Somchart Fugkeaw

Mahidol University, Krung Thep, Bangkok, Thailand

Are you Somchart Fugkeaw?

Claim your profile

Publications (17)0 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.
    No preview · Chapter · Mar 2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development framework of collaborative access control for OLAP queries spanning over multi-data warehouse (DW). The approach is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of DW user identification and privilege of fact and dimensional access. To integrate several security policies from DWs, we employ the XACML policy integration to serve interoperation and authorization management. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the implementation details of the prototype A-Cold (Access Control of web-OLAP over multiple DWs) is presented to demonstrate our research idea.
    No preview · Conference Paper · Apr 2009
  • Somchart Fugkeaw · Piyawit Manpanpanich
    [Show abstract] [Hide abstract]
    ABSTRACT: In the distributed computing environment, collaboration and resource sharing among several organizations are subjects of concern. Well-established authentication and authorization are thus vital. This paper proposes a novel design and implementation of Distributed RBAC (DRBAC) and Single Sign-On (SSO) system that spans over multiple administrative domains. Our key idea is based on Multi-Agent Systems (MAS) technique owing to its modularity, autonomy, distributedness, flexibility, and scalability. All agents serve their specific purposes. We use PKI technology to secure both intra- and interdomain agents communication as well as to establish trust relationships. The Security Assertion Markup Language (SAML) is adopted to support the exchange of authentication and authorization information in the architecture. The authorization scheme is based on the Privilege Management Infrastructure (PMI). In addition, we incorporate the XACML authorization concept into the MAS engine to support the relying parties or organizations whose their access control systems are written in XACML policy. Finally, we reported our extended implementation status and introduce the multi-instance processing technique to enhance the performance of the overall system.
    No preview · Article · Apr 2009
  • Somchart Fugkeaw · Piyawit Manpanpanich

    No preview · Article · Jan 2009
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes an access control and authentication infrastructure for accessing data in a multi data warehouse environment. We employ single sign on for authentication and role based access control (RBAC) for authorization. When users submit OLAP queries to the data warehouse, the authorization rules are enforced. In our approach, we use multi-agent systems to automate the authentication, authorization and accounting stages when accessing multi-Data Warehouse. For the implementation, A-Cold system prototype is developed to validate our proposed model.
    No preview · Article · Dec 2008
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a novel design and implementation of distributed RBAC (dRBAC) and single sign-on (SSO) system that spans over multiple administrative domains with high availability. The core idea is based on multi-agent systems (MAS) technique owing to its modularity, autonomy, distributedness, flexibility, and scalability. All agents serve their specific purposes. Leveraging agents simplifies high availability. PKI is used for trust enablement between intra- and inter-domain agent communications. The security assertion markup language (SAML) is adopted for supporting the exchange of authentication and authorization information in the architecture. The approach supports strong two-factor authentication with X.509 digital certificate. The authorization scheme is based on the privilege management infrastructure (PMI). Finally, we reported our extended implementation status and demonstrated that our proposed model is efficient and flexible to implement in the multiple SSO and PKI domains.
    Preview · Conference Paper · Apr 2008
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents the extended development of the AmTRUE project implementing the SSO-two factor authentication and RBAC authorization in the multiple applications and multi-domain environment. The authentication and authorization are based on the X.509 public key certificate and privilege management infrastructure (PMI). In our model, we introduce the security assertion markup language (SAML) to support the exchange of authentication and authorization information. SAML enables the single sign-on (SSO) authentication in the multi-organization to be more manageable and scalable. Besides, we enhance our system to be capable to work with the access control policies of the organizations using XACML This promotes the flexibility of AmTRUE for the seamless interoperation with another standard access control policy. Finally, the implementation is presented.
    No preview · Conference Paper · Jan 2008
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design and development of SSO two factor authentication and RBAC authorization in the multiple applications and multi-domain environment. The authentication and authorization are based on the X.509 public key certificate and privilege management infrastructure (PMI). In our model, the security assertion markup language (SAML) is adopted to support the exchange of authentication and authorization information. SAML enables the single sign-on (SSO) authentication in the federation environment to be more manageable and scalable. This is required for the distributed computing systems where the strong authentication and dynamic authorization are needed. Finally, we presented our ongoing implementation status and demonstrated that our proposed model serves as another practical solution in implementing the dynamic RBAC policy management in the multiple SSO and PKI domains.
    No preview · Conference Paper · Nov 2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents the approach of the distributed RBAC (DRBAC) access control of the multi-application delegated to the multi-user and multi-relying party federations. In our approach, DRBAC utilizes Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to serve the authentication and authorization. We propose the dynamic mapping scheme based on the Attribute Certification model in handling user identification, role assignment, and privilege delegation. To encourage distributedness, better scalability and performance, as well as ease of management and extension, Multi-Agent Systems concept is applied for the automation of the authentication, authorization and accountability functionalities. For the trust management of multiple PKI domains, we employ the Certificate Trust Lists (CTLs) model to make the different PKI domains can interoperate effectively. Finally, our ongoing implementation is demonstrated to prove our proposed model.
    No preview · Conference Paper · Nov 2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes the design of multi-user authentication in the multi-application based environment and role-based access control by using PKI Authentication and X.509 privilege management infrastructure (PMI). A binding model of RBAC authorization based on attribute certificate (AC) and public key certificate (PKC) is presented. Especially, the way of attribute mapping between PKC, bridge AC, and role AC is illustrated. In addition, the activity-based policy enforcement is introduced to make the system respond to malicious activities more appropriately. At a core, the multi agent system approach is applied to automate the flexible and effective management of user authentication, role delegation as well as system accountability. Finally, we reported our ongoing implementation status and demonstrated that our proposed model is a potential solution to support strong authentication and dynamic authorization in the multi-user and multi-application environment.
    No preview · Conference Paper · Nov 2007
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a hybrid model of an authentication technique and a role based access control (RBAC) based on X.509 public key certificate and attribute certificate. With attribute certificate the user role is bound to an identity of the public key certificate in which the permissions are assigned to the holder. A mapping model of RBAC authorization and authentication is presented. In addition, we also deal with the issue of system service disruption and recovery as well as an activity-based policy. With our proposed model, the full authentication, authorization, and accountability (AAA) are supported. We apply the multi agent system concept to facilitate the authentication and the authorization based on the PKI infrastructure. Finally, the project called AmTRUE (Authentication Management and Trusted Role-based Authorization in Multi-Application and Multi-User Environment) has been developed to implement our research idea.
    Preview · Conference Paper · Nov 2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a novel single sign-on (SSO) approach based on multi-agent system (MAS) and public key infrastructure (PKI) authentication scheme. This allows the model to benefit from key advantages of the two schemes, i.e. the capability of the multi-agent technique and the strength of PKI. In addition we also deal with the issue of agent service disruption and recovery as well as real-time client privilege management. We apply MAS concept to facilitate multi-application authentication and authorization process for multiple concurrent users. Depending on the type, an agent serves such various functions as client certificate validation, authorization check, access granting, administration, application delegation scheduling. PKI is employed to create trust among agents. Finally, we proved our idea with real implementation and testing.
    No preview · Conference Paper · Apr 2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: Authentication, Authorization, Accountability (AAA) is always required for a good access control system. This paper proposes a Single Sign-On (SSO) model that serves the AAA property with the activity-based policy. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently. The agent system functions when each client requests to sign on and it is responsible for validating a client certificate, granting an access role to the client, and controlling a concurrent use of applications.
    No preview · Article · Jan 2007
  • Jarernsri L. Mitrpanont · Somchart Fugkeaw
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a multidimensional schema management approach by focusing on the dimension version update to support the multiple versions query in OLAP application. The evolution support of the multidimensional database (MDB) is based on the schema versioning concept. We introduce the Direct Access Versioning (DAV) technique to minimize cost of schema version creation of the MDB schema appearing in data warehouse (DW) systems. The technique maintains the change of dimension data by retaining only the changed class of dimensions in a supporting dimension version (SDV) which will be available for an immediate construction of any schema version. Thus, the efficiency of schema version construction is significantly improved since no dynamic dimension instance conversion is required.
    No preview · Conference Paper · Oct 2006
  • Source
    Jarernsri L. Mitrpanont · Somchart Fugkeaw
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a temporal version mapping concept and a SQL query rewriting technique to support the OLAP query analysis in multidimensional database (MDB) systems modeled on multiversion schema. Based on our proposed model, an integration solution of MDB schema change and multiversion OLAP query analysis performed over the changed database schema are taken into account. In addition, we present the system design and implementation of our prototype system to demonstrate our research idea.
    Preview · Conference Paper · Jan 2006
  • Jarernsri L. Mitrpanont · Somchart Fugkeaw

    No preview · Conference Paper · Jan 2005
  • Jarernsri L. Mitrpanont · Somchart Fugkeaw
    [Show abstract] [Hide abstract]
    ABSTRACT: OLAP is an analytical tool necessary for strategic decision support. The analytical query is typically made over a multidimensional database (MDB) or a data warehouse (DW). Thus, the query result reflects the analytical views of structure and content of the underlying database. If there are changes in MDB or DW, the query result will represent the information according to the current database schema and instances. However, the historical data may be needed for an advance decision support analysis such as multi-period of data analysis, trend prediction, and what-if analysis. In this paper, we propose temporal version mapping concept and SQL query rewriting technique that is capable of supporting the OLAP query analysis in multidimensional database systems modeled on multiversion schema. Finally, we present our implementation system prototype as a supporting tool for the analytical queries made on several versions of multidimensional database.
    No preview · Conference Paper · Jan 2005