Design and Implementation of RDBAC Framework for Privacy on NEIS

Abstract

In Korea, as concerns for protecting privacy is increased in developing E-government, digital era, it is needed to develop the more sophisticated mechanism for secure strategy. Research in the area of role-based access control (RBAC) has made fast progress over the last ten years and is well-known to effective techniques to reduce the complexity of role administration and ensure the security policy in large institutions or enterprises. However, we came to faced with two questions in adopting RBAC; how controls the access right of huge users in real world and how restricts the personal data access range of each user who takes the same role in organization. In RBAC model, the accessible data range is defined by role and its' system operation and it is needed to be extend it's model. In this paper we proposed new role and data based access control (RDBAC) platform, which was extended data access control mechanism and deployed in NEIS (National Education Information System). NEIS is a web based centralized education administration system. It was developed as one of the 11 E-government projects by Ministry of Education and Human Resource Development (MOE&HRD) in Korea. Our approach of designing RDBAC model was successfully adopted in NEIS and it warrants our secure policy. Our contributions of RDBAC framework represented as three parts; simplifying complexity of user/role association, providing flexibility of role/operations association, and ensuring complete secure policies and principles by limiting access data range.