Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]


Journal of Information Science and Engineering, Vol. 22 No. 6, pp. 1465-1483 (November 2006)

An Organizational Structure-Based Administration Model for Decentralized Access Control*

Sejong Oh, Changwoo Byun and Seog Park
Department of Computer Science
Dankook University
Cheonan, 330-714 South Korea
+Department of Computer Science
Sogang University
Seoul, 121-742 South Korea

We propose an effective administration model using organizational structure for a decentralized role-based access control environment. Access control administration is a critical issue for large organizations and information systems. A large organization needs decentralized access control by multiple security officers because it has many users and information objects, and a single security officer cannot do all the work. If an organization has multiple security officers, managing them is another important security task. The task includes defining the authority scope and keeping the administrative operations of each security officer legal. Access control administration means controlling security officers°¶ administrative work. ARBAC is a typical model for access control administration. ARBAC defines authority scope using the role hierarchy, and it leads many shortcomings. Our proposed model uses the organizational structure as a basis for defining authority scope and keeping administrative operations legal. The proposed model overcomes the shortcomings of ARBAC, and offers a clear rationale for access control administration.

Keywords: access control, role, organization, organizational structure, security

Full Text (•Ģ§Śņ…) Retrieve PDF document (200611_10.pdf)

Received October 11, 2005; revised February 20, 2006; accepted March 29, 2006.
Communicated by Jeannette Wing.
* This research was supported by the Ministry of Information and Communication (MIC), Korea, under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).