• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11b
• /
• pp.199-201
• /
• 2005

RBAC(Role Based Access Control) 이란 특정 사용자가 어떤 대상에 특정 행동을 하는 데에 있어서 그 사용자가 가진 역할 (Role) 에 의해 접근 가능유무를 판정하게 하는 방법이다. 그 RBAC 에 역할간의 계층관계를 추가한 것이 계층적 RBAC (Hierarchicai RBAC)이다. 본 논문에서는 그런 다른 어플리케이션에 쉽게 추가 되거나 아니면 독자적으로 인증 기능을 가지는 계층적 RBAC 서버에 사용될 수 있는 API 와 그와 관련된 응용 어플리케이션을 자바와 데이터베이스를 이용하여 설계 및 구현하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.23-26
• /
• 2008

본 논문은 Web 환경에서의 사용자의 권한을 검증하고 권한에 대한 이중적인 접근제어 서비스를 제공하는 역할기반의 WAC 시스템의 블럭 설계서를 제안한다. WAC 시스템은 User Interface Block, Access Control Block, Cipher module Block, DataBase로 구성 되며, WAC 시스템의 기능분류모델을 이용한 Block의 세부사항과 WAC 시스템 기본 Bock(Access Control Bock)의 기본 기능 설계 및 사용자 접근제어 기능 설계, DES 기반의 암호 Bock 기능 설계, 인터페이스 설계 대한 WAC 시스템의 전체적인 Block 설계 에 대하여 기술한다.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.15-26
• /
• 2010

Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.400-402
• /
• 2004

EAM(Enterprise Access Management)은 SSO(Single Sign On)와 사용자 역할기반의 세분화된 접근관리를 제공하는 적극적 시스템 인증, 제어관리 솔루션으로 EAM 도입을 위해서는 중요한 자원들의 안전한 보관 관리가 필수적이다. 이를 위해 각 기업이나 그룹에서는 XML을 기반으로 한 여러 보안기술을 도입하고 있지만 현재 XML 정보 보안 기술을 중심으로 한 EAM시스템의 구현은 그 기반이 미미한 실정이며 표준에 따른 시스템의 고려도 미약한 실정이다. 특히 XML 정보보호기술과 기존 보안기술인 공개키 기반구조(Public Hey infrastructure, PKI), 권한관리구조 PMI(Privilege Management infrastructure)등과 같은 인증기술과의 상호연동기술에 관한 연구가 부족한 상태이다 이에 본 논문은 표준 XML 정보 보호기술 중 대표적인 기술인 XACML(extensible Access Control Markup Language)과 PMI를 연동한 안전한 EAM 통합 접근 시스템 구축 방안에 대친 연구하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.6
• /
• pp.1256-1264
• /
• 2009

When unapproved users access to healthcare system and use medical information for other malicious purposes, it could severely threaten important information related to patients' life, because in ubiquitous environment healthcare service makes patient's various examination results, medical records or most information of a patient into data. Therefore, to solve these problems, we design RBAC(Role Based Access Control) for U-healthcare that can access control with location, time and context-awareness information like status information of user and protect patient's privacy. With implementation of the proposed model, we verify effectiveness of the access control model for healthcare in ubiquitous environment.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.119-132
• /
• 2005

The health care system revolutionized by the use of information and communication technologies. Computer information processing and electronic communication technologies play an increasingly important role in the area of health care. We propose a new role based access control model for pervasive health care systems, which changed location, time, environment information. Also our model can be solved the occurrence of an reduction authority problem to pervasive health care system at emergency environment. We propose a new role based access control model for pervasive health care systems, which combines role-to-role delegations, negative permission, context concept and dynamic context aware access control. With out approach we aim to preserver the advantages of RBAC and offer groat flexibility and fine-grained access control in pervasive healthcare information systems.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.981-992
• /
• 2004

The established NEIS has a lot of problems in the management of security. It does not realize access control in following authority because it only uses PKI certification in user certification and the use of central concentration DBMS and plain text are increased hacking possibility in NEIS. So, This paper suggests a new NEIS for the secure management of data and authority certification. First, we suggest the approached authority in AC pf PMI and user certification in following the role, RBAC. Second, we realize DB encryption plan by digital signature for the purpose of preventig DB hacking. Third, we suggest SQL counterfeit prevention by one-way hash function and safe data transmission per-formed DB encryption by digital signature.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.1
• /
• pp.126-134
• /
• 2000

Version control is an application to maintain consistency between different instances of the same document allowing operations such as navigation, differencing, and merging. Most version control systems, however, lack the support of functionality for cooperative writing environment, such as to represent and store the history of the actions of different individuals, to effectively differentiate and merge the individual actions including the text object, and to manage different access privileges for different granularity and individuals. With the help of Activity IDentification (AID) tag and its unique addressing scheme proposed in this paper, differencing and merging become simple and effective. Access and role control is improved by associating the access right table and role assignment in AID scheme also eliminates the requirements for large storage capacity for version information maintenance.