Hyung-Hyo Lee

An integrity enforcement application design and operation framework in role-based access control systems: A session-oriented approach

Role-based access control (RBAC) policy is being widely accepted not only as an access control policy but as a flexible permission management framework in various commercial environments. RBAC simplifies the process of security management by assigning permissions to roles not directly to individual users. As security administrators can design and manage security policies by changing the configuration of RBAC components to meet their organizations own security needs, RBAC is called policy-neutral and has ability to articulate enterprise-specific security policies. While most researches on RBAC are for defining, describing model in formal method and other important properties such as separation of duty, little work has been done on how applications should be designed and then executed in automated information systems based on RBAC security model. In this paper, we describe important, dynamic features of a session that can be used as a vehicle for building applications, and present a basic framework for session-oriented integrity enforcement application design and operation applicable to commercial environments.

Secure Event Service using SPKI/SDSI Certificate in Ubiquitous

Using an indirect event service instead of other traditional communication models has an advantage of decreasing the coupling of applications in a distributed environment and removing the need for many static dependencies. In this paper, we design and implement the secure event service for providing a secure ubiquitous computing environment. The Secure Event Service implemented in this paper enables users to perform content‐based event retrieval, and supports only eligible event consumer and event producer to publish and receive events through the secure event service. The SPKI/SDSI certificate is used for supporting authentication and authorization in the secure event service. In order to provide content‐based event retrieval, an asynchronous communication between event producers and consumers, and a disconnectedness support for mobile devices, we modify and expand the JavaSpace package.