• The Journal of the Korea Contents Association
• /
• v.8 no.11
• /
• pp.25-32
• /
• 2008

Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. In terms of XML documents, it is necessary to describe policies more flexibly beyond simple authorization and to consider access control methods which can be selected. This paper describes and designs the access control policy system for authorization for XML document access and for efficient management to suggest a way to use the capacity of XML itself. The system in this paper is primarily characterized by consideration of who would exercise what access privileges on a specific XML document and by good adjustment of organization-wide demands from a policy manager and a single document writer.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.847-850
• /
• 2001

본 논문에서는 최근에 많은 관심이 증가하고 있는 보안 운영체제를 위한 접근제어에 대해 기술하고 이 접근제어를 FreeBSD 에 구현한 것에 대해 설명한다. 강제적 접근제어(MAC), 신분 기반 접근제어(DAC), 그리고 역할기반 접근제어(RBAC) 과 같은 접근제어 정책들을 안전한 FreeBSD 운영체제를 위해 접근제어 정책으로 사용하였다. MAC 과 ACL 의 구현은 POSIX1003.le 의 표준에 기준 하였고 RBAC 의 구현은 NIST의 표준을 기준으로 하였다. 강제적 접근제어는 군기관이나 정부 기관의 보안 요구사항들을 만족시켜주지만 보안관리 측면에서는 유동적이지 못한 면이 있다. 반면에 역할기반 접근제어는 상업적 접근제어 정책 요구 사항들을 만족시켜주는 정책으로 유동적이고 다양한 보안 관리 정책의 요구사항들을 만족 시켜준다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.439-448
• /
• 2015

IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.

• IE interfaces
• /
• v.17 no.3
• /
• pp.294-304
• /
• 2004

In the IS-95 packet service system, the radio channels are generally classified into the dedicated and common traffic channels. In this paper, the performance of the common traffic channel access method is evaluated using simulation. The simulation results are compared with those of random access method. Simulation results show that the capacity can be increased up to 25% by applying the proposed common channel access method. The delay problem and variance of BER are also discussed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.523-526
• /
• 2010

FM Radio communication operating mode is half-duplex mode. FM radio network access control shall be used to detect the presence of active transmissions on a multiple-subscriber-access communications network and shall provide a means to preclude data transmissions from conflicting on the network. In this study, we implemented R-NAD(Random Network Access Delay) that is one of network access control method.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.83-90
• /
• 2015

Current PKI system will confront more dangerous elements in the wireless network. Accordingly, this study suggests a plan to strengthen authentication system plan with using access control and encryption to the location. Locational information collecting devices such as GPS and sensor are utilized to create a new key for authentication and collect locational information. Such a key encodes data and creates an authentication code for are access control. By using the method suggested by this study, it is possible to control access of a military secret from unauthorized place and to protect unauthorized user with unproposed technique. In addition, this technique enables access control by stage with utilizing the existing PKI system more wisely.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.1-11
• /
• 2021

Development of ICT technologies leads exponential growth of various sharing economy over the last couple of years. The intuitive advantage of the sharing economy is efficient utilization of idle goods and services, but there are safety and security concerns. In this paper, we propose a onetime password based access control system to support secure accommodation sharing service and show the implementation results. To provide a secure service to both the provider and the user, the proposed system issues a onetime access password that is valid only during the sharing period reserved by the user, thereafter access returns to the accommodation owner. Especially, our system provides secure user access by merging the two elements of speaker recognition using voice and a one-time password to open and close the door lock. In this paper, we propose a secure system for accommodation sharing services as a use-case, but the proposed system can be applicable to various sharing services utilizing security-sensitive facilities.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.2
• /
• pp.323-329
• /
• 2018

In this paper, we implemented an access control system that only allows specific users to use documents in Hangul document system. The system structure designed in this paper is to transform header information of Hangul document by analyzing the structure of Hangul document. By modifying the function of a specific field of the header information in Hangul document, it prevents users that do not have data for the modified information to open and view the document. By controlling the access rights to important Hangul documents, it is possible to manage Hangul files more safely. In this paper, the actual design of information was implemented and experiments were carried out. Results of the experiment confirmed that the access control system is operated in normal way. In this paper, we implemented an access control system that only allows specific users to use documents in Hangul document system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.