• 정보보호학회논문지
• /
• 제14권6호
• /
• pp.3-13
• /
• 2004

논문[10]에서는 유비쿼터스 환경에서 보안 시스템들의 정책들을 보호하기 위해 단방향 함수를 사용한 룰 보호 기법을 제시하였으며, 논문[5-6]은 침입 탐지 시스템 중 Snort를 기반으로 해쉬 함수를 사용한 룰 보호기법을 제안하였다. 이러한 기법들을 통해 보안 시스템들의 정책을 보호할 수 있었으나 단방향 함수의 특성상 정책의 모든 부분을 보호할 수는 없었다. 이러한 문제를 해결하기 위해 본 논문에서는 Snort를 기반으로 대칭키 암호 시스템을 이용한 새로운 기법을 제안한다. 정책의 암호화 및 암호화에 사용되는 비밀키의 유출을 예방하기 위해 논문[12]에서 제안한 PCMCIA 암호 모듈을 사용한 키 관리 기법을 사용한다. 본 논문에서 제안한 기법은 일반적인 정책기반의 보안 시스템에 적용될 수 있다.

• ETRI Journal
• /
• 제25권6호
• /
• pp.423-436
• /
• 2003

This paper describes our design of a contents distribution framework that supports transparent distribution of digital contents on the Internet as well as copyright protection of participants in the contents distribution value chain. Copyright protection must ensure that participants in the distribution channel get the royalties due to them and that purchasers use the contents according to usage rules. It must also prevent illegal draining of digital contents. To design a contents distribution framework satisfying the above requirements, we first present four digital contents distribution models. On the basis of the suggested distribution models, we designed a contract system for distribution of royalties among participants in the contents distribution channel, a license mechanism for enforcement of contents usage to purchasers, and both a packaging mechanism and a secure client system for prevention of illegal draining of digital contents.

• 인터넷정보학회지
• /
• 제14권3호
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• 인터넷정보학회논문지
• /
• 제17권5호
• /
• pp.9-16
• /
• 2016

Pervasive computing and Internet of Things (IoT) have recently received considerable interest to deploy solutions for the future Internet. Smart environments are integrated with Semantic Web to provide context-awareness to the processed information. Self-learning techniques have been adopted within smart solutions for efficient retrieval of data but do not process data with privacy parameters for in-place authorization. To overcome this issue, we present a novel approach of deploying access control as a service mechanism within Semantic Web based smart environment by using eXtensible Access Control Markup Language (XACML). The proposed XACML as a Service (XACMLaaS) approach offers fine-grained access control for protecting information within smart environment. In this paper, we have defined mathematical rules for each components of proposed access control service layer. These rules are for implementation of access control using XACML. The proposed approach allows the adaptation of authorization of information at component level and provides scalable solution for authorization policies and rule enforcement within smart environment.

• International Journal of Computer Science & Network Security
• /
• 제22권7호
• /
• pp.57-64
• /
• 2022

This scientific article is devoted to the study of the legal significance of such a category of legal status of the purchaser of another's thing, as its good faith. The essence of this phenomenon has been studied, it has been established that the criterion of good faith attaches significant importance to the claims of the participants of these relations for the acquisition or preservation of private property rights. The paper emphasizes that, in addition to the importance of good conscience at the time of possession of another's thing, which gives legal certainty the possibility of registration of the title and is part of the actual composition for the acquisition of property or the right of ancient possession, bona fides also characterizes the behavior of the occupier. In this case, good conscience only has some legal consequences when it is opposed to subjective law. Under such conditions, it acquires direct legal significance, including as a condition for the acquisition and protection of rights. Good faith possession of another's property is an internal indicator of the subject's awareness of a certain property status. This sense, the article assesses this status from the standpoint of the scientific concept of the visibility of law. According to this theory, prescription is also considered as a consequence of the appearance of law, however, because it arises and lasts against the will of the parties and despite their awareness of this fact. Therefore, bona fide continuous and open possession of property as one's own, during the acquisition period, was most significantly associated with the appearance of property. Therefore, the concept of good faith, in the sense of personal perception of real values, is closely related to the principle of protection of the appearance of law, as it is aimed at understanding it by third parties. The paper notes certain differences in the application of the theory of the appearance of the right in the acquisition of property by a bona fide purchaser from an unauthorized alienator and the acquisitive prescription. It is emphasized that such a mechanism must be used in presuming the attitude to the thing as its own, by the holder of movable property. But there should be exceptions to the rule, in particular, if the owner has grounds for vindication of the thing.

• KDI Journal of Economic Policy
• /
• 제12권3호
• /
• pp.71-94
• /
• 1990

본고(本稿)서는, 최근 자유금융학파(自由金融學派)와 신화폐경제학과(新貨幣經濟學科)들의 등장으로 화폐(貨幣) 금융문제(金融問題)에서의 자유경쟁(自由競爭) 및 자유방임주의적(自由放任主義的) 사고가 새롭게 확산되고 있는 시점(時點)에서, 정부(政府) 및 중앙은행(中央銀行)의 화폐(貨幣) 금융개입(金融介入)의 이론적(理論的) 근거(根據)와 그에 관련된 논쟁(論爭)을 다음의 6가지 논거(論據)들을 중심으로 개관해 보았다 : (1) 자유금융하(自由金融下)의 銀行券(은행권) 초과발행(超過發行) 가능성(可能性), (2) 화폐사용에 있어서의 외부경제효과(外部經濟效果)와 화폐제도의 공공재적(公共財的) 성격(性格) (3) 화폐발행업무의 규모(規模)의 경제(經濟)와 자연독점적(自然獨占的) 성격(性格), (4) 실물부문(實物部門)의 불안정성(不安定性)과 거시안정화정책(巨視安定化政策)의 필요성, (5) 은행금융시장(銀行金融市場)의 불안정성(不安定性)과 은행파산(銀行破産)의 외부효과(外部效果), (6) 소액거래자(少額去來者) 및 예금자(預金者)의 보호(保護) 이러한 논거들에 의하면 외부화폐(外部貨幣)(outside money)의 공급은 전형적인 공공재이론(公共財理論)이나 기술적(技術的) 독점주장(獨占主張)이 적용되는 경우이기 때문에 외부화폐제도(外部貨幣制度)의 유지에 있어서 정부(政附)나 중앙은행(中央銀行) 독점(獨占) 및 개입(介入)이 불가피하고 또한 바람직하지만, 내부화폐(內部貨幣)(inside money)제도(制度)의 경우는 적절한 최소한의 안전장치만 강구된다면 최근의 자유금융학파(自由金融學派) 및 신화폐경제학과(新貨幣經濟學科)들의 주장과 같이 사적(私的) 자유경쟁(自由競爭)이 보다 활성화되도록 하는 것이 바람직할 것으로 판단된다 . 한편 외부화폐제도(外部貨幣制度)에의 개입(介入)에 따른 (정부(政府) 및) 중앙은행(中央銀行)의 거시통화정책기능(巨視通貨政策機能)은 물론, 보다 자유화(自由化)된 내부화폐제도하(內部貨幣制度下)에서도 중앙은행(中央銀行)의 최종대여자기능(最終貸與者機能)과 미시적(微視的) 감독기능(監督機能)은 동(同) 제도(制度)의 안전성(安全性)을 유지하기 위해 중요한 역할을 할 것으로 보인다.