Seog Park

Task-role-based access control model

There are many information objects and users in a large company. It is an important issue how to control users access in order that only authorized user can access information objects. Traditional access control models-- discretionary access control, mandatory access control, and role-based access control--do not properly reflect the characteristics of enterprise environment. This paper proposes an improved access control model for enterprise environment. The characteristics of access control in an enterprise environment are examined and a task-role-based access control (T-RBAC) model founded on concept of classification of tasks is introduced. Task is a fundamental unit of business work or business activity. T-RBAC deals with each task differently according to its class, and supports task level access control and supervision role hierarchy. T-RBAC is a suitable access control model for industrial companies.

Access control of XML documents considering update operations

As a large quantity of information is presented in XML format on the Web, there are increasing demands for XML security. Until now, research on XML security has been focused on the security of data communication using digital signatures or encryption technologies. As XML is also used for a data representation of data storage, XML security comes to involve not only communication security but also managerial security. Managerial security is guaranteed through access control, but existing XML access control models consider only read queries. These models may make some problems when unauthorized users try to change XML documents or their structure. Therefore the access control of update queries must be executed correctly and efficiently as well as read queries. In this paper, we discuss an XML access control model and propose a technique that supports not only read operations but also update operations. We define new action types to systematically manage complex information of access right and to process various update queries in an efficient manner. Using these action types, the system can save memory and other system resources that are used in DOM-based DTD verification process, and shortens the overall steps of access control by filtering unnecessary queries out at the early stage. Although for read queries the proposed access control model introduces a minor overhead in determining action types, for update queries it shows better performance compared to existing access control models.

Walk-weighted subsequence kernels for protein-protein interaction extraction

BackgroundThe construction of interaction networks between proteins is central to understanding the underlying biological processes. However, since many useful relations are excluded in databases and remain hidden in raw text, a study on automatic interaction extraction from text is important in bioinformatics field.ResultsHere, we suggest two kinds of kernel methods for genic interaction extraction, considering the structural aspects of sentences. First, we improve our prior dependency kernel by modifying the kernel function so that it can involve various substructures in terms of (1) e-walks, (2) partial match, (3) non-contiguous paths, and (4) different significance of substructures. Second, we propose the walk-weighted subsequence kernel to parameterize non-contiguous syntactic structures as well as semantic roles and lexical features, which makes learning structural aspects from a small amount of training data effective. Furthermore, we distinguish the significances of parameters such as syntactic locality, semantic roles, and lexical features by varying their weights.ConclusionsWe addressed the genic interaction problem with various dependency kernels and suggested various structural kernel scenarios based on the directed shortest dependency path connecting two entities. Consequently, we obtained promising results over genic interaction data sets with the walk-weighted subsequence kernel. The results are compared using automatically parsed third party protein-protein interaction (PPI) data as well as perfectly syntactic labeled PPI data.

An integrated real-time locking protocol

The authors examine a priority-driven locking protocol called integrated real-time locking protocol. They show that this protocol is free of deadlock, and in addition, a high-priority transaction is not blocked by uncommitted lower protocol. They show that this protocol is free of deadlock, and in addition, a high-priority transaction is not blocked by uncommitted lower priority transactions. The protocol does not assume any knowledge about the data requirements or the execution time of each transaction. This makes the protocol widely applicable, since in many actual environments such information may not be readily available. Using a database prototyping environment, it was shown that the proposed protocol offers a performance improvement over the two-phase locking protocol.<<ETX>>

Scalable and efficient web services composition based on a relational database

Abstract: Recently, there has been growing interest in web services composition. Web services composition gives us a possibility to fulfil the user request when no single web service can satisfy the functionality required by the user. In this paper, we propose a new system called PSR for the scalable and efficient web services composition search using a relational database. In contrast to previous work, the PSR system pre-computes web services composition using joins and indices and also supports semantic matching of web services composition. We demonstrate that our pre-computing web services composition approach in RDBMS yields lower execution time for processing user queries despite of and shows good scalability when handling a large number of web services and user queries.

Enterprise model as a basis of administration on role-based access control

Access control is one of the important security issues for large enterprise organizations. The role-based access control (RBAC) model is well known and recognized as a good security model for the enterprise environment. Though RBAC is a good model, the administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. The RBAC model itself does not tell the solution. Little research has been done on the practical ways of finding information that fills RBAC components such as role, role hierarchy, permission-role assignment, user-role assignment, and so on from the real world. We suggest model-based administration of RBAC in an enterprise environment. Model-based administration methods allow the security administrator to manage access control by a GUI that supports a graphical enterprise model. If the security administrator creates or changes some of the components of the graphical enterprise model, then it is translated to RBAC schema information by the administration tool. We focus on a practical way of deriving access control information from the real world. It is a core of model-based administration. We show the derivation method and implementation experiences.

Multiversion locking protocol with freezing for secure real-time database systems

Database systems for real-time applications must satisfy timing constraints associated with transactions. Typically, a timing constraint is expressed in the form of a deadline and is represented as a priority to be used by schedulers. Recently, security has become another important issue in many real-time applications. In many systems, sensitive information is shared by multiple users with different levels of security clearance. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, there is an urgent need to develop protocols for concurrency control in transaction management that satisfy both timing and security requirements. In this paper, we propose a new multiversion concurrency control protocol that ensures that both security and real-time requirements are met. The proposed protocol is primarily based on locking. However, in order to satisfy timing constraints and security requirements, a new method, called the freezing method, is proposed. In order to show that our protocol provides a higher degree of concurrency than existing multiversion protocols, we define a new serializability for multiversion concurrency control, called FR-serializability, which is more general than traditional serializability. We present several examples to illustrate the behavior of our protocol, along with performance comparisons with other protocols. The simulation results show significant performance improvement of the new protocol.

An Introduction to Authorization Conflict Problem in RDF Access Control

In this paper, related with RDF security, we introduce an RDF triple based access control model considering explicit and implicit authorization propagation. Since RDF Schema represents ontology hierarchy of upper and lower classes or properties, our access control model supports the explicit authorization propagation where an authorization specified against an upper concept is propagated to lower concepts by inheritance. In addition, we consider the implicit authorization propagation where an authorization specified against an lower concept is propagated to upper concepts by RDF inference. RDF Semantics, which is recommended by W3C, guides some primary RDF inference rules related with subClassOf and subPropertyOf where lower concepts are interpreted into upper concepts. Based on these two contrary propagations, we introduce an authorization conflict problem in RDF access control.

Implementing Web access control system for the multiple Web servers in the same domain using RBAC concept

As the Web server based system is being used more and more, having separate Web servers for each task to distribute the Web servers load are gaining much more popularity over having one main Web server to process all the tasks. When the user tries to access each Web server that contains a number of Web documents that are linked to each other via hyper-links within the domain, each Web server asks the user to follow the verification process even though the user is identical, and this prohibits the user from using the system efficiently. The role based access control method, which is the most suitable access control concept available now for the distributed Web server based system within the domain, is used in this paper. Additionally the method for controlling the level of Web document contents available to the user based on the users access permission rights is introduced to reduce the granularity of the document content access.

An Integration Model of Role-Based Access Control and Activity Based Access Control Using Task

Role-based access control (RBAC) and activity-based access control (ABAC) models are well known and recognized as a good security model for enterprise environment. (ABAC model is represented as ‘workflow’). But these models have some limitations to apply to enterprise environment. Furthermore, enterprise environment needs application both RBAC and ABAC models.