• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2003

In the distributed-computing environment, applications or users have to share resources and communicate with each other in order to perform their jobs more efficiently. In this case, it is important to keep resources and information integrity from the unexpected use by the unauthorized user. Therefore, there is a steady increase in need for a reasonable way to authentication and access control of distributed-shared resources. In RBAC, there are role hierarchies in which a higher case role can perform permissions of a lower case role. No vise versa. Actually, however, it is necessary for a lower case role to perform a higher case role's permission, which is not allowed to a lower case role basically. In this paper, we will propose a permission delegation method, which is a permission delegation server, and a permission delegation protocols with the secret key system. As the result of a permission delegation, junior roles can perform senior role's permissions or senior role itself on the exceptional condition in a dedicated interval.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.6
• /
• pp.8-18
• /
• 2010

As Ubiquitous systems are developed, the number of context data which are dealt with systems also grow rapidly. In these data, some are vary important in privacy view. As these data are given to users or services of systems, probability of excess exposing of data is exist. To solve this problem, many systems use access control method like RBAC. But even this method can avoid unauthenticated access, can not prevent excess exposing of authenticated access. To prevent this exposing of context data, this paper suggests context data access control framework which abstracts context data when system gives these data to users or services. Using negotiation protocol and context data abstraction technique using RDF, our framework prevents excess exposing important data. This happens protecting privacy and keeping service continuity.

• Journal of KIISE:Databases
• /
• v.35 no.2
• /
• pp.155-168
• /
• 2008

This paper proposes a relational security model-based RDF Web ontology access control model. The Semantic Web is recognized as a next generation Web and RDF is a Web ontology description language to realize the Semantic Web. Much effort has been on the RDF and most research has been focused on the editor, storage, and inference engine. However, little attention has been given to the security issue, which is one of the most important requirements for information systems. Even though several researches on the RDF ontology security have been proposed, they have overhead to load all relevant data to memory and neglect the situation that most ontology storages are being developed based on relational database. This paper proposes a novel RDF Web ontology security model based on relational database to resolve the issues. The proposed security model provides high practicality and usability, and also we can easily make it stable owing to the stability of the relational database security model.

• Journal of Korea Multimedia Society
• /
• v.7 no.11
• /
• pp.1620-1629
• /
• 2004

The objectives of access control are to protect computing and communication resources from illegal use, alteration, disclosure and destruction by unauthorized users. Although Biba security model is well suited for protecting the integrity of information, it is considered too restrictive to be an access control model for commercial environments. And, Role-Based Access Control(RBAC) model, a flexible and policy-neutral security model that is being widely accepted in commercial areas, has a possibility for compromising integrity of information. In this paper, We present the role graph model which enhanced flexibility and integrity to management of many access permission. Also, In order to represent those rule and constraints clearly, formal descriptions of role assignment rule and constraints in Z language are also given.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.3
• /
• pp.605-614
• /
• 2012

Nowadays u-healthcare which is very sensitive to the character of user's information among other ubiquitous computing field is popular in medical field. u-healthcare deals extremely personal information including personal health/medical information so it is exposed to various weaknees and threats in the part of security and privacy. In this paper, RFID based patient's information protecting protocol that prevents to damage the information using his or her mobile unit illegally by others is proposed. The protocol separates the authority of hospital(doctor, nurse, pharmacy) to access to patient's information by level of access authority of hospital which is registered to management server and makes the hospital do the minimum task. Specially, the management server which plays the role of gateway makes access permission key periodically not to be accessed by others about unauthorized information except authorized information and improves patient's certification and management.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.189-200
• /
• 2011

With rapid development and contribution of IT technology IT fushion healthcare service which is a form of future care has been changed a lot. Specially, as IT technology unites with healthcare, because delicate personal medical information is exposed and user's privacy is invaded, we need preperation. In this paper, u-healthcare service model which can manage patient's ID information as user's condition and access level is proposed to protect user's privacy. The proposed model is distinguished by identification, certification of hospital, access control of medical record, and diagnosis of patient to utilize it efficiently in real life. Also, it prevents leak of medical record and invasion of privacy by others by adapting user's ID as divided by user's security level and authority to protect privacy on user's information shared by hospitals.

• Journal of the Korea Convergence Society
• /
• v.11 no.3
• /
• pp.77-83
• /
• 2020

Recently, intelligent predictive surveillance system has emerged. It is a system that can probabilistically predict the future situation and event based on the existing data beyond the scope of the current object or object motion and situation recognition. Since such intelligent predictive monitoring system has a high possibility of handling personal information, security consideration is essential for protecting personal information. The existing video surveillance framework has limitations in terms of privacy. In this paper, we proposed a security framework for intelligent predictive surveillance system. In the proposed method, detailed components for each unit are specified by dividing them into terminals, transmission, monitoring, and monitoring layers. In particular, it supports active personal information protection in the video surveillance process by supporting detailed access control and de-identification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.3-12
• /
• 2004

Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.149-160
• /
• 2008

As individual users have to provide more information than the minimum for using information communication service, the invasion of privacy of Individual users is increasing. That is why client/server based personal information security platform technologies are being developed such as P3P, EPAL and XACML. By the way enterprises and organizations using primarily role based access control can not use these technologies. because those technologies apply access control policies to individual subjects. In this paper, we suggest an expression language for privacy enhancing role-based access control policy. Suggested privacy enhancing role-based access control policy language model is a variation of XACML which uses matching method and condition, and separately contains elements of role, purpose, and obligation. We suggest policy language model for permission assignment in this paper, shows not only privacy policy scenario with policy document instance, but also request context and response context for helping understanding.