• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.573-584
• /
• 2001

Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2663-2674
• /
• 2014

For cognitive radio sensor networks (CRSNs) that use underlay-based spectrum access, the location of the primary user (PU) plays an important role in the power control of the secondary users (SUs), because the SUs must keep the minimum interference level required by the PU. Received signal strength (RSS)-based localization schemes provide low-cost implementation and low complexity, thus it is suitable for the PU localization in CRSNs. However, the RSS-based localization schemes have a high localization error because they use an inexact path loss exponent (PLE). Thus, applying a RSS-based localization scheme into the PU localization would cause a high interference to the PU. In order to reduce the localization error and improve the channel reuse rate, we propose a RSS-based PU localization scheme that uses distance calibration for CRSNs using underlay model-based spectrum access. Through the simulation results, it is shown that the proposed scheme can provide less localization error as well as more spectrum utilization than the RSS-based PU localization using the mean and the maximum likelihood calibration.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.78-87
• /
• 2009

An attribute-based signature scheme is a signature scheme where a signer's private key is associate with an attribute set and a signature is associated with an access structure. Attribute-based signature schemes are useful to provide anonymity and access control for role-based systems and attribute-based systems where an identity of object is represented as a set of roles or attributes. In this paper, we formally define the definition of attribute-based signature schemes and propose the first efficient attribute-based signature scheme that requires constant number of pairing operations for verification where a policy is represented as a disjunctive normal form (DNF). To construct provably secure one, we introduce a new interactive assumption and prove that our construction is secure under the new interactive assumption and the random oracle model.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.77-84
• /
• 2016

In general RBAC(Role-Based-Access Control) model, senior role has junior role's permissions by virtue of role hierarchy. But although the opposite case is needed partially in medical institutions, such case cannot be performed in medical information systems. This is because inheritances of permissions in role hierarchies are static. In order to tackle this problem, this paper defined a dynamic role assignment, thereby proposed the way for the junior temporarily to be able to perform the permissions of the senior, and showed the applications of medical information systems.

• The Korean Journal of Archival Studies
• /
• no.38
• /
• pp.3-35
• /
• 2013

The physical access or control of records with material entities is relatively easy. However, in the case of electronic records, due to its heightened applicative aspect that allows anyone with the authority to have access over the data, it requires an appropriate standard and stability to ensure the authenticity and integrity of electronic records. This study performed functional evaluation by extracting the minimum critical items from the national functional requirements documents and standards to explore the access control function that play an important role for the standard records management system to maintain quality requirements of electronic records. Based on this checklist, it evaluates whether the standard records management system properly carries out the access control function and investigates the current condition of application to practical records management work. Records managers generally do not use access control function, which may be because they do not feel the necessity, since the application of records management system is not yet actively promoted. In order for the standard records management system to be developed to become a more active system, it requires system improvement as well as considerations for below factors: First, although the necessity of establishing access control conditions is already recognized, it requires a clear stipulation of the regulation. Second, measures must be taken to implement access control in the records management system through document security solution. Third, it requires self-reflection of records manager, who utilizes the records management system. Instead of placing all responsibility on the National Archives, which established the system, professionals must further develop the system through continuous evaluation and improvement. Finally, a general discussion is required to publicize the issue of functional improvement of records management system. Although there is a bulletin board already created for this purpose, its users are extremely limited and it only deals with current problems. A space in online as well as in offline is required to solve the fundamental problems and exchange opinions.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.69-75
• /
• 2018

The key technology of Industry 4.0, Smart factory is evaluated as the driving force of our economic development hereafter and a lot of researches have been established. Various entities including devices, products and managers exist in smart factory, but roles of these entities may be continuous or variable and can become extinct not long after. Existing methods for access control are not suitable to adapt to the variable environment. If we don't consider certain security level, important industrial data can be the targets of attacks. We need a new access control method satisfying desired level of efficiency and security without excessive system loads. In this paper, we propose a new RBAC-PAC which extend AC defined for PKC to the authority attribute of roles. We distribute PACs for roles through block chain method to provide the efficient access control. We verified that RBAC-PAC is more efficient in the smart factory with large number of entities which need a frequent permission update.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.15-26
• /
• 2010

Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.2
• /
• pp.107-114
• /
• 2022

Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.454-456
• /
• 2004

권한위임은 역할기반-접근통제에서 중요한 정책의 하나로 한 역할에서 다른 역할로 권한의 일부 또는 전부를 위임하는 것을 말한다. 대부분의 계층적 역할기반-접근통제 시스템에서는 권한위임 시에 회수까지 고려한 위임을 지원하는 모델이 일반적이다. 하지만 권한위임에 있어서 역할권한의 회수가 불필요하거나 회수를 할 때 문제가 발생할 수 있다. 본 논문에서는 역할권한의 회수가 필요하지 않는 경우에 시스템의 복잡성을 감소시키기 위한 방안으로써 단방향 권한 위임 기법을 정의하며, 일반적인 위임과 단방향 권한 위임이 같이 고려된 하이브리드한 위임 기법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.977-980
• /
• 2001

This paper is a study on the AC and PMI model for the defense computer network. It is suggested that the organization plan of PMI model is a proper model for the characteristics of military system and military defense network security demands based on defense PKI system. Futhermore, it will be presented both various types of defense AC and AC according to the role and clearance in PMI. Defense AC will provide strong users' authentication and Role Based Access Control to give more secured and trusted authentication service by using users' attribute such as role and clearance.