• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.39 no.3
• /
• pp.90-96
• /
• 2002

RBAC(Role-Based Access Control) is an access control method based on the user's role and it provides more flexibility on the various computer and network security fields. But, RBAC models consider only users for roles or permissions, so for the purpose of exact access control within real application systems, it is necessary to consider additional subjects and objects. In this paper, we propose an Extended RBAC model, $ERBAC_3$, for access control of multi-level security system by adding users, subjects, objects and roles level to RBAC, which enables multi-level security control. 

• Journal of information and communication convergence engineering
• /
• v.15 no.1
• /
• pp.28-36
• /
• 2017

The medium access control (MAC) protocol based on dynamic time division multiple access/time division duplex (TDMA/TDD) is responsible for random access control and radio resource allocation in dynamic traffic environments. These functions of random access and resource allocation are very important to prevent wastage of resources and improve MAC performance according to various network conditions. In this paper, we propose new random access and resource allocation schemes to guarantee quality of service (QoS) and provide priority services in a dynamic TDMA/TDD system. First, for the QoS guarantee, we propose an adaptive random access and resource allocation scheme by introducing an access probability. Second, for providing priority service, we propose a priority-based random access and resource allocation scheme by extending the first adaptive scheme in both a centralized and a distributed manner. The analysis and simulation results show that the proposed MAC protocol outperforms the legacy MAC protocol using a simple binary exponential backoff algorithm, and provides good differential performance according to priorities with respect to the throughput and delay.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.71-81
• /
• 2008

In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.10C
• /
• pp.1015-1026
• /
• 2002

As per increasing research interest in the field of collaborative computing in recent year, the importance of security issues on that area is also incrementally growing. Generally, the persistency of collaborative system is facilitated with conventional authentication and cryptography schemes. It is however, hard to meet the access control requirements of distributed collaborative computing environments by means of merely apply the existing access control mechanisms. The distributed collaborative system must consider the network openness, and various type of subjects and objects while, the existing access control schemes consider only some of the access control elements such as identity, rule, and role. However, this may cause the state of security level alteration phenomenon. In order to handle proper access control in collaborative system, various types of access control elements such as identity, role, group, degree of security, degree of integrity, and permission should be taken into account. Futhermore, if we simply define all the necessary access control elements to implement access control algorithm, then collaborative system consequently should consider too many available objects which in consequence, may lead drastic degradation of system performance. In order to improve the state problems, we propose a novel access control framework that is suitable for the distributed collaborative computing environments. The proposed scheme defines several different types of object elements for the accessed objects and subjects, and use them to implement access control which allows us to guarantee more solid access control. Futhermore, the objects are distinguished by three categories based on the characteristics of the object elements, and the proposed algorithm is implemented by the classified objects which lead to improve the systems' performance. Also, the proposed method can support scalability compared to the conventional one. Our simulation study shows that the performance results are almost similar to the two cases; one for the collaborative system has the proposed access control scheme, and the other for it has not.

• Journal of the Korean Institute of Telematics and Electronics A
• /
• v.33A no.7
• /
• pp.76-91
• /
• 1996

In this paper, we proposed the new medium access control protocol for the virtual token bus netowrk. The network is applied to inter-processor communication network of large capacity digital switching system and digital mobile system with distributed control architecture. in the virtual token bus netowrk, the existing medium access control protocols hav ea switchove rtime overhead when traffic load is light or asymmetric according ot arbitration address of node that has message to send. The proposed protocol optimized average message delay using cyclic bus access chain to exclude switchover time of node that do not have message to send. Therefore it enhanced bus tuilization and average message delay that degrades the performance of real time communication netowrks. It showed that the proposed protocol is more enhacned than virtual token medium access control protocol and virtual token medium access control protocol iwth reservation through performance analysis.

• Proceedings of the KAIS Fall Conference
• /
• 2007.11a
• /
• pp.293-296
• /
• 2007

RFID는 유비쿼터스 환경 구축에 있어 가장 큰 비중을 차지하고 있다. 하지만 이에 따른 RFID에 저장된 개인정보 유출과 이를 오남용하는 문제에 대해 많은 비판들이 쏟아져 나오고 있으며 이에 대한 보안기술에 많은 관심이 모아지고 있다. 본 논문에서는 이러한 RFID의 보안모델 중 Access Control 기존 모델과 이를 보안한 RFID 2중 Access Control 보안모델을 제안한다. 2중 Access control모델은 기존 Hash-lock Access나 Hash-chain Method모델과 비슷한 구조를 가지고 있으나 도청에 의한 키값 노출에 대한 보안성을 가지고 있으며 Tag인증에 대한 값을 계속 변화 시켜 2중으로 Access Control에 대한 인증 정보를 보안하는 구조이다.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.4
• /
• pp.119-124
• /
• 2001

In the paper, is proposed a secure role-based access control model that not only has s functions such as security, integrity and flow control, but also can easily meet access requirements of role-based social organizations. The proposed role-based access control mod designed based on proven existing rule-based access control mechanisms in order to be app real access control systems. The model proposed in the paper is simple and secure. It can be used for the web-based application systems working on the Internet.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.6
• /
• pp.951-956
• /
• 2011

CAN communication developed for communication between electric control devices in vehicle, was recently applied to automatic breaking devices, and can also be applied to field bus for production automation. Recently, field bus is introduced in engine control etc., for large ship. In this paper, cabin access control system is implemented, based on CAN communication. The cabin access control system based on CAN communication consists of access control server, embedded system based on ARM9, and micro-controller built-in CAN controller. The access control server can be able to manage overall access control system by accessing with manager. And embedded system adopted ARM9 processor transmits access information of RFID reader controller connected with CAN networks to server, also performs access control. The embedded system carry CAN frames to server, so it is used as gateway.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.409-418
• /
• 2015

In order to delivery of the correct information in IoT environment, it is important to deduce collected information according to a user's situation and to create a new information. In this paper, we propose a control access scheme of information through context-aware to protect sensitive information in IoT environment. It focuses on the access rights management to grant access in consideration of the user's situation, and constrains(access control policy) the access of the data stored in network of unauthorized users. To this end, after analysis of the existing research 'CP-ABE-based on context information access control scheme', then include dynamic conditions in the range of status information, finally we propose a access control policy reflecting the extended multi-dimensional context attribute. Proposed in this paper, access control policy considering the dynamic conditions is designed to suit for IoT sensor fusion environment. Therefore, comparing the existing studies, there are advantages it make a possible to ensure the variety and accuracy of data, and to extend the existing context properties.