• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3020-3033
• /
• 1999

Role-Based Access Control(RBAC) security policy is being widely accepted not only as an access control policy for information security but as both a natural modeling tool for management structure of organizations and flexible permission management framework in various commercial environments. Important functions provided by the current RBAC model are to administrate the information on the components of RBAC model and determine whether user's access request to information is granted or not, and most researches on RBAC are for defining the model itself, describing it in formal method and other important properties such as separation of duty. As the current RBAC model which does not define the definition, design and operation for applications is not suitable for automated information systems that consist of various applications, it is needed that how applications should be designed and then executed based on RBAC security model. In this paper, we describe dynamic properties of session which is taken for a passive entity only activated by users, as a vehicle for building and executing applications in an automated information systems. And, a framework for session-oriented separation of duty property, application design and operation is also presented.

• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.75-86
• /
• 2008

This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an "RFID firewall", enabling individuals to monitor and control access to their RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Our system provides a platform for coordinated usage of RFID security mechanisms, offering fine-grained control over RFID-based auditing, key management, access control, and authentication capabilities. We have prototyped the RFID Guardian using off-the-shelf components, and our experience has shown that active mobile devices are a valuable tool for managing the security of RFID tags in a variety of applications, including protecting low-cost tags that are unable to regulate their own usage.

• Korean Journal of Air-Conditioning and Refrigeration Engineering
• /
• v.20 no.1
• /
• pp.17-25
• /
• 2008

To achieve the unidirectional airflow in a cleanroom, we need to predict accurately the static pressure losses at the lower plenum and to control properly the opening pressure ratio of access floor panels based on these pressure losses. At first, the present study proposed a correlation to predict the velocity distribution at the lower plenum, because the accuracy to predict pressure losses at the lower plenum depends on how to calculate the velocity correctly against the inner structures at the lower plenum. In the second place, this study proposed correlations which considered the effect of inner structures such as columns, ducts and equipments at the lower plenum on pressure losses. In order to test the accuracy of these correlations, we compared air flow patterns before regulating the opening ratio of access floor with those after regulating. Results after regulating the opening ratio of access floor show good unidirectional uniform airflow pattern. So the present method can be used as an important tool to control the air flow in a cleanroom.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.7
• /
• pp.261-272
• /
• 2003

An Ethernet PON(Passive Optical Network) is an economical and efficient access network that has received significant research attention in recent years. A MAC(Media Access Control) protocol of PON , the next generation access network, is based on TDMA(Time Division Multiple Access) basically and can classify this protocol into a fixed length slot assignment method suitable for leased line supporting QoS(Quality of Service) and a variable length slot assignment method suitable for LAN/MAN with the best effort. For analyzing the performance of these protocols, we design an Ethernet PON model using OPNET tool. To establish the maximum efficiency of a network, we verify a MAC protocol and determine the optimal number of ONUs(Optical Network Unit) that can be accepted by one OLT(Optical Line Terminal) and propose the suitable buffer size of ONU based on analyzing the end-to-end Ethernet delay, queuing delay, throughput, and utilization.

• Journal of the Semiconductor & Display Technology
• /
• v.17 no.1
• /
• pp.12-20
• /
• 2018

Recently, web-based service software has been used as to combine various information or to share information according to the needs of users and the convergence of specialized fields and individual dependent systems. According to the necessity of the user, the proper service environment and the selective service environment according to the purpose and the needs of the user have been studied in a variety of specialized and combined professional research fields and industries. Software based on cloud systems and web services is being used as a tool for appropriate group and user groups and roles. A service system combined dynamically needs a module to manage a user through internal logic and grant a service access authentication. Therefore, it has been considered various approaches that a user who accesses the system is given a service access authority for a certain period of time. Also, when the deadline is over, the authority that you are given to access system will go through the process of expire the right. In this paper, we define the roles of users who access web services, manage user rights according to each role, and provide appropriate service resources to users according to their rights and session information. We analyzed the procedure of constructing the algorithm for the service according to the procedure of each user accessing the web service, granting the service resource and constructing a new role.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.34C no.12
• /
• pp.9-19
• /
• 1997

This paper describes the design and FPGA implementation of a system control unit within a multiprocessor chip which can be used as a node processor ina massively parallel processing (MPP) caches, memory management units, a bus unit and a system control unit. Major functions of the system control unit are locking/unlocking of the shared variables of protected access, synchronization of instruction execution among four integer untis, control of interrupts, generation control of processor's status, etc. The system control unit was modeled in very high level using verilog HDL. Then, it was simulated and verified in an environment where trap handler and external interrupt controller were added. Functional blocks of the system control unit were changed into RTL(register transfer level) model and synthesized using xilinx FPGA cell library in synopsys tool. The synthesized system control unit was implemented by Xilinx FPGA chip (XC4025EPG299) after timing verification.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.91-98
• /
• 2012

OLAP(On-Line Analytical Processing) is a tool to satisfy the requirements of managing overflowing data analysis. OLAP can provide an interactive analytical processing environment to every end-user. Security policy is necessary to secure sensitive data of organization according to users direct access database. But earlier studies only handled the subject in its functional aspects such as MDX(Multidimensional Expressions) and XMLA(XML for Analysis). This research work is purported for solving such problems by designing and implementing an efficient data access control mechanism for the information security on OLAP. Experimental evaluation result is proposed and its efficiency and accuracy are verified through it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1023-1030
• /
• 2020

Wearable devices, such as a smart watch and a wrist band, store owner's private information in the devices so that security in a high level is required. Applications developed by third parties in Tizen request for an access to designated services through the desktop bus (D-Bus). The D-Bus verifies application's privileges to grant the request for an access. We developed a fuzzing tool, so-called DAN (the D-bus ANalyzer), to detect errors in implementations for privilege verifications and access controls within Tizen's system services. The DAN has found a number of vulnerable services which granted accesses to unauthorized applications. We built a proof-of-concept application based on those findings to demonstrate a bypass in the privilege examination.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Journal of Digital Contents Society
• /
• v.8 no.4
• /
• pp.607-613
• /
• 2007

Current changes in the written language curriculum have lead to emphasis being placed on the process involved in writing rather than the product. Writing is being viewed as a means of exploration, with text being manipulated in revision until a clear message is conveyed. This study focuses on the use of the computer in written language, as a tool to facilitate learning, increase interaction and alter children's attitudes. Some children from a local primary school participated in a project which gave them access to a computer and guidance during the process of revision. Evaluation of this study showed a two-fold effect. Firstly the writing behaviors of the children developed with their increased involvement in the process. For example, the children began to read what they had written thereby independently evaluating the content. Secondly, arising from this, as a sense of control over their writing was gained the children's attitudes towards writing became more positive.