• The KIPS Transactions:PartD
• /
• v.10D no.5
• /
• pp.773-780
• /
• 2003

SecuROS(Secure & Reliable Operating System) prevents and blocks possible system cracking by implementing additional security functions in FreeBSD 4.3 operating system (OS) kernel, including access control, user authentication, audit trail, encryption file system and trusted channel. This paper describes access control technique, which is one of core technologies of SecuROS, introduces the implementations of DAC, MAC and RBAC, all of which are corresponding access control policies, and show security and results of performance measurement on the basis of application of access control policies. Finally, security and performance between conventional OS environment and environment adopting access control policy is described.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.57-66
• /
• 2011

We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.11-28
• /
• 2000

In these days it is rapidly increasing that multi-user, multi-layered commercial software developments for companies or public institutions. Security services are necessary for most of systems and the access control service is the essential of security services. Current access control methods that are used as access control policies are classified as Discretionary Access Control Mandatory Access Control and Role Based Access Control. However there are some inefficiencies when those methods are applied to current multi-user, multi-layered systems. Therefore it is required that a new access control method that takes complex system resources into account from the side of policy. In this paper extending previous Role Based of 'Behavior' and a basic model of the method. And we simply implement the method on the mobile agent based workflow management system that is a representative example of multi-user. multi-layered softwares and shows implementation results to tap possibilities of real-world application.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.1
• /
• pp.41-49
• /
• 2011

We designed a security improved document DRM for protecting document based military information which is transmitted in the military information system environment. The user should be could not access document which not related to his/her role and duty, and must view the only document appropriate for his/her role and security level according to the security level of document. We improved the security of document DRM by adding to the access control module in DRM server. Our system allows operation mode authorizations for the document, considering the user's role & security level and the security level of document. And it prevents indiscriminate access to the document and damage the confidentiality and integrity of information.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.123-131
• /
• 2007

Recently, various threat and security incident are occurred for unspecified individuals, and this problem increases as the rapid of information sharing through Internet. The using of Information Security System such as IDS, Firewall, VPN etc. makes this problem minimal. However, professional knowledge or skill is needed in that case, normal user can't operate the Information Security System. This paper designs and implements File Access Control Module(FACM) to use easily for normal user against malicious threats and attacks. The FACM can exclude from malicious threats and attacks based on operation system rather than detection of threats and attacks. The FACM is working not only Windows System but also Linux System, and the FACM has effect on access control, integrity and non-repudiation for a file with an access control over files on the each OS that are used by multi-user.

• Journal of Korea Multimedia Society
• /
• v.25 no.10
• /
• pp.1416-1432
• /
• 2022

The access control system is a system that allows users to selectively enter the building by granting an access key to the user for security. Access keys with weak security are easily exposed to attackers and cannot properly perform the role that authenticates users. Access code keys should be protected from forgery or spoofing. For this reason, access key verification service models is important in security. However, most models manage all access keys on one central server. This method not only interrupts all services due to server errors, but also risks forgery and spoofing in the process of transmitting access keys. Therefore, blockchain algorithms are used to reduce this risk. This paper proposes a blockchain-based access key verification service model that used distributed stored blockchain gateways on storing access keys and authenticates the user's identity based on them. To evaluate the performance of this model, an experiment was conducted to confirm the performance of the access key forgery recovery rate and the blockchain network performance. As a result, the proposed method is 100% forgery recovery rate, and the registration and verification process is evaluated at 387.58 TPS and 136.66 TPS.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Journal of Electrical Engineering and information Science
• /
• v.2 no.6
• /
• pp.162-166
• /
• 1997

A message server have two basic functionalities, a server role for processing the processing the user environment as well as an entity role for transferring message to other entity in message system environment. The user who is going to send and receive his important information really wants to keep his own security requests. To satisfy this requirement, message server must be enforced by two seperated security policies- one for message processing security policy under department's computer working environment, the other for send/receive security policy under message system's communication path environment. Proposed access control model gurantees the user's security request by combining constrained server access control and message system access control with multi upper bound properties which come from inheritance attributes of originating user security contexts.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.643-648
• /
• 2005

Intranet system for use within an organization, usually a corporation, is to basically pass through user authentication, but information can be leaked, modified, and deleted by malevolent users who disguise an authorized user or due to user's mistakes in using various functions of web browser. Thus, there is a need for measures to protect the information from illegal use, transformation through partial modification, and illegal leakage such as fraudulent use. This paper presents a flexible Web Security Access Control system based ACM which Provide efficient suity Policy to Protect information in intranet. This Web Security Access Control system not only enhances security by Performing encryption/decryption of information in intranet but also, for sharing confidential information among departments, performs effective and useful access control by assigning different authority to the secured web page. And, by controlling the functions of client PC in various ways, information leakage on malicious purpose or by mistake can be prevented.