• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2012년도 추계학술대회
• /
• pp.165-168
• /
• 2012

본 논문은 이 세상에 존재하는 어떤 종류의 보안시스템도 시스템 접근권한을 가진 전산 담당자의 시스템 침해 행위를 막아내기란 어려운 일이라는 점을 되새기고, 전산 담당자의 침해 행위 사례와 그로인한 피해의 정도 등 심각성을 재조명하고, 나아가 기술적 보안조치의 한계선상에 있는 전산 담당자의 권한 관리와 기술적 조치를 넘어 인적관리를 통한 침해예방 방안에 대해 나름의 대안을 찾아 보고자 한다.

• 산업경영시스템학회지
• /
• 제39권4호
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• 한국통신학회논문지
• /
• 제33권8B호
• /
• pp.719-726
• /
• 2008

본 논문에서는 보안 게이트웨이가 서브넷 상의 단말기의 네트워크 접근 시도 시에 해당 단말기를 자동으로 인식하여 단말기 사용자의 인증 및 접근 제어 보안 룰셋을 기간 데이터베이스와 비교 판별하여 동적으로 조직 내의 역할 기반 접근 권한을 부여, 관리하는 방식에 대해 연구하였다. 덧붙여, 네트워크 관리자가 조직 구조와 관련하여 네트워크 레벨(L2)과 어플리케이션 레벨(L7)의 통합 액세스 제어를 지정할 수 있도록 사용자 중심의 권한 부여 모델을 제시하였다.

• 전자공학회논문지CI
• /
• 제47권6호
• /
• pp.19-27
• /
• 2010

클라우드 컴퓨팅 서비스 환경에서 인증 및 접근 제어와 같은 여러 보안 이슈가 발생하고 있다. 특히, 클라우드 컴퓨팅 환경에서 다양한 자원에 접속을 할 경우, 통합적으로 관리 및 제어가 가능한 인증 및 접근제어 모델이 필요하다. 이를 해결하기 위해서, 본 논문에서는 클라우드 컴퓨팅 환경에서 상황인식 기술과 통합인증 기술, 접근제어 기술, OSGi 서비스 플랫폼 기술을 접목하여, 상황인식 기반의 통합 인증(SSO) 및 접근제어 시스템을 제안한다. 또한 제안 시스템을 설계 및 구현함으로써, 클라우드 컴퓨팅 환경에서 상황에 따른 다양한 Multi Fact기반의 통합인증을 통하여 유연하고, 편리한 보안 시스템을 검증하였다. 이를 통하여 클라우드 컴퓨팅 환경에서 사용자 상황에 따라, 유연하고, 안전한 무중단 보안 서비스를 제공할 수 있음을 확인할 수 있었다.

• 한국인터넷방송통신학회논문지
• /
• 제11권2호
• /
• pp.219-224
• /
• 2011

최근 개인정보 보안의 중요성이 높아짐에 따라 보안 방법에 관한 연구가 활발히 이루어지고 있다. 그 중에서도 바이오메트릭스를 이용한 보안 시스템을 많이 연구 중인데, 특히 바이오메트릭스 기술을 이용한 인식은 인식률과 보안성에 있어서 매우 뛰어나다. 최근 병원의 의사 및 임직원에 대한 출입 보안이 강조 되고 있지만 유출이 쉬운 직원카드에 의한 출입 관리 시스템이 대부분이다. 기존에 나온 홍채인식을 이용한 연구의 문제점은 정확한 홍채 인식 알고리즘과 노이즈를 제거하기 위한 전처리 방법의 부정확성으로 인해 인식률이 떨어지는데 있다. 따라서, 본 논문에서는 기존 암호화 방식의 단점을 보완하기 위하여 생체 인식 중 인식률이 뛰어난 홍채 인식을 사용하여 병원에서의 출입 기록 관리 시스템에 적용한다. 또한 기존 방식에 비해 인식률을 높이기 위해 전처리 과정 시 눈썹 추출 마스크에 선 성분 마스크를 추가하여 정확한 전처리 방법을 제안하고 이에 따라 인식률을 향상시키는 방법을 제안한다.

• 인터넷정보학회논문지
• /
• 제18권6호
• /
• pp.75-84
• /
• 2017

As there has been growing interests in PHR-based personalized health management project, various institutions recently explore safe methods of recording personal medical and health information. In particular, innovative medical solution can be realized when medical researchers and medical service institutes can generally get access to patient data. As EMR data is extremely sensitive, there has been no progress in clinical information exchange. Moreover, patients cannot get access to their own health data and exchange it with researchers or service institutions. It can be operated in terms of technology, yet policy environment are affected by state laws as well as Privacy and Security Policy. Blockchain technology-independent, in transaction, and under test-is introduced in the medical industry in order to settle these problems. In other words, medical organizations can grant preliminary approval on patient information exchange by using the safely encrypted and distributed Blockchain ledger and can be managed independently and completely by individuals. More apparently, medical researchers can gain access to information, thereby contributing to the scientific advance in rare diseases or minor groups in the world. In this paper, we focused on how to manage personal medical information and its protective use and proposes medical treatment exchange system for patients based on a permissioned Blockchain network for the safe PHR operation. Trusted Model for Sharing Medical Data (TMSMD), that is proposed model, is based on exchanging information as patients rely on hospitals as well as among hospitals. And introduce medical treatment exchange system for patients based on a permissioned Blockchain network. This system is a model that encrypts and records patients' medical information by using this permissioned Blockchain and further enhances the security due to its restricted counterfeit. This provides service to share medical information uploaded on the permissioned Blockchain to approved users through role-based access control. In addition, this paper presents methods with smart contracts if medical institutions request patient information complying with domestic laws by using the distributed Blockchain ledger and eventually granting preliminary approval for sharing information. This service will provide an independent information transaction and the Blockchain technology under test will be adopted in the medical industry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권10호
• /
• pp.2708-2730
• /
• 2012

The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

• 한국컴퓨터정보학회논문지
• /
• 제20권7호
• /
• pp.49-56
• /
• 2015

In this paper, we introduce recent cloud system security technologies categorizing them according to Reliability, Availability, Serviceability, Integrity, and Security (RASIS), terms that evaluate robustness of the computer system. Then we describe examples of security attacks and corresponding security technologies for each of them. We introduce security technologies based on Software Defined Network (SDN) for Reliability, security technologies based on hypervisor and virtualization for Availability, disaster restoration systems for Serviceability, authorization and access control technologies for Integrity, and encryption algorithms for Security. We believe that this paper provide wise view and necessary information for recent cloud system security technologies.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• 제8권1호
• /
• pp.11-30
• /
• 2004

Access Control is one of essential branches to provide system's security. Depending on what standards we apply, in general, there are Role-based access control, History-based access control. The first is based on subject's role, The later is based on subject's history. In fact, RBAC has been implemented, we are using it by purchasing some orders through the internet. But, HBAC is so complex that there will occur some errors on the system. This is more and more when HBAC is used with other access controls. So HBAC's formalization and model which are general enough to encompass a range of policies in using more than one access control model within a given system are important. To simplify these, we design the mathematical model called non-access structure. This Non-access structure contains to historical access list. If it is given subjects and objects, we look into subject grouping and object relation, and then we design Non-access structure. Then we can determine the permission based on history without conflict.

• 한국정보통신학회논문지
• /
• 제19권5호
• /
• pp.1125-1130
• /
• 2015

본 논문에서는 단위업무시스템별 구성요소의 식별 방법을 노드, 모듈, 그리고 인터페이스로 나타냈다. 단위업무 시스템별 보호대상을 정의하였고, 구성 요소별로 노드, 모듈, 그리고 인터페이스에 대하여 설명하였다. 보호대상 정의 테이블에서 식별된 보호 대상 노드, 모듈은 분석단계에서 정의된 보안 기준에 따라 보안속성 설계 및 상세화를 수행한다. 그리고 보안 속성 설계 작성 기준은 보호대상과 액세스 허용대상, 접근통제 영역, 식별 및 인증 영역, 그리고 암호화로 분류하여 각각을 설명하고 예시를 들도록 하였다.