• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.123-129
• /
• 2013

Android file system is vulnerable to the external access of system resources via its arbitrary access mode and need user's control for SD and UMS medias due to its open architecture. In response to the device control, there is a drawback that its controlability is valid only in the case of embedded linux kernel with VDC function. Hence the solution is to directly implement VDC through system call, with another security module for device storage than system module being added to android system. In this paper the new method of android storage access control for personal information is proposed via VDC for mount system of storage. The access method for SD and UMS were implemented using VDC and mount mechanism. This access control system has been designed to control the granted users in kernel level if files are flowed out by copying. As a result, it was proved through testing that the access control system has exactly detected the write access operation.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.739-742
• /
• 2004

The term 'Grid' refers to systems and applications that integrate and manage resources and services distributed across multiple control domains. Resource sharing is, necessarily, highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs. In this paper, we design and implement a grid access control system, called PGAM. This system works on heterogeneous resources, can be applied to the additional service development and its service, provides template account management mechanism, and tries to ensure site autonomy. This system is implemented to increase portability and to be tit tll any kind of economic model.

• Journal of information and communication convergence engineering
• /
• v.5 no.2
• /
• pp.88-92
• /
• 2007

In this paper, an SS-RRA protocol that is based on Code Division Multiple Access is proposed and analyzed under the integrated voice and data traffic load. The backward logical channels consist of slotted time division frames with multiple spreading codes per slot. The protocol uses a reservation mechanism for the voice traffic, and a random access scheme for the data traffic. A discrete-time, discrete-state Markov chain is used to evaluate the performance. The numerical results show that the performance can be significantly improved by a few distinct spreading codes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• Journal of Korea Multimedia Society
• /
• v.8 no.11
• /
• pp.1520-1530
• /
• 2005

As XML is recognized as a prevalent standard for document representation and exchange in the Internet, the need for security of XML becomes very important issue. Until now researches on XML security have been focused on confidentiality or integrity like encryption and digital signature technology. But, as XML data becomes more massive and complicated, it requires managerial security that decided access permit or deny by the authority oi user who is using the XML data. Thus it requires models and mechanisms enabling the specification and enforcement of access control policies for XML documents. In this paper, we suggest the new access control model and mechanism that separate XML documents by access level, assign roles to each user by applying Role Based Access Control (RBAC) and perform access control to specific documents by encrypting each section with roles. The method, we suggested, has an advantage that it does not need to update the whole keys used in encryption process by updating only the relations between appropriate secure layers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.443-444
• /
• 2021

Security threats to information services are increasingly being developed, and the frequency and damage caused by security threats are also increasing. In particular, security threats occurring inside the organization are increasing significantly, and the size of the damage is also large. A zero trust model has been proposed as a way to improve such a security environment. In the zero trust model, a subject who has access to information resources is regarded as a malicious attacker. Subjects can access information resources after verification through identification and authentication processes. However, the initially proposed zero trust model basically focuses on the network and does not consider the security environment for systems or data. In this study, we proposed a zero trust-based access control mechanism that extends the existing zero trust model to the file system. As a result of the study, it was confirmed that the proposed file access control mechanism can be applied to implement the zero trust model.

• Journal of Communications and Networks
• /
• v.18 no.5
• /
• pp.857-869
• /
• 2016

This paper proposes an X-MAC/BEB protocol that runs a binary exponential backoff (BEB) algorithm on top of an X-MAC protocol to save more energy by reducing collision, especially in densely populated wireless sensor networks (WSNs). X-MAC, a lightweight asynchronous duty cycle medium access control (MAC) protocol, was introduced for spending less energy than its predecessor, B-MAC. One of X-MAC 's conspicuous technique is a mechanism to allow senders to promptly send their data when their receivers wake up. X-MAC, however, has no mechanism to deal with sudden traffic fluctuations that often occur whenever closely located nodes simultaneously diffuse their sense data. To precisely evaluate the impact of the BEB algorithm on X-MAC, this paper builds an analytical model of X-MAC/BEB that integrates the BEB model with the X-MAC model. The analytical and simulation results confirmed that X-MAC/BEB outperformed X-MAC in terms of throughput, delay, and energy consumption, especially in congested WSNs.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.33-38
• /
• 2011

Current IEEE 802.11 standard is very vulnerable that between the AP and STA authentication and security mechanisms is widely known. Therefore, IEEE has proposed security architecture RSN (Robust Security Network) for 802.11. RSN is used the access control, authentication, and key management based on the IEEE 802.1X standard. In this paper, IEEE 802.1X or 802.11 a combination of several models proposed for the vulnerability, and session hijacking or MiM (Man-in the-Middle) attacks to respond, the authentication mechanism Was designed to the access control between the STA and the AP.

• Journal of Communications and Networks
• /
• v.17 no.2
• /
• pp.203-209
• /
• 2015

Although mobile applications are an essential characteristic of wireless sensor networks, most existing media access control (MAC) protocols focus primarily on static networks. In these protocols, fixed periodic neighbor discovery and schedule updating are used to connect and synchronize neighbors to provide successful data transmission; however, they cannot adapt to mobile speed variation and degrade the network performance dramatically. In this paper, we propose a mobile-supporting mechanism for MAC protocols, in which the decision to update the neighbors of a mobile node is made adaptively according to the mobile speed. Analysis and simulation results demonstrate that the mechanism efficiently avoids the disconnection of amobile node from its neighbors and achieves a better performance as compared with fixed periodic neighbor discovery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.93-103
• /
• 2009

Recently, there is an increase in demand of real-time multimedia service in the WLAN environment, with a commercialization of IEEE 802.11n standard. However, the 802.1x authentication protocol is too slow to provide seamless real-time multimedia service, which defined in an IEEE 802.11i security standard. In this paper, a Ticket-based authentication mechanism in the CAPWAP(Control And Provisioning Wireless Access Point) architecture is introduced to support for the fast handoff.