유비쿼터스 환경에 적합한 접근제어 모델에 관한 연구
A Study of Access Control Model for Ubiquitous Computing Environment
- 주제(키워드) Information Security , Access Control
- 발행기관 아주대학교
- 지도교수 김동규
- 발행년도 2006
- 학위수여년월 2006. 2
- 학위명 박사
- 학과 및 전공 정보통신전문대학원 정보통신공학과
- 본문언어 영어
초록/요약
Role-based access control (RBAC) is one of the famous access control models and is widely used in both research and industry. Several models of RBAC have been published and several commercial implementations are available. However, most of these models and commercial products depend on current wired network and do not consider ubiquitous computing environment. Recently, ubiquitous computing begins to receive attention increasingly as a new paradigm after Internet. Ubiquitous computing literally denotes a situation in which computing is done everywhere. It is different features from current Internet services. Therefore, the access control model for ubiquitous computing environment should consider these different features. The current access control models have several problems in employing ubiquitous computing environment such as representing features related to environment. Common RBAC models do not have formal expressions for various and dynamic environment. The extended several RBAC models try to adapt some environment features but these models have problems in representing dynamically changeable permission. For that reason, we propose an access control model for ubiquitous computing environment that supports environment and situation features such as temporal and spatial dimensions and relationship. In order for the proposed model to support ubiquitous computing environment, it has new concepts such as Conditions, Object Entity, U-Services and Subject Entity. Subject Entity (SE) is subjects such as users and devices that have a right to use some services in ubiquitous computing environment. Role (R) has same meaning of role in RBAC model. U-Service (SV) has similar meaning of permission in RBAC model but it has wider concept than permission has. Object Entity (OE) is objects such as users and devices that are targets of service. Conditions (C) is kind of constraints in RBAC model and it consists of two components; Situation information (SI) and relationship (RE). These new concepts are formally described and defined as syntax and semantics. For creation and maintenance of the proposed access control model, various functions and functional specifications are required. Administrative functions, supporting system functions and review functions are defined and represented by Z-notation. Semantics, system states, traces, and construction of execution model for the proposed model are introduced and defined to show how the proposed model is used in ubiquitous computing environment. In order to show the applicability of the proposed access control model, various example cases are illustrated. The example cases show that the proposed model is suitable for various and dynamic ubiquitous computing environment. From the comparison with other models, we show that the proposed model supports more environment factors than other access control models do.
more목차
Abstract ii
Table of Contents v
List of Figures vii
List of Tables viii
Abbreviations ix
Chapter 1 Introduction 1
1.1 Preliminary 1
1.2 Dissertation Statement 3
1.3 Dissertation Contour 3
Chapter 2 Background and Related Works 5
2.1 Role-based Access Control (RBAC) 5
2.2 TRBAC and GTRBAC 11
2.3 SRBAC 14
2.4 Other Extended Works 14
2.5 Ubiquitous Computing Services 16
2.6 Summary 19
Chapter 3 The Proposed Access Control Model 20
3.1 Motivations of Study 20
3.2 Overview of the Proposed Access Control Model 22
3.3 U-Service 24
3.4 Conditions 25
3.4.1 Situation Information 27
3.4.2 Relationship 27
3.4.3 Location Hierarchy 28
3.5 Role States 30
3.6 Summary 33
Chapter 4 Formal Description of the Proposed Access Control Model 35
4.1 Basic Elements 35
4.2 Symbols 38
4.3 Time Expression 39
4.4 Place Expression 40
4.5 Relationship Expression 42
4.6 Conditions Expression 42
4.7 Access Control Policy Expression 43
4.8 Summary 47
Chapter 5 System Functions 49
5.1 Functional Specification Overview 49
5.2 Administrative Functions 50
5.3 Supporting System Functions 59
5.4 Review Functions 62
5.5 Summary 64
Chapter 6 Execution Model and Case Studies 65
6.1 Execution Model 65
6.2 Case Studies 75
6.2.1 Only Time Conditions Required 76
6.2.2 Only Place Conditions Required 77
6.2.3 Only Relationship Conditions Required 78
6.2.4 Other Cases 79
6.3 Comparisons with Other Models 83
6.4 Summary 85
Chapter 7 Conclusions and Further Studies 86
7.1 Conclusions 86
7.2 Further Studies 87
Bibliography 89
