Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

Security Model and Application of Persistent Object using Type Information in Integrated Environment of Distributed System

통합 분산환경에서 타입 정보를 이용한 지속성 객체의 보안 모델 및 응용

  • 김영수 (국민대학교 정보관리학과) ;
  • 최흥식 (국민대학교 비즈니스 IT학부)
  • Published : 2004.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

As a large number of distributed systems becoming more popular, interoperability, portability and security are becoming major concerns of modern computing. CORBA and object-oriented database which provide transparency of network and database are increasingly being used as the basis for distributed system to solve these problems. The two methods can help accomplish assurance of security by using a method-based access control technique or an attribute-based access control technique. These methods also enhance the unavailability or inefficiency caused by the delay of access process and bottleneck of the network due to the complex instance-based access control. We propose a security model on the type information based access control system that can enhance both security and availability by separating the functions delivered from CORBA and object-oriented databases. We apply the access control model specifically to enhancement of security system and also perform a test to verify the security and availability of our model.

분산시스템은 호환성과 이식성 그리고 보안 문제을 확대하고 있다. 이의 해결을 위하여 네트워크와 데이터에 대한 접근 투명성을 제공하는 코바와 객체데이타베이스가 폭넓게 사용되고 있으나 보안성의 보장을 위하여 사용하는 메서드와 속성지향적인 접근제어기법은 자료가 방대하고 사용자가 다수인 경우에는 가용성을 제한하고 효과적이지 못하다. 이는 접근처리지연과 네트워크폭주를 야기하는 객체의 인스턴스를 통한 접근제어를 수행하기 때문이다. 따라서 본 논문에서는 이의 해결책으로 보안성과 가용성을 동시에 고려하는 접근제어시스템으로 타입정보를 사용한 지속성객체의 접근제어 모델을 제안하고 이의 검증을 위하여 코바와 객체DB시스템의 접근제어모델과 분리 통합되는 형태로 지속성보안시스템을 구현하였다.

Keywords

References

  1. Cuppens, F. and A. Gabillon 'A logical approach to model a multilevel object oriented database,' in Database Security, Chapman and Hall, London, pp.145-166, 1997
  2. Reddy M., ORBs & ODBMS : 'Two complementary ways to distribute objects,' Object Magazine, pp. 24-30, June, 1995
  3. Karjoth, G., 'Authorization in CORBA Security,' In Proceedings of Fifth European Symposium on Research in Computer Security, pp. 143-158, 1998
  4. Blakley, B., R. Blakley and R.M. Soley, COR BA Security: An Introduction to Safe Computing with Objects, Addison-Wesley, 2000
  5. Byme R, M. Roantree, 'An Object Architec-ture for ODMG Database,' Proceeding of the 34th International HICSS Conference, IEEE Computer Press 2001
  6. Elisa, B., et al., 'An Access Control Model Supporting Periodicity Constraints and Tem-poral Reasoning,' ACM Transactions on Database Systems, 23(3), 1998
  7. Joshi, J.B.D. et al., 'Security Models for Web-based Applications,' Communications of the ACM, 2. pp. 44-52, 2001
  8. Hale, J., J. Threet, and S. Shenoi, Capabil-ity-based primitives for access control in object-oriented systems, in Database Security, Chapman and Hall, London, PP. 134-150, 1998
  9. Pernul, G., A. M. Tjoa and W. Winiwarter, Modelling Data Secrecy And Integrity, Data & Knowledge Engineering, Vol. 26, pp. 291-308, 1998 https://doi.org/10.1016/S0169-023X(97)00045-1
  10. Joon P., and S. Ravi, 'RBAC on the web by smart certificates.' In Proceedings of 4th ACM Workshop on Role-Based Access Control. ACM, Fairfax, VA, October pp. 28-29 1999
  11. Hale, J J. Threet, S. Shenoi, 'A framework for high assurance security of distributed objects,' in Database Security, Chapman and Hall, London, pp.99-115, 1997
  12. Evered, M., 'A Two-Level Architecture for Semantic Protection of Persistent Distribu-ted Objects,' Proc, Intl. Conf. on SoftwareMethods and Tools, Heidelberg 2000