• Journal of Convergence for Information Technology
• /
• v.8 no.5
• /
• pp.69-75
• /
• 2018

The purpose of access control is to prevent computing resources from illegal behavior such as leakage, modification, and destruction by unauthorized users. As the cloud computing environment is expanded to resource sharing services using virtualization technology, a new security model and access control technique are required to provide dynamic and secure cloud-based computing services. The virtualization management convergence access control model provides a flexible user authorization function by applying the dynamic privilege assignment function to the role based access control mechanism. In addition, by applying access control mechanism based on security level and rules, we solve the conflict problem in virtual machine system and guarantee the safeness of physical resources. This model will help to build a secure and efficient cloud-based virtualization management system and will be expanded to a mechanism that reflects the multi-level characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.553-568
• /
• 2024

Due to the rapid development of IoT technology and the increase in home activities after the COVID-19 pandemic, users' demand for smart homes has increased significantly. As the size of the smart home market increases every year and the number of users increases, the importance of personal information protection and various security issues is also growing. It often grants temporary users smart home owner rights and gives them access to the system. However, this can easily allow access to third parties because the authorities granted are not properly managed. In addition, it is necessary to prevent the possibility of secondary damage using personal information collected through smart home devices and sensors. Therefore, in this paper, to prevent indiscriminate access to smart home systems without reducing user convenience, access rights are subdivided and designed according to the functions and types of smart home devices, and a token-based user access control technique using personal devices is proposed.

• Journal of Korea Entertainment Industry Association
• /
• v.15 no.4
• /
• pp.243-254
• /
• 2021

This study analyzed the abuse of authority among the types of power abuse in educational institutions in order to create an educational climate in which democracy and equality are respected and to create a better education and an equal society. First, we analyzed the concept and cause of power abuse through literature research, and then explored the cases of members of educational institutions according to the type of abuse of authority through qualitative research to derive implications. As a result, abuse of authority within educational institutions were found as follows: additional work without consultation, transfer of duties, coercive and unilateral instructions using status, instructions violating laws and guidelines, private instructions for personal convenience, specific institutions, personal rights, and privacy. Based on this analysis, a policy was proposed. First, an agreed standard for abuse of authority, an institutional mechanism to mediate conflicts and complaints over abuse of authority, mandatory installation and legislation of the best decision body, active and transparent disclosure of information, and a shift to open and listening administration are needed. Second, analyzing and seeking ways to reduce overuse of authority in educational institutions will be the cornerstone for leading education's democracy and equality by creating a culture of mutual respect and communication among members of the organization. Hope that follow-up studies will be carried out and that the Gap-jil in educational institutions will be reduced to create a better educational environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.6
• /
• pp.215-223
• /
• 2010

New information technologies make it easy to access and acquire information in various ways. However, It also enable powerful and various threat to system security. The prominent database technology challenging these threats is access control. Currently, to keep pace with the new paradigms, new extended access control methods are challenged. We study access control with uncertain context. With respect to access control, it is possible that there is a discrepancy between the syntactic phrase in security policies and that in queries, called semantic gap problem. In our semantic access control, we extract semantic implications from context tree and introduce the measure factor to calculate the degree of the discrepancy, which is used to control the exceed privileges.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.129-131
• /
• 2017

최근 다양한 사물인터넷 장비들의 개발 및 도입이 확산됨에 따라, 도입된 장비들에 대한 관리의 중요성이 나날이 부각되고 있다. 현재 이러한 사물인터넷 환경을 구성하고 있는 다수의 장비들을 효과적으로 관리할 수 있는 다양한 관리장비들이 출시되어 있지만, 이 중 가장 범용적으로 사용되고 있는 장비는 스마트폰이다. 스마트폰은 언제 어디서나 사용할 수 있다는 장점이 있지만, 관리되는 장비의 특성에 따라 스마트폰으로 원격지에서 특정 장비를 관리하게 될 경우 보안 및 장비상태의 정확한 확인 등의 측면에서 많은 위험성을 내포하게 된다. 때문에, 본 논문에서는 스마트폰을 이용하되 특정 위치 또는 범위를 벗어나는 경우에는 사용자가 관리장비에 접근할 수 없도록 하여, 잠재적인 위험성을 미연에 방지할 수 있는 시스템을 제안한다. 이러한 문제점들을 해결하기 위해, 본 논문에서 제안하는 시스템은 안드로이드 디바이스에서 사용가능한 센서 기술들을 활용하여, 특정 지역 및 범위 내에서만 관리장비에 접근할 수 있도록 하는 솔루션을 내재하고 있으며, 이를 실제로 모바일 기반 승강기 보수작업용 컴퓨터의 인증 및 권한부여 시스템에 적용하여, 제안 시스템의 우수성을 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1351-1354
• /
• 2005

분산응용을 개발하는데 효율적인 환경을 제공해주는 분산 객체그룹 프레임워크(Distributed Object Group Framework)를 이용한 분산 프로그램 개발 Tool-Kit을 구축하였다. 본 Tool-Kit은 분산응용 개발자들에게 DOGF의 기능을 쉽게 이용할 수 있도록 지원하기 위해 객체그룹 운영자 GUI, 서버 프로그램 개발자 GUI, 클라이언트 프로그램 개발자 GUI등 3가지 GUI로 구축하였다. 분산응용의 개발 시, 서버 프로그램 개발자는 서버 객체들 구현한 후 프레임워크에 등록 및 클라이언트에 대한 접근권한을 부여하고, 클라이언트 프로그램 개발자는 자신에게 접근권한이 부여된 이들 객체 또는 객체그룹을 검색하여 클라이언트 프로그램을 작성할 수 있도록 지원한다. 본 논문에서는 분산응용 개발 시 이용되는 Tool-Kit과 DOGF의 상호동작을 정의하고, 분산 프로그램개발 Tool-Kit을 구축하고, 간단한 분산응용을 이용해 Tool-Kit의 수행성을 보인다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.951-954
• /
• 2005

IMPP service has been a promising technology as Internet grows fast and the requirements are increasing. IETF standardize requirements, model and data format for IMPP service via IMPP WG and SIMPLE WG. In this paper, we analysis SIMPLE WG in IETF and design consideration of XCAP server for IMPP services based on SIP.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.832-835
• /
• 2011

공인인증서의 사용은 꾸준히 증가하고 있으나 증가하는 사용량에 비례하여 하드디스크에 저장된 공인인증서 해킹으로 인한 피해 사례가 증가하고 있다. 이에 따라 정부는 하드디스크 내 공인인증서 저장을 금지하고 이동형 저장매체에 저장하도록 하는 방침을 내놓았다. 또한 모바일 클라우드 컴퓨팅 환경에서는 중앙의 스토리지에 데이터가 저장되기 때문에 공인인증서를 중앙 스토리지에 저장하는 것은 매우 위험한 일이다. 이러한 방침으로 인해 앞으로 USB 메모리 및 스마트폰과 같은 이동형 저장매체에 대한 중요성이 높아질 것이며, 분실 위험이 높은 USB 메모리 및 스마트폰의 특징에 따라 인증서가 저장된 저장매체 없이도 인증서를 사용할 수 있는 방안이 필요하게 될 것이다. 본 논문은 일회용 인증서에 대한 요구사항 분석 및 형식을 설계하고, PKI 인증서를 기반으로 경량화된 일회용 인증서를 발급받아 인증서를 사용할 수 있도록 하였다. 또한 모바일 클라우드 컴퓨팅 환경에서 일회용 인증서를 이용한 권한 관리 기술을 제안하여 안전성과 효율성을 제공하도록 하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.2
• /
• pp.88-99
• /
• 2008

In this article, DHRMIS being developed with ERP at resent realizes the personnel affairs recording procedures that all the Ministry of National Defense, the army, the navy and the air force can use on personnel affairs in order to solve the problem of the personnel recording procedures of the MND and each of the troops such as using manual affairs together with computation affairs, absence of electronic recording managements in some of the institutions MND, insufficiency of real time recording, and excess of centralized managements to present and record the personnel data. The personnel recording procedures consist of standardized personnel recording procedures and definition of the personnel recording procedures. This personnel recording procedures propose 3 improvements such as an atomic electronic recording management, a real time recording affair, effective centralization and distribution of verification authority so as to guarantee authentication, integrity, reliance, and accessibility of personnel data. When proposed personnel recording procedures are realized through developing DHRMS, these can bring on unification of 10 recording management systems, reduction of recording management time from 45 days to 3 days, distribution of verification authority MND, each of the troops, each of the institutes, an individual, and reduction of some of the manual documents.