• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.107-114
• /
• 2007

We need development methodology of security architecture which offered various levels of security management in case of the organization required more than two security certifications. In this study, therefore, development methodology of Multi-level Security Architecture(MLSA) proposed. Specifically, we should consider factors of commonness and difference between information security management level evaluation of multiple security architecture. This kinds of endeavor can suggest the direction of the improvement of the evaluating security management and the dynamic plan for the security architecture, and it will make the continuous and systematic security management.

• The Journal of Information Systems
• /
• v.11 no.1
• /
• pp.175-198
• /
• 2002

This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.87-97
• /
• 2009

Internet network routing system is used to prevent spread and distribution of malicious data traffic. This study is based on analysis of diagnostic weakness structure in the network security domain. We propose an improved integrated multi-level protection domain for in the internal route of groupware. This paper's protection domain is designed to handle the malicious data traffic in the groupware and finally leads to lighten the load of data traffic and improve network security in the groupware. Infrastructure of protection domain is transformed into five-stage blocking domain from two or three-stage blocking. Filtering and protections are executed for the entire server at the gateway level and internet traffic route ensures differentiated protection by dividing into five-stage. Five-stage multi-level network security domain's malicious data traffic protection performance is better than former one. In this paper, we use a trust evaluation metric for measuring the security domain's performance and suggested algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.1
• /
• pp.17-21
• /
• 2016

This paper investigates the importance of the computational overhead when machine learning methods, such as SVM, LASSO, AdaBoosting and AdaBagging, are used for automatic security classification.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.39 no.3
• /
• pp.90-96
• /
• 2002

RBAC(Role-Based Access Control) is an access control method based on the user's role and it provides more flexibility on the various computer and network security fields. But, RBAC models consider only users for roles or permissions, so for the purpose of exact access control within real application systems, it is necessary to consider additional subjects and objects. In this paper, we propose an Extended RBAC model, $ERBAC_3$, for access control of multi-level security system by adding users, subjects, objects and roles level to RBAC, which enables multi-level security control. 

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.79-88
• /
• 1995

Most works done so far have concentrated on developing data modeling techniques such as multi-level relation for data protection. These techniques, however, cannot be applied to practical area. This is because they require new queries or new architectures. In this paper, we propose a query processing technique for multi-level databases using horizontal partitioning and views, which does not need any change in database architecture and query language.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.340-347
• /
• 2001

Security operating system applied to MAC(Mandatory Access Control) or to MLS(Multi Level Security) gives both subject and object both Security Level and value of Category, and it restrict access to object from subject. But it violates Security policy of system and could be a circulated course of illegal information. This is correctly IPC(Interprocess Communication)mechanism and Covert Channel. In this thesis, I tried to design and implementation as OS kernel in order not only to give confidence of information circulation in the Security system, but also to defend from Covert Channel by Storage and IPC mechanism used as a circulated course of illegal information. For removing a illegal information flow by IPC mechanism. I applied IPC mechanism to MLS Security policy, and I made Storage Covert Channel analyze system call Spec. and than distinguish Storage Covert Channel. By appling auditing and delaying, I dealt with making low bandwidth.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.163-167
• /
• 2006

Multi-level ${\mu}TESLA$ is an efficient extension to ${\mu}TESLA$ to provide an extended lifetime for long-lived sensor networks. This paper presents new constructions of multi-level ${\mu}TESLA$ with immediate authentication of key chain commitments. The proposed constructions are shown to be more efficient and robust than the previous multi-level ${\mu}TESLA$ extension.