• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제4권9호
• /
• pp.409-418
• /
• 2015

IoT 환경에서는 정확한 정보의 전달을 위하여 사용자의 상황에 따라 수집된 정보를 추론하여 새로운 정보, 즉 상황 정보를 생성하는 것이 중요하다. 본 논문에서는 IoT 환경에서 센싱 되는 민감한 정보를 보호하기 위해 상황인식을 통한 정보의 접근제어 기법을 제안하고자 한다. 이는 사용자의 상황을 고려하여 접근을 허가하는 접근권한 관리에 중점을 두고 있으며 승인되지 않은 사용자가 네트워크에 저장되어있는 데이터에의 접근 제약(접근제어 정책)을 둔다. 이를 위해 기존에 연구된 CP-ABE 기반의 상황 정보 접근제어 기법에 대해 분석한 후, 상황 정보의 범위에 동적인 상황을 포함시켜, 확장된 다차원 상황 속성(Context Attribute)을 반영하는 접근제어 정책을 제안한다. 본 논문에서는 동적인 상황을 고려한 접근제어 정책을 IoT 센서퓨전 환경에 적합하도록 설계하였다. 따라서 기존의 연구와 비교해 데이터의 다양성 확보 및 정확한 정보의 수집이 가능하고, 기존 상황 속성의 확장이 가능하다는 장점을 갖는다.

• Journal of Information Science Theory and Practice
• /
• 제12권1호
• /
• pp.87-101
• /
• 2024

As the academic publishing environment evolves rapidly and the open science paradigm emerges, the demand for efficient and transparent peer review is growing. This study outlines efforts to actively introduce advanced concepts in scholarly communication into the submission and review system. AccessON Peer Review Management System Plus (ACOMS+), developed and operated by the Korea Institute of Science and Technology Information, is an online submission and peer review system that aims for open science. This study provides an overview of ACOMS+ and presents its four main features: open peer review, open access publishing and self-archiving, online quantitative/qualitative evaluation, and peer reviewer invitation. The directions for further developing ACOMS+ to fully support open science are also discussed. ACOMS+ is the first system in Korea to introduce the open peer review process and is distinguished as a system that supports open access publishing and digital transformation of academic journals. Furthermore, ACOMS+ is expected to contribute to the advancement of the academic publishing environment through the increasing shift toward open access publishing, transparent peer review, and open science.

• 한국정보통신학회논문지
• /
• 제22권10호
• /
• pp.1405-1411
• /
• 2018

본 논문은 MS-워드 문서 시스템에 대한 접근 제어 시스템을 설계한다. 본 논문에서 설계하는 시스템은 MS-워드 문서 구조를 분석하여 문서 관련 정보를 활용한다. MS-워드문서 정보를 일부 변형하여 변형된 정보에 접근할 수 없는 사용자는 접근을 차단하도록 설계하는 것이다. 이렇게 함으로써 MS-워드문서에 대해서 접근 권한을 가진 사용자 외에는 문서를 읽을 수 없도록 한다. 즉, MS-워드문서에 대한 접근 권한을 통제할 수 있도록 한다. MS-워드문서에 대한 접근 권한을 가진 사용자는 변형된 정보를 원래 정보로 복구할 수 있도록 하여 정상적으로 문서를 읽을 수 있도록 한다. 본 논문에서 설계하는 내용을 실제 구현하고 실험을 수행하였다. 실험에서는 MS-워드문서 정보를 변형하였을 경우 문서 접근이 되는지를 수행하였다. 실험을 수행한 결과 MS-word 접근제어시스템이 정상적으로 잘 동작됨을 확인할 수 있었다.

• 한국컴퓨터정보학회논문지
• /
• 제20권10호
• /
• pp.113-119
• /
• 2015

In this paper, we propose an efficient freedom of information and Information access right which improves transparent and speedy administration process. To build open Information, we scrutinize that causes of non access right and change of civil service consciousness, attitude for open information by effectively open system circumstances. The Important thing is basic information that is available to the public through an agency's FOIA Reference Guide, all agencies must notify potential FOIA requesters of the formal rules and requirements for the making and handling of FOIA request, through their FOIA regulations. The characteristics of this paper focused on Information access right, causes of non access right and proposed policy. In this paper, The author emphasize are as follows: first, to examine freedom of information' necessity and problem that scrutinize a theoretic analysis, second, to understand civil servant's attitude for the freedom of information, third, to suggest action plan and agenda for the better of Good Governance and Democracy of information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권9호
• /
• pp.2052-2072
• /
• 2012

Access control is an essential security component in protecting sensitive data and services from unauthorized access to the resources in mission-critical Cyber-Physical Systems (CPSs). CPSs are different from conventional information processing systems in such that they involve interactions between the cyber world and the physical world. Therefore, existing access control models cannot be used directly and even become disabled in an emergency situation. This paper proposes an adaptive Access Control model for Emergences (AC4E) for mission-critical CPSs. The principal aim of AC4E is to control the criticalities in these systems by executing corresponding responsive actions. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the AC4E model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner. Eventually, a wide set of simulations and performance comparisons of the proposed AC4E model are presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권7호
• /
• pp.3339-3352
• /
• 2016

In ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user's secret key is associated with a set of attributes, and the ciphertext is associated with an access policy. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. In the present schemes, access policy is sent to the decryptor along with the ciphertext, which means that the privacy of the encryptor is revealed. In order to solve such problem, we propose a CP-ABE scheme with hidden access policy, which is able to preserve the privacy of the encryptor and decryptor. And what's more in the present schemes, the users need to do excessive calculation for decryption to check whether their attributes match the access policy specified in the ciphertext or not, which makes the users do useless computation if the attributes don't match the hidden access policy. In order to solve efficiency issue, our scheme adds a testing phase to avoid the unnecessary operation above before decryption. The computation cost for the testing phase is much less than the decryption computation so that the efficiency in our scheme is improved. Meanwhile, our new scheme is proved to be selectively secure against chosen-plaintext attack under DDH assumption.

• Asian Pacific Journal of Cancer Prevention
• /
• 제15권15호
• /
• pp.6171-6176
• /
• 2014

Background: In order to design effective educational intervention for cancer survivors, it is necessary to identify most-trusted sources for health-related information and the amount of attention paid to each source. Objective: The objective of our study was to explore the sources of health information used by cancer survivors according to their access to the internet and levels of trust in and attention to those information sources. Materials and Methods: We analyzed sources of health information among cancer survivors using selected questions adapted from the 2012 Health Information National Trends Survey (HINTS). Results: Of 357 participants, 239 (67%) had internet access (online survivors) while 118 (33%) did not (offline survivors). Online survivors were younger (p<0.001), more educated (p<0.001), more non-Hispanic whites (p<0.001), had higher income (p<0.001), had more populated households (p<0.001) and better quality of life (p<0.001) compared to offline survivors. Prevalence of some disabilities was higher among offline survivors including serious difficulties with walking or climbing stairs (p<0.001), being blind or having severe visual impairment (p=0.001), problems with making decisions (p<0.001), doing errands alone (p=0.001) and dressing or bathing (p=0.001). After adjusting for socio-demographic status, cancer survivors who were non-Hispanic whites (OR= 3.49, p<0.01), younger (OR=4.10, p<0.01), more educated (OR= 2.29, p=0.02), with greater income (OR=4.43, p<0.01), and with very good to excellent quality of life (OR=2.60, p=0.01) had higher probability of having access to the internet, while those living in Midwest were less likely to have access (OR= 0.177, p<0.01). Doctors (95.5%) were the most and radio (27.8%) was the least trusted health related information source among all cancer survivors. Online survivors trusted internet much more compared to those without access (p<0.001) while offline cancer survivors trusted health-related information from religious groups and radio more than those with internet access (p<0.001 and p=0.008). Cancer survivors paid the most attention to health information on newsletters (63.8%) and internet (60.2%) and the least to radio (19.6%). More online survivors paid attention to internet than those without access (68.5% vs 39.1%, p<0.001) while more offline survivors paid attention to radio compared to those with access (26.8% vs 16.5%, p=0.03). Conclusions: Our findings emphasize the importance of improving the access and empowering the different sources of information. Considering that the internet and web technologies are continuing to develop, more attention should be paid to improve access to the internet, provide guidance and maintain the quality of accredited health information websites. Those without internet access should continue to receive health-related information via their most trusted sources.

• 디지털산업정보학회논문지
• /
• 제10권3호
• /
• pp.99-106
• /
• 2014

The most significant change and trend in the information security market in the year of 2014 is in relation to the issue and incidents of personal information security, which leads the area of information security to a new phase. With the year of 2011 as the turning point, the security technology advanced based on the policies and conditions that combine personal information and information security in the same category. Such technical changes in information security involve various types of information, rapidly changing security policies in response to emerging illegal techniques, and embracing consistent changes in the network configuration accordingly. This study presents the result of standardization and quantification of external access inference by utilizing the measurements to fathom the access authorization performance in advance for information security in specialized networks designed to carry out certain tasks for a group of clients in the easiest and most simple manner. The findings will provide the realistic data available with the access authorization inference modes to control illegal access to the edge of a client network.

• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제22권9호
• /
• pp.441-448
• /
• 2016

의료 정보시스템에서 널리 이용되는 역할기반접근제어는 승인된 권한을 오용/남용하여 비정상적인 접근 시도가 가능하다. 이를 해결하기 위해서는 접근 요청이 얼만큼의 위험도를 가지고 있는지 치료정보에 기반한 위험도의 평가가 필요하다. 따라서, 본 논문에서는 환자의 치료정보와 접근되는 정보객체간의 네트워크 연관성 분석을 수행하여 치료정보기반 위험도 평가 방법을 제안하고자 한다. 즉, 위험도 산출은 업무와 관련이 적은 접근의 탐지와 내부자의 정보 유출 위협을 판단할 수 있는 초기 지표로 활용하였고, 분석의 정확도 검증을 위하여 실제 의료정보시스템의 대용량 실증 데이터를 활용하였다.

• 융합보안논문지
• /
• 제23권5호
• /
• pp.29-34
• /
• 2023

KMS(Knowledge Management System)은 다양한 기관에서 정보 공유를 위해 사용하고 있다. 이 KMS는 각 기관에서 사용하는 기본 정보 뿐만 아니라, 중요 정보를 포함하고 있다. KMS에 저장된 중요 정보에 대한 접근을 통제하기 위하여, 많은 KMS는 사용자 식별 및 인증 기능을 적용하고 있다. 이러한 KMS 보안 환경은, KMS에 접근할 수 있는 사용자 계정 정보가 유출되면, 해당 계정 정보를 사용하는 악의적 공격자는 KMS에 접근하여 허가된 모든 중요 정보에 접근할 수 있는 한계점이 있다. 본 연구에서는 사용자 계정 정보가 유출되더라도 중요 정보를 보호할 수 있는 사용자 토큰(Token)을 적용한 파일 접근통제 기능 적용 KMS를 제안한다. 제안하는 토큰 기반 KMS는 암호 알고리즘을 적용하여 KMS에 등록된 파일을 보호한다. 실효성 검증을 위해 목표하는 사용자 접근통제 기능에 대한 단위 기능을 확인한 결과, KMS에서 제공해야 할 접근통제 기능을 정상 제공하는 것을 확인하였다.