Somchart Fugkeaw

Mahidol University, Krung Thep, Bangkok, Thailand

Are you Somchart Fugkeaw?

Claim your profile

Publications (17)0 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.
    03/2010: pages 393-413;
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development framework of collaborative access control for OLAP queries spanning over multi-data warehouse (DW). The approach is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of DW user identification and privilege of fact and dimensional access. To integrate several security policies from DWs, we employ the XACML policy integration to serve interoperation and authorization management. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the implementation details of the prototype A-Cold (Access Control of web-OLAP over multiple DWs) is presented to demonstrate our research idea.
    Availability, Reliability and Security, 2009. ARES '09. International Conference on; 04/2009
  • Somchart Fugkeaw, Piyawit Manpanpanich
    JDIM. 01/2009; 7:63-73.
  • Somchart Fugkeaw, Piyawit Manpanpanich
    JDIM. 01/2009; 7:74-82.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a novel design and implementation of distributed RBAC (dRBAC) and single sign-on (SSO) system that spans over multiple administrative domains with high availability. The core idea is based on multi-agent systems (MAS) technique owing to its modularity, autonomy, distributedness, flexibility, and scalability. All agents serve their specific purposes. Leveraging agents simplifies high availability. PKI is used for trust enablement between intra- and inter-domain agent communications. The security assertion markup language (SAML) is adopted for supporting the exchange of authentication and authorization information in the architecture. The approach supports strong two-factor authentication with X.509 digital certificate. The authorization scheme is based on the privilege management infrastructure (PMI). Finally, we reported our extended implementation status and demonstrated that our proposed model is efficient and flexible to implement in the multiple SSO and PKI domains.
    Advanced Information Networking and Applications - Workshops, 2008. AINAW 2008. 22nd International Conference on; 04/2008
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents the extended development of the AmTRUE project implementing the SSO-two factor authentication and RBAC authorization in the multiple applications and multi-domain environment. The authentication and authorization are based on the X.509 public key certificate and privilege management infrastructure (PMI). In our model, we introduce the security assertion markup language (SAML) to support the exchange of authentication and authorization information. SAML enables the single sign-on (SSO) authentication in the multi-organization to be more manageable and scalable. Besides, we enhance our system to be capable to work with the access control policies of the organizations using XACML This promotes the flexibility of AmTRUE for the seamless interoperation with another standard access control policy. Finally, the implementation is presented.
    Information, Communications & Signal Processing, 2007 6th International Conference on; 01/2008
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes an access control and authentication infrastructure for accessing data in a multi data warehouse environment. We employ single sign on for authentication and role based access control (RBAC) for authorization. When users submit OLAP queries to the data warehouse, the authorization rules are enforced. In our approach, we use multi-agent systems to automate the authentication, authorization and accounting stages when accessing multi-Data Warehouse. For the implementation, A-Cold system prototype is developed to validate our proposed model.
    Advanced Computer Theory and Engineering, International Conference on. 01/2008;
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development of SSO two factor authentication and RBAC authorization in the multiple applications and multi-domain environment. The authentication and authorization are based on the X.509 public key certificate and privilege management infrastructure (PMI). In our model, the security assertion markup language (SAML) is adopted to support the exchange of authentication and authorization information. SAML enables the single sign-on (SSO) authentication in the federation environment to be more manageable and scalable. This is required for the distributed computing systems where the strong authentication and dynamic authorization are needed. Finally, we presented our ongoing implementation status and demonstrated that our proposed model serves as another practical solution in implementing the dynamic RBAC policy management in the multiple SSO and PKI domains.
    Digital Information Management, 2007. ICDIM '07. 2nd International Conference on; 11/2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design of multi-user authentication in the multi-application based environment and role-based access control by using PKI Authentication and X.509 privilege management infrastructure (PMI). A binding model of RBAC authorization based on attribute certificate (AC) and public key certificate (PKC) is presented. Especially, the way of attribute mapping between PKC, bridge AC, and role AC is illustrated. In addition, the activity-based policy enforcement is introduced to make the system respond to malicious activities more appropriately. At a core, the multi agent system approach is applied to automate the flexible and effective management of user authentication, role delegation as well as system accountability. Finally, we reported our ongoing implementation status and demonstrated that our proposed model is a potential solution to support strong authentication and dynamic authorization in the multi-user and multi-application environment.
    Computer and Information Technology, 2007. CIT 2007. 7th IEEE International Conference on; 11/2007
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a hybrid model of an authentication technique and a role based access control (RBAC) based on X.509 public key certificate and attribute certificate. With attribute certificate the user role is bound to an identity of the public key certificate in which the permissions are assigned to the holder. A mapping model of RBAC authorization and authentication is presented. In addition, we also deal with the issue of system service disruption and recovery as well as an activity-based policy. With our proposed model, the full authentication, authorization, and accountability (AAA) are supported. We apply the multi agent system concept to facilitate the authentication and the authorization based on the PKI infrastructure. Finally, the project called AmTRUE (Authentication Management and Trusted Role-based Authorization in Multi-Application and Multi-User Environment) has been developed to implement our research idea.
    Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on; 11/2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a novel single sign-on (SSO) approach based on multi-agent system (MAS) and public key infrastructure (PKI) authentication scheme. This allows the model to benefit from key advantages of the two schemes, i.e. the capability of the multi-agent technique and the strength of PKI. In addition we also deal with the issue of agent service disruption and recovery as well as real-time client privilege management. We apply MAS concept to facilitate multi-application authentication and authorization process for multiple concurrent users. Depending on the type, an agent serves such various functions as client certificate validation, authorization check, access granting, administration, application delegation scheduling. PKI is employed to create trust among agents. Finally, we proved our idea with real implementation and testing.
    Sixth International Conference on Networking (ICN 2007), 22-28 April 2007, Sainte-Luce, Martinique, France; 01/2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: Authentication, Authorization, Accountability (AAA) is always required for a good access control system. This paper proposes a Single Sign-On (SSO) model that serves the AAA property with the activity-based policy. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently. The agent system functions when each client requests to sign on and it is responsible for validating a client certificate, granting an access role to the client, and controlling a concurrent use of applications.
    01/2007;
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents the approach of the distributed RBAC (DRBAC) access control of the multi-application delegated to the multi-user and multi-relying party federations. In our approach, DRBAC utilizes Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to serve the authentication and authorization. We propose the dynamic mapping scheme based on the Attribute Certification model in handling user identification, role assignment, and privilege delegation. To encourage distributedness, better scalability and performance, as well as ease of management and extension, Multi-Agent Systems concept is applied for the automation of the authentication, authorization and accountability functionalities. For the trust management of multiple PKI domains, we employ the Certificate Trust Lists (CTLs) model to make the different PKI domains can interoperate effectively. Finally, our ongoing implementation is demonstrated to prove our proposed model.
    Agent Computing and Multi-Agent Systems, 10th Pacific Rim International Conference on Multi-Agents, PRIMA 2007, Bangkok, Thailand, November 21-23, 2007. Revised Papers; 01/2007
  • J.L. Mitrpanont, S. Fugkeaw
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a multidimensional schema management approach by focusing on the dimension version update to support the multiple versions query in OLAP application. The evolution support of the multidimensional database (MDB) is based on the schema versioning concept. We introduce the Direct Access Versioning (DAV) technique to minimize cost of schema version creation of the MDB schema appearing in data warehouse (DW) systems. The technique maintains the change of dimension data by retaining only the changed class of dimensions in a supporting dimension version (SDV) which will be available for an immediate construction of any schema version. Thus, the efficiency of schema version construction is significantly improved since no dynamic dimension instance conversion is required.
    Computer and Information Technology, 2006. CIT '06. The Sixth IEEE International Conference on; 10/2006
  • Source
    Jarernsri L. Mitrpanont, Somchart Fugkeaw
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a temporal version mapping concept and a SQL query rewriting technique to support the OLAP query analysis in multidimensional database (MDB) systems modeled on multiversion schema. Based on our proposed model, an integration solution of MDB schema change and multiversion OLAP query analysis performed over the changed database schema are taken into account. In addition, we present the system design and implementation of our prototype system to demonstrate our research idea.
    Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), Dijon, France, April 23-27, 2006; 01/2006
  • Jarernsri L. Mitrpanont, Somchart Fugkeaw
    IASTED International Conference on Databases and Applications, part of the 23rd Multi-Conference on Applied Informatics, Innsbruck, Austria, February 14-16, 2005; 01/2005
  • Jarernsri L. Mitrpanont, Somchart Fugkeaw
    Proceedings of the ISCA 18th International Conference on Computer Applications in Industry and Engineering, November 9-11, 2005, Sheraton Moana Surfrider, Honolulu, Hawaii, USA; 01/2005