• Journal of KIISE:Databases
• /
• v.34 no.1
• /
• pp.1-17
• /
• 2007

As XML is becoming a de facto standard for distribution and sharing of information, the need for an efficient yet secure access of XML data has become very important. To enforce the fine-level granularity requirement, authorization models for regulating access to XML documents use XPath which is a standard for specifying parts of XML data and a suitable language for both query processing. An access control environment for XML documents and some techniques to deal with authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query access. Developing an efficient mechanism for XML databases to control query-based access is therefore the central theme of this paper. This work is a proposal for an efficient yet secure XML access control system. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form which is guaranteed to have no access violations using tree-aware metadata of XML schemes and set operators supported by XPath 2.0. The scheme can be applied to any XML database management system and has several advantages over other suggested schemes. These include implementation easiness, small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• Korean Journal of Childcare and Education
• /
• v.7 no.3
• /
• pp.67-100
• /
• 2011

This study assesses the current status of community child centers in Jeollabuk-do by analyzing data from evaluations of 225 centers in 2009. The results are as follows. First, as of 2004, there was a total of 37 Jeollabuk-do community child centers; the number has been increasing at a rate of 20~40% yearly. The number of community child centers has been increasing since government funding was implemented, especially as an authorization is not required to open a center. In order to prevent an excessive amount of childcare centers, and to ensure that new centers meet a standard of quality, it is necessary to examine replacing the current reporting system with an authorization system. Second, out the 6,144 children in the 255 centers, 1,711 children (27.8%) were not from low-income families. This may be positive in that children from various income level families are learning together. However, in order for the community child centers to operate as they were intended, it is necessary to reinforce the itemized regulations. Third, the community child centers scored relatively poorly in utilizing community and human resources. This is because although most Jeollabuk-do childcare centers are using volunteer personnel, they are not fully utilizing community resources. The governments of the cities and counties should support the community child centers by promoting their services and roles, and thereby enable the centers to develop a network of professionals in the community.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• International journal of advanced smart convergence
• /
• v.8 no.4
• /
• pp.188-193
• /
• 2019

This paper is about environment-based low-code and no-code execution platform and execution method that combines hybrid and native apps. In detail, this paper describes the Low-Code/No-Code execution structure that combines the advantages of hybrid and native apps. It supports the iPhone and Android phones simultaneously, supports various templates, and avoids developer-oriented development methods based on the production process of coding-free apps and the produced apps play the role of Java virtual machine (VM). The Low-Code /No-Code (LCNC) development platform is a visual integrated development environment that allows non-technical developers to drag and drop application components to develop mobile or web applications. It provides the functions to manage dependencies that are packaged into small modules such as widgets and dynamically loads when needed, to apply model-view-controller (MVC) pattern, and to handle document object model (DOM). In the Low-Code/No-Code system, the widget calls the AppOS API provided by the UCMS platform to deliver the necessary requests to AppOS. The AppOS API provides authentication/authorization, online to offline (O2O), commerce, messaging, social publishing, and vision. It includes providing the functionality of vision.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.43
• /
• pp.397-422
• /
• 2009

Electronic trade reduces additional costs generated from the issuing and management of paper documents, and overcomes the physical limitations of commercial transactions as well as the geographical and time limitations resulting from trading with foreign countries. These characteristics of electronic trade guarantees better and more effective global marketing for companies. In addition, by expanding relative superiority of large corporations to medium-small sized companies, many medium-small companies have shown great interest in electronic trade to promote its exporting businesses, and implementing changes to facilitate electronic trade into their business system. Therefore, it is expected that the electronic trade will be more widely distributed and utilized by businesses of all sizes in the future. The adaptation and implementation of the electronic trade system can only have prosperous effects when there is a high efficiency in the utilization and service process of the concerned company. Under this premise, this research first examined electronic trade, characteristics of the company and information utilization as the key elements to determine the effectiveness of the utility aspect. Then it examines confirmation of product demand, registration of revenues, and authorization as the key elements to determine the level of service process.

• Journal of the Korean Institute of Rural Architecture
• /
• v.9 no.3
• /
• pp.73-82
• /
• 2007

Ministry of Education and Human Resources presented on December, 2006, 'Alternative school establishment and operation regulation' of contents that can be recognized attainments in scholarship because is authorized if alternative schools fulfill fixed condition. Even though, one time, it was true that several opinions which try to limit to adaptation school of person disqualified for school, thus, various discussion and efforts that specialized school for alternative education does to grow are appearing. However, the expectation which a lot of non authorized schools will apply is not so high because specialized school for alternative education will be controlled in free curriculum and school operation that have been administered and can not be guaranteed school's sell-regulation if acquire legal authorization. Under such social and educational background I surveyed present condition, law, system, literature investigation of existing study, Japanese system and example and authorized two sample specification schools etc. through 'A Basic Study on the Optimum Facilities Criteria Modeling of Regional Specialized Schools for Alternative Education(2006. 10)'. This study was preceded the succession and I visited 17 schools that permit investigation opening of schools among 29 that is authorized until present. So I try to find out architectural planning criteria to activate specialized school for alternative education more through analyzing school's general present condition, establishment idea, operation and specialized education plan, facilities present condition and characteristic.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.

• Journal of the Korean Society of Safety
• /
• v.36 no.2
• /
• pp.18-25
• /
• 2021

Specialty contractor facilities, which involve a combination of welding and commissioning, face a high risk of serious accidents such as fire, explosion, and suffocation associated with welding work, nitrogen, and argon use. In such facilities, the organizational safety culture has considerable impact on the frequency of accidents. In this study, a safety culture evaluation was conducted on specialty contractors. NOSACQ-50, a standardized survey method on safety culture, was selected as an assessment tool to evaluate the safety culture in specialized construction companies that could not afford to invest heavily in safety. The self-administered questionnaire survey was conducted with 201 workers of four construction companies and the results were analyzed. It was found that in companies with low safety culture, the occurrence of irrationality was 66.0%, while in companies with high safety culture, the occurrence of irrationality was 42.6%. Thus, the difference in the occurrence of irrationality by safety culture was statistically significant. The difference in safety culture level according to the experience of occurrence of irrationality was also significant. It was also found that the higher the belief in safety management authorization, safety responsibilities of managers, worker safety priorities, and safety system effects, the lower the probability of irrationality.

• Korea Trade Review
• /
• v.45 no.2
• /
• pp.177-189
• /
• 2020

The dispute settlement mechanism of the World Trade Organization (WTO) is in great peril. The Appellate Body has ceased to function last December as the United States has blocked the appointment of new Appellate Body members since 2017. The focus of this study is on the examination of US's discontent on the Appellate Body and various efforts to reform the Appellate Body. In a recent report, the US Trade Representative raises its concerns on the Appellate Body including 90 days mandatory deadline, transitional rules for outgoing Appellate Body members, scope of appeal, advisory opinions, precedent, recommendation, and overreach without offering any viable solutions. Some of WTO members and experts proposed several Appellate Body reform measures but agreement between WTO members is unlikely in a foreseeable future. Alternative dispute settlement mechanisms should be seriously considered such as interim appeal arbitration arrangements, separate dispute settlement mechanisms for trade remedies, unilateral retaliatory measures without WTO authorization. Rules-based multilateral dispute settlement system is imperative to small open economies like Korea. The Korean government should actively participate in Appellate Body reform discussions with other WTO members to keep the WTO dispute settlement system from collapsing.