• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.1-9
• /
• 2005

XML is the most common tool for data processing and data transmission in web applications. Policies are extensively used in all online business solutions and it is recognized that abinary decision such as 'yes/no' for access requests is not enough. In this paper, a method is developed to convert policy rules with provisions and obligations in logic formula formats into XML formats. The primary purpose is to enable security policy programmers to write flexible authorization policies in XML and to implement them easily. General syntaxes are defined to specify information for users, objects and actions in XML formats and an XML DTD is developed to specify authorization rules with these three components. To support various security features such as data transcoding and non-repudiation depending on data in addition to access control based on authorization policies, studies for specifying them in XML policy rules will be performed in the future.

• Journal of the Korean Society for information Management
• /
• v.38 no.1
• /
• pp.191-219
• /
• 2021

The development of IT technology that has come to symbolize the fourth industrial revolution, the introduction of online government, and the change in environment has caused radical changes in record management. Most public institutions under the government make use of information systems that are objects of information protection such as electronic document system, document management system, and Onnara system. Further, protection and access control of record information through physical environment and electronic system in a user-centered record management environment is an essential component. Hence, this study studies how professional records management professionals in public institutions recognize safe protection and access management of record information, deriving areas that require improvement and providing a discussion and suggestions to bring about such improvement. This study starts by examining laws and policies on information protection in Korea, analyzing items on access control to compare them with laws and policies, as well as the current situation on records management and derive implications. This study is meaningful in that it aims to substantialize records management by suggesting areas of improvement necessary for the protection and management of record information in public institutions and providing professionals with tangible authority and control.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.29-42
• /
• 2007

This paper describes a security object designed to support a dynamic security service for application services in u-healthcare computing environments in which domains are used to object groups for specifying security policies, In particular, we focus on security object for distributed framework support for u-healthcare including policy, role for security and operations use to access control. And then, by using the DPD-Tool. we showed the access right grant procedure of objects which are server programs, the developing process of client program. Also, we verified the executablility of security service supporting by distributed framework support for u-healthcare use to the mobile monitoring application developing procedure implemented through DPD-Tools.

• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.869-881
• /
• 2005

XML(eXtensible Markup Language) has emerged as a prevalent standard for document representation and exchange on the Internet. XML documents contain information of different sensitivity degrees, so that XML Document must selectively shared by user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations which the users have. In this paper, we give an account of access control model and mechanisms, which XML documents can be securely protected in web environments. We make RBAC Based access Control polices to the problem of secure and selective access of XML documents. The proposed model and mechanism guarantee that the secure use for XML documents through definition of authority for element, attribute, link within XML document as well as XML document.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.3
• /
• pp.1315-1329
• /
• 2018

Ciphertext-policy attribute-based encryption (CP-ABE) associates ciphertext with access policies. Only when the user's attributes satisfy the ciphertext's policy, they can be capable to decrypt the ciphertext. Expressivity and security are the two directions for the research of CP-ABE. Most of the existing schemes only consider monotonic access structures are selectively secure, resulting in lower expressivity and lower security. Therefore, fully secure CP-ABE schemes with non-monotonic access structure are desired. In the existing fully secure non-monotonic access structure CP-ABE schemes, the attributes that are set is bounded and a one-use constraint is required by these projects on attributes, and efficiency will be lost. In this paper, to overcome the flaw referred to above, we propose a new fully secure non-monotonic access structure CP-ABE. Our proposition enforces no constraints on the scale of the attributes that are set and permits attributes' unrestricted utilization. Furthermore, the scheme's public parameters are composed of a constant number of group elements. We further compare the performance of our scheme with former non-monotonic access structure ABE schemes. It is shown that our scheme has relatively lower computation cost and stronger security.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.157-158
• /
• 2013

Data privacy and access control policies in computer clouds are a prime concerns while talking about the sensitive data. Authorized access is ensured with the help of secret keys given to a range of valid users. Granting the role access is a trivial matter but revoking user access is tricky and compute intensive. To revoke a user and making his data access ineffective the data owner has to compute new set of keys for the rest of effective users. This situation is inappropriate where user revocation is a frequent phenomenon. Time based revocation is another way to deal this issue where key for data access expires automatically. This solution rests in a very strong assumption of time determination in advance. In this paper we have proposed a mutable encryption for oblivious data access in cloud storage where the access key becomes ineffective after defined number of threshold by the data owner. The proposed solution adds to its novelty by introducing mutable encryption while accessing the data obliviously.

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.60-71
• /
• 2023

A microservice architecture that accommodates the heterogeneity of various development environments and enables flexible maintenance can secure business agility to manage services in line with rapidly changing requirements. Due to the nature of MSA, where communication between microservices within a service is frequent, the boundary security that has been used in the past is not sufficient in terms of security, and a Zerotrust system is required. In addition, as the size of microservices increases, definition of access control policies according to the API format of each service is required, and difficulties in policy management increase, such as unnecessary governance overhead in the process of redistributing services. In this paper, we propose a microservice architecture that centrally manages policies by separating access control decision and enforcement with a general-purpose policy engine called OPA (Open Policy Agent) for collective and flexible policy management in Zerotrust security-applied environments.

• Journal of Multimedia Information System
• /
• v.3 no.3
• /
• pp.103-110
• /
• 2016

The recent development of the Internet of things (IoT) has led to the introduction of new access control measures. Even during the access control for security, however, there might be privacy infringements due to unwanted information provision and collection. Measures to control this process are therefore required. This paper defines the structure and policies of tokens to protect privacy that can be exposed through the token information when you use the capability token in the IoT service system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.3
• /
• pp.101-109
• /
• 2019

In addition to enabling access, database accounts play a protective role by defending the database from external attacks. However, because only a single account is used in the database, the account becomes the subject of vulnerability attacks. This common practice is due to the lack of database support, large numbers of users, and row-based database permissions. Therefore if the logic of the application is wrong or vulnerable, there is a risk of exposing the entire database. In this paper, we propose a Least-Privilege Account Separation Model (LPASM) that serves as an information guardian to protect the database from attacks. We separate database accounts depending on the role of application services. This model can protect the database from malicious attacks and prevent damage caused by privilege escalation by an attacker. We classify the account control policies into four categories and propose detailed roles and operating plans for each account.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.