• 재활복지
• /
• v.18 no.2
• /
• pp.181-205
• /
• 2014

Ministry of Science, ICT and Future Planning established the mobile application accessibility guideline on 2011 to help people with disabilities to use mobile applications, and has intimated it for governmental and public institutions to utilize. This paper presents an analysis of relationship between success criteria in the current mobile application accessibility guideline and the issues raised by users based on user evaluation performed on 5 mobile applications. Analysis results show that the current mobile application accessibility guideline doesn't apply accessibility requirements thoroughly because some mobile applications could not be accessed by users although they are fulfilling the guideline. To fully provide mobile application accessibility, success criteria such as keyboard accessibility, control size, label and time limit that are raised from the result of user evaluation need to be added to the current guideline. And the guideline need to be amended with modification or elimination of some success criteria.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.365-370
• /
• 2014

Importance of Web accessability for handicapped persons is ever increasing in the information society with increasing role of the Web. The Web accessibility of handicapped person related Web sites were compared with the school Web sites in order to figure out the realities of handicapped person related Web site's accessibilities. According to the experiment, the Web accessibility of handicapped person related Web sites got lower scores than general school Web sites. The research result shows that more improvement efforts for the Web accessibility of handicapped person related Web sites are required.

• Journal of Digital Contents Society
• /
• v.1 no.1
• /
• pp.23-37
• /
• 2000

EDI is basically the concept of computer-to-computer exchange of messages relating to various types of activities or business areas, such as banking, trade, medicine, publishing, etc. Therefore, security, reliability and special functionality will be implicit requirements of EDI systems. We will design access control model to content security of these requirements. Access controls in information systems are responsible for ensuring that all direct access to the entities occur exclusively according to the access modes and rules fixed by security policies. On this paper, security policies for access control model are presented from the viewpoints of identity-based, rule-based, role-based policy. We give a design of access control model for secure EDI service based on the derived access control rules and operations to enforce the defined security policies. The proposed access control model provides integrity, confidentiality and a flow control of EDI messages.

• Journal of the Korean Society for information Management
• /
• v.23 no.1 s.59
• /
• pp.181-200
• /
• 2006

The purpose of this study is to analyze the accessibility of web resources contained in the references section of journal articles.1 was identified a total of 1,377 web citations for a major journal in information science over a ten year period. The results show that the accessible ratio of domestic web resources was at 40% and the ratio of foreign web resources about 50%. The accessible ratio of domain type web resources was shown 58% while the same ratio for file type web resources was 45%. This low accessibility of we resources in references poses threat to the overall value of journal articles.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.725-730
• /
• 2004

Separation of Duty(SOD), with delegation, is one of important security principles in access control area. The role-based access control model adopts SOD principle, but it has some problems; SOD concept is inconsistent with role hierarchy, permissions that have no relation with SOD may be restricted, and delegation may violate SOD. We propose permission-based SOD model on role-based access control. We establishes SOD as a set of permissions instead of role level SOD. Furthermore we propose a principle of role activation. It solves SOD problems of RBAC and supports easy implementation of SOD policy.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.24 no.10A
• /
• pp.1453-1461
• /
• 1999

In this paper, we propose a new scheme that improve the performance of the conventional link access scheme in DSRC MAC and evaluate the performance of the proposed scheme. By using carrier sensing mechanism in random access channels, the proposed scheme can reduce the probability that the collisions among the link access traffics with different priorities may occur in random access channels, and provide differentiated link access delays according to the priorities. Furthermore, the proposed scheme can improve the performance of link access by using modified reservation mode. According to simulation results, it is shown that the proposed scheme is better than conventional method in view of the mean access delay and throughput in random access channels.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.4
• /
• pp.205-211
• /
• 2008

Conventional context-aware service models permit the access of resources only by user authentication, but the ubiquitous environments where the context information around users is changing frequently require the resource access control according to the rapid changes. This paper proposes a scheme to control access permission of resource dynamically as context information of user changes. Our access control model is based on traditional CASA (Context-Aware Security Architecture), but can restrict the access of the user already has been authorized. With the real-time checking of context information, our scheme gives different access controls according to changes in environmental information, and provides more secure services than conventional context-aware models.

• 한국IT서비스학회:학술대회논문집
• /
• 2010.05a
• /
• pp.536-541
• /
• 2010

무한 사이버 공간인 인터넷의 발달과 함께 인터넷의 사용이 크게 늘어 거의 대부분이 인터넷을 이용하고 있다. 이러한 인터넷에서의 정보와 지식은 누구나가 어떠한 환경에서도 사용가능해야 한다. 장애인, 노인, 어린이, 약시 등을 고려한 웹 개발이 절실하다. 국내에서는 2008년 4월 11일 "장애인차별금지 및 권리구제 등에 관한 법률" 동법시행령(제14조)에 웹 접근성 의무화 조항 마련을 마련하여 복지 분야 뿐 아니라 인터넷에서도 장애인에 대한 평등을 강화하였다. 매년 웹 접근성 실태조사를 하고 있는 중앙행정기관의 웹 접근성 평균 점수는 2005년 72.3점, 2006년 81.8점, 2007년 88.2점, 2008년 90.6점이고, 광역지자체는 2005년 71.6점, 2006년 81.8점, 2007년 86.8점, 91.6점으로 해마다 향상되고 있는 것으로 나타났다(한국정보화진흥원 웹접근성연구소, 2009). 이와 비교해 볼 때, 민간기업의 웹사이트는 웹 접근성 준수율이 많이 낮으므로 본 연구에서는 한국 미국 일본 50대 기업의 웹 접근성 및 사용성에 대해 나라별, 기업별로 실증 평가 분석하여 문제점을 도출하고 개선안을 제시하여 민간기업의 웹 접근성, 사용성 수준을 향상시키는데 다소라도 기여하고자 하며 향후 IPTV, 휴대폰 등 다양한 웹 접근성 연구 분야에 대해 제시했다.

• Review of KIISC
• /
• v.18 no.5
• /
• pp.49-61
• /
• 2008

IT기술의 변화에 따라 금융기관의 정보보호 또한 안정성을 보장하면서도 새로운 비즈니스모델에 적합한 보안대책이 요구되고 있다. 금융 어플리케이션의 보안은 정보의 기밀성, 무결성, 가용성을 만족하는 안전하고 신뢰할 수 있는 시스템과 네트워크, 그리고 보안사고에 큰 비중을 차지하고 있는 내부 사용자에 대한 적절한 권한 부여와 접근통제가 요구되어진다. 정당한 사용자가 접근하여 발생하는 보안 문제, 즉 내부자에 의한 악의적인 행위나 오용, 실수 등에 의한 기업의 피해는 외부자에 의한 의도적인 공격보다 피해 규모가 크다. 따라서 정당한 사용자로 인증을 받았다고 할지라도 업무처리에 있어서 필요한 최소한의 권한만을 부여하는 것이 필요한 것이다. 이를 위해 금융기관에 적합한 접근통제가 필요하다. 역할기반 접근통제는 적용범위가 제한적인 강제적 접근통제와 분산된 보안관리로 중앙에서 통제가 어려운 자율적 접근통제의 단점을 보완하고, 실제 업무처리에 적합한 특성을 갖는다. 하지만 기존 역할기반 접근통제를 금융기관의 다양한 금융 어플리케이션에 적용하면 다음과 같은 문제가 발생할 수 있다. 첫째, 금융 어플리케이션에서 사용되는 역할 추출 및 관리가 어렵다. 둘째, 다양한 비즈니스모델이 원하는 직무분리가 복잡하고 어렵다. 셋째, 악의적인 내부 사용자가 역할을 변조하여 과도한 권한을 가질 수 있다. 따라서 본 논문에서는 기존의 역할기반 접근통제에 인사정보 연동을 통한 효율적인 역할 추출 및 분류방안과 역할관리, 직무분리의 세분화 그리고 역할의 안전한 관리를 위해 X.509기반의 권한관리 기반구조(PMI)를 이용한 권한관리 기술을 금융 어플리케이션 환경에 효율적으로 적용하는 방안을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.55-63
• /
• 2001

There are many information objects and users in a large company. It is important issue how to control users access in order that only authorized user can access information objects, Traditional access control models do not properly reflect the characteristics of enterprise environment. This paper proposes an improved access control model for enterprise environment. The characteristics of access control in an enterprise are examined and a task role-based access control(T-RBAC) model founded on concept of classification of tasks is introduced. T-RBAC deals with each task differently according to its class, and supports task level access control and supervision role hierarchy.