The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
RBAC(역할 기반 액세스 제어)는 다양한 컴퓨터 시스템에서 액세스 제어 메커니즘으로 널리 사용됩니다. 조직의 권한 라인은 승인된 직무 권한에 영향을 주기 때문에 역할도 계층 구조를 형성합니다. 역할 그래프는 역할 계층을 나타내는 모델이며 RBAC 배포의 런타임 단계에 적합합니다. 그러나 역할 그래프는 주어진 역할에 대해 다양한 형태를 취할 수 없고 역할 추상화를 제대로 처리할 수 없기 때문에 RBAC 배포의 설계 단계에는 적합하지 않습니다. 이에, 역할 그래프보다 더 유연한 형태를 취할 수 있는 확장된 역할 그래프를 제안한다. 확장된 역할 그래프는 다양성을 높이고 역할 추상화를 명확하게 하여 설계 단계에 적합합니다. 확장된 역할 그래프를 등가 역할 그래프로 변환하는 등가 변환 알고리즘(ETA)도 제안된다. ETA를 사용하면 시스템 관리자는 설계 단계에서 확장된 역할 그래프를 사용하고 런타임 단계에서 표준 역할 그래프를 사용하여 RBAC를 효율적으로 배포할 수 있습니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Yoshiharu ASAKURA, Yukikazu NAKAMOTO, "Extending a Role Graph for Role-Based Access Control" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 2, pp. 211-219, February 2009, doi: 10.1587/transinf.E92.D.211.
Abstract: Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.211/_p
부
@ARTICLE{e92-d_2_211,
author={Yoshiharu ASAKURA, Yukikazu NAKAMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Extending a Role Graph for Role-Based Access Control},
year={2009},
volume={E92-D},
number={2},
pages={211-219},
abstract={Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.},
keywords={},
doi={10.1587/transinf.E92.D.211},
ISSN={1745-1361},
month={February},}
부
TY - JOUR
TI - Extending a Role Graph for Role-Based Access Control
T2 - IEICE TRANSACTIONS on Information
SP - 211
EP - 219
AU - Yoshiharu ASAKURA
AU - Yukikazu NAKAMOTO
PY - 2009
DO - 10.1587/transinf.E92.D.211
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 2
JA - IEICE TRANSACTIONS on Information
Y1 - February 2009
AB - Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.
ER -