해결책으로 보안성과 가용성을 동시에 고려하는 접근제어시스템으로 타입정보를 사용한 객체의 접근제어 모델을 제안하고 이의 검증을 위하여 객체지향 시스템의 접근제어모델과 분리 통합되는 형태로 타입 보안 모델을 구현하였다.

Keywords

References

  1. Blakley, B., R. Blakley and R.M. Soley, CORBA Security: An Introduction to Safe Computing with Objects, Addison-Wesley, 2010.
  2. Byrne R, M. Roantree, "An Object Architecture for ODMG Database," Proceeding of the 34th International HICSS Conference, IEEE Computer Press 2010.
  3. Cuppens, F. and A. Gabillon "A logical approach to model a multilevel object oriented database," in Database Security, Chapman and Hall, London, pp.145-166, 2010.
  4. Elisa, B., et al., "An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning," ACM Transactions on Database Systems, 23(3), 2012
  5. Evered, M., "A Two-Level Architecture for Semantic Protection of Persistent Distributed Objects," Proc, Intl. Conf. on Software Methods and Tools, Heidelberg 2012.
  6. Hale, J., J. Threet, S. Shenoi, "A framework for high assurance security of distributed objects," in Database Security, Chapman and Hall, London, pp.99-115, 2011.
  7. Hale, J., J. Threet, and S. Shenoi, Capability-based primitives for access control in object-oriented systems, in Database Security, Chapman and Hall, London, pp. 134-150, 2010.
  8. Joon P., and S. Ravi, "RBAC on the web by smart certificates." In Proceedings of 4th ACM Workshop on Role-Based Access Control. ACM, Fairfax, VA, October pp. 28-29 2011
  9. Joshi, J.B.D. et al., "Security Models for Web-based Applications," Communications of the ACM, 2. pp. 44-52, 2011.
  10. Karjoth, G., "Authorization in CORBA Security," In Proceedings of Fifth European Symposium on Research in Computer Security, pp. 143-158, 2010.
  11. Pernul, G., A. M. Tjoa and W. Winiwarter, Modelling Data Secrecy And Integrity, Data & Knowledge Engineering, Vol. 26, pp. 291-308, 2011.
  12. Reddy M., ORBs & ODBMS : "Two complementary ways to distribute objects," Object Magazine, pp. 24-30, June, 2010.