• Journal of Industrial Technology
• /
• v.21 no.A
• /
• pp.181-188
• /
• 2001

An XML is an markup language which has been focused on the next generation Web programming language. It easily represents the complex structure of a document, and it is possible to provide the access control over each component of an XML document. An implicit authorization technique means that granting an authorization to a node has effect on granting the same implicit authorization to its all descendants. Therefore, it enhances the time for the authorization grant and reduces the memory required for the authorization information. An authorization technique using an intention type and a authorization replacement solves a redundancy problem and decides whether the access is possible or the authorization conflict occurs at the first attempt.

• Journal of Information Technology and Architecture
• /
• v.11 no.3
• /
• pp.321-332
• /
• 2014

In this paper we propose a new notion of predictable flags type of authorization for controlling access to XML documents. By using predictable flags, we are able to efficiently detect conflicts between existing authorizations and new authorizations to be added. XML documents have an element-composition hierarchical structure in that a higher level element consists of multiple lower level sub-elements. Many XML documents systems have used the notion of implicit authorization that grants authorizations to an element and the all descendants to avoid the overhead caused by explicitly storing all authorization for each element. When we grant an authorization on an element in the XML documents, the implicit authorization method is inefficient in determining the conflicts since it needs to examine all authorizations on the descendants of that element. In contrast, our mechanism using predictable flags has the advantage of detecting the conflicts immediately at the element where an explicit authorization is to be granted.

• Journal of KIISE:Databases
• /
• v.30 no.1
• /
• pp.1-13
• /
• 2003

In this paper, we present a content-dependent authorization mechanism for object-oriented database systems. So far, several models of authorization for object-oriented databases have been proposed, but most of these models do not support the authorization based on the database content. This paper shows how the traditional content-independent authorization model can be extended to provide the content-dependent authorization using predicates on the values of attributes of a class. The proposed model makes it possible to group objects that satisfy the specified conditions on the values of the objects and to grant a single authorization on those objects. This model supports the negative authorization and provides the concept of the strong and weak authorization to resolve conflicts between positive and negative authorizations. In addition, we address and resolve some of the problems that arise when the predicates are associated with the authorization. In particular, since the authorization operations of the traditional content- independent model become inadequate for our mode, we redefine the semantics of the authorization operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.377-391
• /
• 2019

Recently, system studies using tokens and block chains for authentication, access control, etc in IoT environment have been going on at home and abroad. However, existing token-based systems are not suitable for IoT environments in terms of security, reliability, and scalability because they have centralized characteristics. In addition, the system using the block chain has to overload the IoT device because it has to repeatedly perform the calculation of the hash et to hold the block chain and store all the blocks. In this paper, we intend to manage the access rights through tokens for proper access control in the IoT. In addition, we apply the Tangle to configure the P2P distributed ledger network environment to solve the problem of the centralized structure and to manage the token. The authentication process and the access right grant process are performed to issue a token and share a transaction for issuing the token so that all the nodes can verify the validity of the token. And we intent to reduce the access control process by reducing the repeated authentication process and the access authorization process by reusing the already issued token.