• The Transactions of the Korea Information Processing Society
• /
• v.2 no.5
• /
• pp.645-654
• /
• 1995

A distributed DBMS integrates local schemas that are independently designed, maintained, and managed by different users at each site providing a global virtual schema. This global schema supports users at a specific site to transparently utilize local database at different sites. The security features of the local schema should also not be changed in the global schema integrating security features of each local schema. Researches on the integration of security features into local schema in distributed DBMS environment, however, are very rate. This pater using the multilevel secure object-oriented database model(as the model for the definition of a local schema in distributed environment) which is an extension of the object-oriented models. It also suggests eight integration methods that can maintain the security features of local schemas. The eight methods are classified by the object classes and by relationships among them.

• Journal of the Korea Convergence Society
• /
• v.8 no.2
• /
• pp.9-14
• /
• 2017

A fingerprint is unique to each person and can be represented as a digital form. As the fingerprint is the part of human body, fingerprint recognition is much more easy to use and secure rather than using password or resident card for user authentication. In addition, as the newly released smart phones have built-in camera and fingerprint sensors, the demand for biometric authentication is increasing rapidly. But, the drawback is that the fingerprint can be counterfeited easily and if it's exposed to the hacker, it cannot be reused. Thus, the original fingerprint template should be transformed for registration and authentication purposes. Existing transformation functions use passcode to transform the original template to the cancelable form. Additional module is needed to input the passcode, so it requires more cost and lowers the usability. In this paper, we propose biometric authentication scheme that is economic and easy to use. The proposed scheme is consisted of cancelable biometric template creation, registration and user authentication protocols, and can control several security levels by configuring the number of fingerprints and scan times. We also analyzed that our scheme is secure against the brute-force attack and the active attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.9
• /
• pp.2354-2365
• /
• 1997

This paper presents a design of an access control mechanism that can resolves the complicated problems of access control requirements in modern information communication applications. In this paper, we proposed an integrated information model which can satisfy the combined goals of confidentiality, integrity and availability of any resource. We defined an integrated information model from the view points of identity-based, rule-based and role-based policy and implemented six access control operations. The proposed integrated information model can protect to unauthorized access to any resource based on the multilevel security policies of security label, integrity level, role and ownership.

• Journal of the Korea Convergence Society
• /
• v.9 no.11
• /
• pp.75-81
• /
• 2018

Anonymity and privacy issues are becoming important as all transactions in the blockchain are open to users. Public blockchains appear to guarantee anonymity by using public-key addresses on behalf of users, but they can weaken anonymity by tracking with various analytic techniques based on transaction graph. In this paper, we propose a scheme to protect anonymity and privacy by converging various security techniques such as k-anonymity, mixing, blind signature, multi-phase processing, random selection, and zero-knowledge proof techniques with incentive mechanism and contributor participation. Through performance analysis, our proposed scheme shows that it is difficult to invade privacy and anonymity through collusion attacks if the number of contributors is larger than that of conspirators.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.6
• /
• pp.1886-1902
• /
• 2000

RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandator Access Control). In this paper, e newly propose ERBAC\ulcorner(Extended RBAC\ulcorner) model by considering subject's and object's roles and security levels for roles additionally to RBAC\ulcorner model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC\ulcorner model provides finer grained access control with multilevel security on he base of subject and object level than RBAC\ulcorner model.

• Journal of Korea Game Society
• /
• v.1 no.1
• /
• pp.49-54
• /
• 2001

본 논문에서는 복잡한 랜덤 배경 하에서 위치하고 있는 게임 플레이어의 얼굴 영상을 스테레오 매칭을 이용하여 배경과 분리하여 추출할 수 있는 방법에 대하여 기술한다. 사람과의 상호 작용이 필요한 게임일수록 사람의 동작이나 각 부위에 대한 인식이 필요하다. 이 방법은 게임 이외에도 보안 시스템, 의류 시뮬레이션, 3D 모델링 그리고 로보틱스와 같은 분야에 적용될 수 있다. 스테레오 매칭에 관해서는 많은 연구가 있어왔으며, 기본적으로 영역기반 방법과 특징기반 방법으로 분류될 수 있다. 본 논문의 제안 방법 에서는 영역기반 방법으로 처리를 시작하고, 다단계 크기의 윈도우를 적용하여 물체의 경계선을 찾는 작업을 진행한다. 각 윈도우 크기에 대하여 유사성 커브가 생성되며, 이 값은 물체의 경계선을 판별하는 특징으로 사용된다. 전단계에서 생성된 코어스(coarse) 영역은 유사성 커브 방식에 의하여 머지 작업을 거치며, 최종적으로 대상 물체의 영상을 추출하게 된다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1167-1170
• /
• 2002

멀티캐스트 기술은 다자간 비디오회의, 대화형 원격 강의, 소프트웨어 배포, 인터넷 게임 등 특정 사용자 그룹에게만 전송하는 효율적인 통신기술이다. 그러나, 멀티캐스트의 개방적 특성상, 언제 어디서나 임의의 그룹멤버가 메시지를 보낼 수 있다. 따라서 부적절한 데이터의 수신으로부터 그룹 멤버들을 보호하고 다양한 DOS 공격으로부터 멀티캐스트 트리를 보호하기 위해 송신자 접근통제를 수행하는 것이 중요하나 소스기반과 단일지점 또는 랑데부 지점에서 인가되거나 인증되는 연구가 진행되어 왔다. 본 논문에서는 접근권한에 따라 전송 메시지가 라우터의 임의의 지점에서 사진에 통제될 수 있는 양방향 멀티캐스트 트리에 대한 다단계 송신자 접근통제 메커니즘을 제시한다 다음으로 제시한 방식과 기존 전송 방식간의 메시지 전송 효율성 측면을 실험을 통하여 분석한다. 제안 방식이 라우터상에서 접근권한의 비교를 통하여 메시지를 사전에 걸러냄으로써 상대적으로 작은 메시지 전달 오버헤드를 갖는 것을 확인하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.43-54
• /
• 2001

In this paper we study the use of polyinstantiation for spatial data, for the purpose of solving cover in topology channel in multilevel secure spatial database systems. Spatial database system with topological structure has a number of spatial analysis function using spatial data and neighbored one\`s each other. But. it has problems that information flow is occurred by topological relationship in spatial database systems. Geographic Information System(CIS) must be needed mandatory access control because there ,are many information flow through positioning information And topological relationship between spatial objects. Moreover, most GIS applications also graphe user interface(GUI). In addressing these problems, we design the MLS/SRDM(Multi Level Security/Spatial Relational Data Model) and propose polyinstantiation for spatial data for solving information flow that occurred by toplogical relationship of spatial data.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.17-30
• /
• 2006

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model. sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model. called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model. supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.