• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.71-81
• /
• 2008

In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.

• Health Policy and Management
• /
• v.31 no.3
• /
• pp.312-327
• /
• 2021

Background: Infection prevention and control (IPC) to manage healthcare-associated infection (HCAI) has emerged as one of the most significant public health issues in Korea. The purpose of this study is to draw implications in IPC policies by analyzing the context, process, and major actors in policy development and comparatively analyzing IPC policy contents of Korea with three other countries. Additionally, IPC policies were analyzed in the context of coronavirus disease 2019 (COVID-19) to provide implications for future pandemics and HCAI events. Methods: This study incorporates a qualitative approach based on document and content analysis, applying codes and thematic categorization. IPC policy contents are comparatively analyzed by adopting the concept model, developed by the World Health Organization, which consists of core components of IPC structure at the national and facility level. Results: National IPC policies were developed within a complex social and political context, through the involvement of various stakeholders. IPC policies in Korea place a high emphasis on establishing IPC programs and built environments in healthcare facilities, whereas there were potentials for improvement in policies involving patients and promoting a safety culture. IPC policies, which currently focus on general hospitals and certain functions of hospitals, should further be expanded to target all healthcare facilities and functions, to ensure more efficient and sustainable IPC responses in the current and future disease outbreaks. Conclusion: IPC is a complex policy arena and lessons learned from the analysis of existing policies in the context of COVID-19 should provide valuable strategic implications for future policies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.35-44
• /
• 2008

It is important to manage access control for secure ubiquitous applications. In this paper, we present an access-control system for executing policy file which includes access control rules. We implemented Context-aware Access Control Manager(CACM) based on Java Context-Awareness Framework(JCAF) which provides infrastructure and API for creating context-aware applications. CACM controls accesses to method call based on the access control rules in the policy file. We also implemented a support tool to help programmers modify incorrect access control rules using static analysis information, and a simulator for simulating ubiquitous applications. We describe simulation results for several ubiquitous applications.

• Journal of Environmental Science International
• /
• v.13 no.4
• /
• pp.339-347
• /
• 2004

This paper asks the question: what choice of environmental policy instruments is efficient to reduce sulfur dioxide from stationary sources\ulcorner: In Korea, command and control has been a common way of controlling $SO_2-emissions.$ When compared to the non-incentive environmental policy instrument such as command and control, economic incentive environmental policy instrument has been the advantage of making polluter himself flexibly deals with in marginal abatement cost to develop environmental technology in the long view. Therefore, the application possibility of the incentive environmental policy instrument was studied in this research to realize the countermeasure for controlling of $SO_2-emissions.$ As a result, enforcement of the countermeasure such as flue gas desulfurizer by command and control would be suitable because power generation is performed by the public or for the public in source of air pollution and thus, economic principle is not applied to the polluter. In the source of industrial pollution, enforcement of fuel tax is found to be suitable for the countermeasure for the use of low sulfur oil in terms of the flexibility of demand for the price in the long tenn. For the permissible air pollution standards applicable to all air pollutant emitting facilities, enforcement of incentive environmental policy such as bubble, off-set, banking policy or tradeable emission penn its would be ideal in long terms according to the regional characteristics and the number and scale of air pollutant emitting facilities.

• Journal of Information Processing Systems
• /
• v.2 no.1
• /
• pp.28-33
• /
• 2006

The initial research of Task Computing in the ubiquitous computing (UbiComp) environment revealed the need for access control of services. Context-awareness of service requests in ubiquitous computing necessitates a well-designed model to enable effective and adaptive invocation. However, nowadays little work is being undertaken on service access control under the UbiComp environment, which makes the exposed service suffer from the problem of ill-use. One of the research focuses is how to handle the access to the resources over the network. Policy-Based Access Control is an access control method. It adopts a security policy to evaluate requests for resources but has a light-weight combination of the resources. Motivated by the problem above, we propose a universal model and an algorithm to enhance service access control in UbiComp. We detail the architecture of the model and present the access control implementation.

• International Journal of Contents
• /
• v.12 no.4
• /
• pp.69-75
• /
• 2016

Adolescent media addiction has emerged as an important social agenda in Korea. However, there has not been enough discussion on the causal structure of media addiction and policy interventions. The objective of this study is to identify and assess the mechanism of the existing and the revised Shutdown policy based on the systems thinking approach. To achieve this purpose, we establish the relationship between media usage, flow, and addiction, and develop a causal loop diagram. Based on the causal loop diagram, we explore the causal structure of two policy scenarios: shutdown policy and deregulation. Our study suggests that policy interventions inducing direct parental control on children's media usage time are ineffective since the time control reduces children's autonomy, which helps alleviate media addiction. Therefore, this study suggests that policy intervention should focus on alleviating addiction itself rather than on controlling media usage time.

• Journal of the Korea Society for Simulation
• /
• v.10 no.1
• /
• pp.35-50
• /
• 2001

Managing multi-echelon inventory systems has gained importance over the last decade mainly because integrated control of supply chains consisting of several processing and distribution stages has become feasible through modern information technology. Determination of optimal inventory policy for multi-echelon supply chain is made difficult by the complex interaction between the different levels. In this paper, we investigate performance of five inventory policies (fixed quantity order policy, fixed interval order policy, compromised order policy, lead time-fixed quantity order policy, and mixed order policy) in a multi-echelon supply chain by using a simulation model constructed with AweSim simulation language. The results of the simulation study show that the mixed order policy is the best among five inventory policies in the most test problems except the case when the stockout cost per unit is much higher than the inventory holding and transportation costs per unit.

• Journal of Korean Institute of Industrial Engineers
• /
• v.26 no.2
• /
• pp.81-87
• /
• 2000

As for M/G/1 queueing system, we use various control policies, with which we can optimize the system. Up to now the most widely adopted policies are N-Policy, T-Policy, D-Policy, and so on. The existing researches are largely concerned to find an optimal operation condition or to optimize the system under single policy in M/G/1 system. There are, however, few literatures dealing with multiple control policies at once to enhance the flexibility of the model. In this study, we consider M/G/1 system adopting N-Policy and T-Policy simultaneously. If one of two conditions is satisfied, then, the server starts the service. We call this Min(N,T)-Policy. We find the probability distribution of the number of customers and mean waiting time in steady state and derive a cost function. Next, we seek the $N^*$, optimal threshold under various N values. Finally, we reveal the characteristics of cost function.

• Journal of The Korean Association of Information Education
• /
• v.1 no.2
• /
• pp.57-66
• /
• 1997

The primary purpose of security mechanisms in a computer systems is to control the access to information. There are two types of access control mechanisms to be used typically. One is discretionary access control(DAC) and another is mandatory access control(MAC). In this study an access control mechanism is introduced for secure access path in security system. The security policy of this access control is that no disclosure of information and no unauthorized modification of information. To make this access control correspond to security policy, we introduce three properties; read, write and create.