• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.1360-1364
• /
• 2004

This paper propose an extended model for role-permission assignment based on locations called "Enhanced Role-Based Access Control (ERBAC03)". The proposed model is built upon the well-known RBAC model. Assigning permissions to role is considered too complex activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. The concept of jobs and tasks is specifically introduced to facilitate role-permission assignment into a series of smaller steps. This model is suitable for any large organization that has many branches. Each branch consists of many users who work in difference roles. An administration tool has been developed to assist administrators with the administration of separation of duty requirements. It demonstrates how the specification of static requirements can be done based on "conflicting entities" paradigm. Static separation of duty requirements must be enforced in the administration environment. Finally, we illustrate how the ERBAC03 prototype is used to administer the separation of duty requirements.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.9
• /
• pp.2052-2072
• /
• 2012

Access control is an essential security component in protecting sensitive data and services from unauthorized access to the resources in mission-critical Cyber-Physical Systems (CPSs). CPSs are different from conventional information processing systems in such that they involve interactions between the cyber world and the physical world. Therefore, existing access control models cannot be used directly and even become disabled in an emergency situation. This paper proposes an adaptive Access Control model for Emergences (AC4E) for mission-critical CPSs. The principal aim of AC4E is to control the criticalities in these systems by executing corresponding responsive actions. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the AC4E model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner. Eventually, a wide set of simulations and performance comparisons of the proposed AC4E model are presented.

• Journal of Internet Computing and Services
• /
• v.15 no.6
• /
• pp.55-64
• /
• 2014

In a Web application, you can pass without restrictions special network security devices such as IPS and F/W, URL parameter, which is an important element of communication between the client and the server, is forwarded to the Web server. Parameters are modulated by an attacker requests a URL, disclose confidential information or through e-commerce, can take financial gain. Vulnerability parameter manipulation thereof cannot be able to determine whether to operate in only determined logical application, blocked with Web Application Firewall. In this paper, I will present a technique OTACUS(One-Time Access Control URL System) to complement the shortcomings of the measures existing approaches. OTACUS can be effectively blocked the modulation of the POST or GET method parameters passed to the server by preventing the exposure of the URL to the attacker by using clean URL technique simplifies complex URL that contains the parameter. Performance test results of the actual implementation OTACUS proves that it is possible to show a stable operation of less than 3% increase in the load.

• Journal of Advanced Marine Engineering and Technology
• /
• v.38 no.4
• /
• pp.430-436
• /
• 2014

This paper relates to the study about the street security light management system. The purpose of the wireless remote management system is to manage street security lights efficiently. The system is composed of three components like light controller, CDMA gateway and web based remote management server. The zigbee solution is adopted to make local wireless network between street security lights. The CDMA network is used for the wireless communication between street security light controller and the remote control center. The gateway to interconnect zigbee network and CDMA was designed with low power 32 bits Cortex M3 micro-controller. For the data communication between the management server and the gateway, SMS and socket based TCP streaming is used. The management server sends SMS to the gateway to deliver light control and management requests, and the gateway replies with the light controllers report via TCP streaming. By using both SMS and TCP streaming communication, it was verified that simple cost effective management is possible for street security lights. We tried real test for 95 street security lights in real environment during two months and analyzed the practical possibility for mass supply.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1025-1035
• /
• 2013

There has been an explosive increase in the population of OSN(online social network) for 10 years. OSN provides users with many opportunities to have communication among friends, families and goes so far as to make relationships among unknown people having similar belief or interest. However, OSN also produced adverse effects such as privacy breaches, leaking uncontrolled information or disseminating false information. Access control models such as MAC, DAC, RBAC are applied to the OSN to control those problems but those models in OSN are not fit in dynamic OSN environment because user's acts in OSN are unpredictable and static access control imposes burden on users to change access control rules one by one. This paper proposes the dynamic trust-based access control to solve the problems of traditional static access control in OSN.

• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• Proceedings of the Korean Institute of IIIuminating and Electrical Installation Engineers Conference
• /
• 2001.11a
• /
• pp.31-34
• /
• 2001

Changing to a 24-hour urbanistic life style, a night time activities constituted for a major portion. Important of a beautiful exterior lighting as well as safety, and security concerns become increasingly. However, the removal or control of the excessive lighting is considered more important then increasing the brightness of the lamps to achieve bother safety and security. Representing a cheerful and leisure environment from the exterior lighting can also harmonize two aspects of energy saving and sustaining green environment. Designing of exterior lighting at the ＯＯ Agricultural & Fishery Circulation center symbolizes the suitability, convenience and production. It's design and analysis represent the optimum urban night time environment.

• Design Convergence Study
• /
• v.16 no.3
• /
• pp.103-118
• /
• 2017

It is expected that the integrated control service of the public sector will be increased for the safety of citizens in the future. Therefore, In this study, we analyzed the classification of CCTV control center and the characteristics of interior design. The survey was conducted at eight control centers in Seoul that were constructed since 2007 and analyzed according to the criteria of general matters, services, spatial basic information, spatial structure, and internal structure. The results of the survey are summarized as follows. Based on the results of the study, the Integrated Control Center is a space where the ratio of the physical environment is not high but performs important tasks for the citizens of the city, which are operated 24 hours a day, and security and security. It is characterized by the efficient space allocation for the treatment, the design of the moving line, and the connection according to the urgent work flow. The results of this study are expected to be used as basic data for other integrated control center environment.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.127-133
• /
• 2007

We propose new reversible watermarking method for images. Being reversibility, original image and watermarked message should be recovered exactly. We propose different technique for hiding data to pairs. We use new type of histogram (pair histogram), which shows frequencies of each pair in image. We use histogram shift method for data embedding to pairs. We also propose improved version of method which allow hiding data with good performance for high capacities. This algorithm has better result compare to Tian's difference expansion method based on the Haar wavelet decomposition. For proposed algorithm capacity is higher under same PSNR.