• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.123-131
• /
• 2007

Recently, various threat and security incident are occurred for unspecified individuals, and this problem increases as the rapid of information sharing through Internet. The using of Information Security System such as IDS, Firewall, VPN etc. makes this problem minimal. However, professional knowledge or skill is needed in that case, normal user can't operate the Information Security System. This paper designs and implements File Access Control Module(FACM) to use easily for normal user against malicious threats and attacks. The FACM can exclude from malicious threats and attacks based on operation system rather than detection of threats and attacks. The FACM is working not only Windows System but also Linux System, and the FACM has effect on access control, integrity and non-repudiation for a file with an access control over files on the each OS that are used by multi-user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.147-155
• /
• 2003

The diffusion of internet infrastructure and a fast increase of Population to use it is becoming a base of the service that can use various information, data and digital contents which were provided through off-line physically and used. Recently, the. techniques for copy deterrence and copyright protection have been important in e-commerce because various contents in digital form can be duplicated easily. The Access Control(AC) technique that only a user having the qualifications can access and use contents normally has been studied. The Conditional Access System(CAS) used in a satellite broadcasting md Digital Right Management System(DRMS) used for contents service are representative models of current commercialized access control. The CAS and DRM can be considered as an access control technique based on the payment based type(PBT). This paper describe the access control method of payment free type(PFT) suggested in ［5］ which are independent on the payment structure. And then we suggest a new access control method of payment free type which is more efficient than the previous one.

• Proceedings of the CALSEC Conference
• /
• 2005.03a
• /
• pp.62-67
• /
• 2005

In traditional approach, enterprise-wide consistent security policy enforcement for applications is very difficult task. Therefore, industry is now moving towards new unified enterprise application security concept that consist of centralized authentication and authorization mechanism. The eXtensible Access Control Markup Language (XACML); an XML-based standard defined by OASIS, is most suitable choice which can support centralized, role based, context aware access control mechanism. It is designed to provide universal standard for writing authorization policies and access control request/response language for managing access to the resources. This paper includes a brief overview on XACML and discusses its benefits, limitations and a data flow process. We propose a new generic access control architecture that supports enterprise wide centralized application level access control mechanism using XACML. The other benefits which can be achieved through this architecture are, reduce adnministration cost and complexity, support of heterogeneous computing platforms, centralized monitoring system, automatic fail over, scalability and availability, open standard based solution and secure communication.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.63-69
• /
• 2004

The purpose of this paper is to design a system model which is needed for integrating the secure role-based access control model into web-based application systems. For this purpose, firstly, the specific system architecture model using a user-pull method is presented. This model can be used as a design paradigm. Secondly, the practical system working model is proposed. which specifies the mechanism that performs role-based access control in the environment of web-based application systems. Finally, the comparison and analysis is shown in which the merits with the proposed system model is presented.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.119-132
• /
• 2005

The health care system revolutionized by the use of information and communication technologies. Computer information processing and electronic communication technologies play an increasingly important role in the area of health care. We propose a new role based access control model for pervasive health care systems, which changed location, time, environment information. Also our model can be solved the occurrence of an reduction authority problem to pervasive health care system at emergency environment. We propose a new role based access control model for pervasive health care systems, which combines role-to-role delegations, negative permission, context concept and dynamic context aware access control. With out approach we aim to preserver the advantages of RBAC and offer groat flexibility and fine-grained access control in pervasive healthcare information systems.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.643-648
• /
• 2005

Intranet system for use within an organization, usually a corporation, is to basically pass through user authentication, but information can be leaked, modified, and deleted by malevolent users who disguise an authorized user or due to user's mistakes in using various functions of web browser. Thus, there is a need for measures to protect the information from illegal use, transformation through partial modification, and illegal leakage such as fraudulent use. This paper presents a flexible Web Security Access Control system based ACM which Provide efficient suity Policy to Protect information in intranet. This Web Security Access Control system not only enhances security by Performing encryption/decryption of information in intranet but also, for sharing confidential information among departments, performs effective and useful access control by assigning different authority to the secured web page. And, by controlling the functions of client PC in various ways, information leakage on malicious purpose or by mistake can be prevented.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.6
• /
• pp.1221-1226
• /
• 2019

The importance of livestock production of agriculture in Korea is very large. Investments in sanitation facilities and environmental factors such as animal health and odor have been relatively crude, and over the past few years animal disease has emerged as the leading cause of domestic livestock farmers' income stability. There is a need for an access control system that can be purchased and installed by small and medium-sized farmers who are suffering from pollutants and small farmers who can not afford to install costly sterilization on an economical basis. In this paper, based on the plasma access control system proposed previously, we developed an ICT surveillance access control prototype system that can ensure safety and security through access control and integrated control system that introduces a sterilization system using plasma required by farmers affected by pollutants.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1149-1154
• /
• 2003

Due to various requirements for the user access control to large databases in the hospitals and the banks, database security has been emphasized. There are many security models for database systems using wide variety of policy-based access control methods. However, they are not functionally enough to meet the requirements for the complicated and various types of access control. In this paper, we propose a database security system that can individually control user access to data groups of various sites and is suitable for the situation where the user's access privilege to arbitrary data is changed frequently. Data group(s) in different sixes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices. The proposed system operates in two phases. The first phase is composed of a modified MAC (Mandatory Access Control) model and RBAC (Role-Based Access Control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC(Discretionary Access Control) model is applied to re-control the 'read' mode by filtering out the non-accessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s, d, r) were also defined and used to control access to any data or data group(s) that is not permitted in 'read ' mode. With this proposed security system, more complicated 'read' access to various data sizes for individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.303-306
• /
• 2011

System solutions for access control to the user's personal when you want to authenticate to the system is used. The valid user is really just a part of authorized users, the suitability of a valid user has been authenticated are not sure whether the problem is the fact. For example, one developer in the Unix operating system can be valid, but do not have permission to access the system should be limited for. In this paper, a single account for multiple users to use the system operational issues to improve the fine-grained delegation of authority, the session audit, the administrator account's policy-based management, with full rights the administrator account of distribution management and auditing the system overall is the study of access control measures.

• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.341-347
• /
• 2012

Network Access Control system of medical asset protection solutions that installation and operation on system and network to provide a process that to access internal network after verifying the safety of information communication devices. However, there are still the internal medical-data leakage threats due to spoof of authorized devices and unauthorized using of users are away hours. In this paper, Network 2-Factor Access Control Model proposed for prevention the medical-data leakage by improving the current Network Access Control system. The proposed Network 2-Factor Access Control Model allowed to access the internal network only actual users located in specific place within the organization and used authorized devices. Therefore, the proposed model to provide a safety medical asset environment that protecting medical-data by blocking unauthorized access to the internal network and unnecessary internet access of authorized users and devices.