• Title/Summary/Keyword: Privilege

Search Result 200, Processing Time 0.027 seconds

Decision Making Model for Selecting Financial Company Server Privilege Account Operations (금융회사 서버 Privilege 계정 운영방식 결정 모델)

  • Lee, Suk-Won;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1607-1620
    • /
    • 2015
  • The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

Recent Debates in Attorney-Client related Privilege and Confidentiality in Korea and Its Implications to International Arbitration

  • Joongi Kim
    • Journal of Arbitration Studies
    • /
    • v.33 no.3
    • /
    • pp.3-30
    • /
    • 2023
  • This article provides an overview of the state of attorney-client related privilege and confidentiality in Korea. It reviews the statutory framework, and how Korean courts have analyzed the privilege and confidentiality related to attorneys and their clients. It then examines the legislative initiatives Korea is currently debating with regard to adopting a more common law-style attorney-client privilege (ACP). If adopted, the new legislation will mark a significant milestone in providing guidance on how communications between attorney and client will be treated. Its impact in the context of international arbitration practice and law related to Korea is explored.

Study on a Secure Authentication and Authorization Protocol based on Kerberos (커버로스 기반의 안전한 인증 및 허가 프로토콜 에 관한 연구)

  • 김은환;김명희;전문석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.5C
    • /
    • pp.737-749
    • /
    • 2004
  • Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

Privilege Management Technique for Unreliable Network Environments based on Tree Structure (신뢰도가 낮은 네트워크 환경을 위한 트리 구조 기반의 권한 관리 기법)

  • Yang, Soo-Mi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.83-91
    • /
    • 2008
  • IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.

A Study on Privilege Elevation Attack Management for Smart Transaction Security on BlockChain Etherium Based System

  • Min, Youn-A
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.4
    • /
    • pp.65-71
    • /
    • 2019
  • IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.

Administrator Privilege Management System Classification of u-City Management Center (u-City 통합운영센터 관리자 권한관리 체계 분류)

  • Yi, Wan-Suck;Go, Woong;Won, Dong-Ho;Yeo, Sang-Soo;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.4
    • /
    • pp.586-599
    • /
    • 2009
  • Recently, a lot of nations are establish and researches the u-City which ubiquitous technology based city, and u-City Management Center(UMC) is also establish and researches. Technical researches of UMC are increasing. However, administrator privilege management researches for UMC is not enough. If we don't manage to administrator privilege who can access and control all of information in UMC, security problems will be occurs. Therefore, in this paper, analyses of administrator privilege management security problems, and proposed administrator privilege management system classification.

  • PDF

Asymmetric Temporal Privilege Management on Untrusted Storage Server (네트워크 스토리지에서 비대칭키 방식의 시 분할 권한 권리 (ATPM))

  • Kim, Euh-Mi;Yoon, Hyo-Jin;Cheon, Jung-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.3
    • /
    • pp.31-42
    • /
    • 2005
  • We consider a network storage model whose administrator can not be fully trusted. In this model, we assume that all data stored are encrypted for data confidentiality and one owner distributes the decryption key for each time period to users. In this paper, we propose three privilege management schemes. In the first scheme, called Temporal Privilege Management (TPM), we use a symmetric encryption based on one-way function chains for key encapsulation. In the second scheme, called Asymmetric Temporal Privilege Management (ATPM), anyone can encrypt the data using the public key of owner, but only privileged users can decrypt the encrypted data. Finally, we present a scheme to restrict writers' privilege using ID-based signatures in ATPM. In our schemes, the privilege managements are based on the time and the addition of users is efficient. Specially, applying TPM and ATPM, we can solve the back-issue problem.

Design of a effective Authorization Mechanism based on Kerberos (커버로스 기반의 효율적인 허가 메커니즘 설계)

  • Kim, Eun-Hwan;Jun, Moon-Seog
    • The KIPS Transactions:PartC
    • /
    • v.10C no.3
    • /
    • pp.287-294
    • /
    • 2003
  • Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

A Study on Database Authentication System in Middleware (미들웨어상에서 데이터베이스 인증시스템에 관한 연구)

  • 최진탁
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.24 no.66
    • /
    • pp.27-35
    • /
    • 2001
  • The Gateway Server Authorization System(GSAS) presented in this thesis is a database authorization system. GSAS is responsible for user\`s authorization, and privilege management, audit service. Only users that are filtered in GSAS can access the DBMS(Data Base Management System) through middleware. GSAS is located at the DBMS and already contains an authorization record for user accessing a specific DBMS. GSAS on consists of several components, namely an authorization manager, a privilege manager, and an audit manager. As an authorization manager and a privilege manager can only approve a pass at the same time, a user can get accessibility for DBMS.

  • PDF

A Study of Grid Computing Based on Privilege Management Infrastructure (Privilege Management Infrastructure를 이용한 Grid Computing 연구)

  • 최현석;이재인;김지호;박세현;송오영
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.356-359
    • /
    • 2003
  • 본 논문에서는 제안하는 Grid Computing은 PMI(Privilege Management Infrastructure)를 이용하여 효율적으로 컴퓨팅 파워의 분산 관리하고 네트?의 트래픽을 분산시키는 모델을 제시한다. 또한 Agent 간 통신 및 Agent와 Server 간 통신에서 Soap Protocol과 SSL Protocol을 접목하여 보안 RPC통신을 기반으로 데이터의 무결성과 기밀성을 보장한다. 본 논문에서 제안한 모델은 Agent를 효과적으로 관리하고 네트워크의 트래픽을 감소시킴과 더불어 Grid Computing의 성능이 개선될 것으로 기대된다.

  • PDF