• Proceedings of the IEEK Conference
• /
• 대한전자공학회 2004년도 ICEIC The International Conference on Electronics Informations and Communications
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 한국정보처리학회 2002년도 추계학술발표논문집 (중)
• /
• pp.1329-1332
• /
• 2002

최근에 공공장소에서의 보다 안정적이고 고속의 무선 인터넷 접속에 대한 욕구가 커지면서 무선랜에 대한 수요가 많아지고 있고, 유무선 사업자들은 무선랜 시장을 선점하기 위해서 서비스를 서두르고 있다. 이와 같은 무선랜환경에서 안전하게 사용자를 인증하고 서비스를 제공하기 위해서 802.1x 표준이 정의되었다. 이와 같은 802.1x 표준의 관리를 위한 MIB 구조가 IEEE 802.1x MIB에 정의되어 있다. 본 논문에서는 무선단말 사용자를 인증시켜 주고 무선랜서비스를 허가해주는 authenticator의 입장에서 AP를 관리하기 위한 관리 시스템을 위의 MIB 을 기준으로 해서 설계하고 구현하였다.

• Journal of the Korea Society of Computer and Information
• /
• 제14권6호
• /
• pp.91-98
• /
• 2009

In this paper, this model ensures confidentiality and integrity of mandatory access cotrol policy which based on fuzzy function with importance of information. And it solves authorization abuse problem through role graph creation algorithm and flowing policy that security grade is applied. Because this model composes role hierarchy which bind similar role concept to apply to commercial environment, it has expansile advantage by large scale security system as well as is easy that add new role.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제12권4호
• /
• pp.41-53
• /
• 2002

Role Based Access Control (RBAC), which is a method, using role as an access control, has been popular with users and it is recognized as an effective method to replace the Discretionary Access Control and the Mandatory Access Control However, the existing Role Based Access Control Models have only been limited to the bureaucracy organization in which a distinctive hierarchy system was used, incorporating a stable structure and a standardized work system. Only in some parts, some access control models have been used, which supports 'Team' concept, such as Team Based Access Control Model. However, it did not incorporate the characteristics of the adhocracy organization, which is similar to the company's task force team, whose characteristics are organic, temporary, no standardized operation procedures, and many frequent changes. In this study, we have discussed the characteristics of the adhocracy organization which is different from the existing bureaucracy organization, and we have also discussed the problems related to when the existing access control models are used as the access control model for the adhocracy organization due to its characteristics. In addition, based on the problems, we have suggested an improved role based access control model for the adhocracy organization, and have come up with the solutions when any problems occur in the access control system.

• Convergence Security Journal
• /
• 제12권3호
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Proceedings of the KIEE Conference
• /
• 대한전기학회 2003년도 학술회의 논문집 정보 및 제어부문 B
• /
• pp.701-704
• /
• 2003

The home network system of ubiquitous computing concept is changing present our home life as more comfortable and safe. Also, it permits that we can connect the home network system and control the appliance which is linked to the home network system without limitation in time and place. But, as other systems that use the public network like the Internet, remote control/monitoring of the home network system that use the Internet includes problems such as user's access which is not admitted and information changing. This paper presents the efficient solution about the security problem that is recognized to important problem of the home network system. Also this paper implements the security of the home network system based on the UPnP (Universal Plug and Play), adding VPN (Virtual Private Network) router that uses the IPsec to the home network system which is consisted of the ARM9 and the Embedded Linux.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• 제8권6호
• /
• pp.1394-1401
• /
• 2007

Secure access control is a hot issue of large-scale organizations or information systems, because they have numerous users and information objects. In many cases, system developers should implement an access control module as a part of application. This way induces difficult modification of the module and repeated implementation for new applications. In this paper we implement a Java API library for access control to support system developers who use Java. They can easily build up access control module using our library. Our library supports typical access control models, and it can offer new types of access control. Furthermore, it is able to run multiple access control models at the same time.

• The KIPS Transactions:PartA
• /
• 제13A권5호
• /
• pp.399-404
• /
• 2006

In Jana 2, to enforce a suity policy of a program, programmer writes permission sets required by the code at the policy file, sets Security Manager on system and executes the program. Then Security Manager checks by stack inspection whether an access request to resource should be granted or denied whenever code tries to access critical resource. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. This system is based on the static permission check analysis which analyzes permission checks which must succeed or fail at each method. Based on this analysis information, programmer can examine visually how permission checks and their stack inspection are performed. By modifying program or policy file if necessary and examining analysis information repeatedly, programmer can enforce security policy correctly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제21권2호
• /
• pp.101-110
• /
• 2011

Recently, an attack to an application incapacitates the intrusion detection rule, the defense policy for a network and database and induces intrusion incidents. Thus, it is necessary to study integration security to ensure the security of an internal network and database from that attack. This article is about building an integration security system to prevent an attack to an application set with intrusion detection rules. It responds to network-based attack through detection, disperses attack with the internal integration security system through virtual clustering and load balancing, and sets up defense policy for attacking destination packets, analyzes and records attack packets, and updates rules through monitoring and analysis. Moreover, this study establishes defense policy according to attacking types to settle access traffic through virtual machine partition policy and suggests an integration security system applied to prevent attack and tests its defense. The result of this study is expected to provide practical data for integration security defense for hacking attack from outside.

• The Journal of the Korea institute of electronic communication sciences
• /
• 제11권1호
• /
• pp.1-8
• /
• 2016

The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.