• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.625-627
• /
• 2003

역할기반 접근통제(RBAC)모델은 쉬운 관리성과 정책 적용의 유연성, 그리고 정책 중립적인 이점으로 인하여, 현재 많은 컴퓨팅 환경에서 적용되고 있다. 하지만 기존에 연구되었던 RBAC 모델들은 대부분 단일 보안 관리를 가정하므로 최근의 협업 컴퓨팅 환경을 위한 접근통제를 설계하는 데 문제가 있다. 본 논문에서는 협업 컴퓨팅 환경을 다중 도메인 보안(Multi-Domain Security)으로 사상하고, 협업환경을 적절하게 고려하지 않은 RBAC의 적용이 야기할 수 있는 문제점들을 살펴본다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.

• The Journal of Information Systems
• /
• v.14 no.3
• /
• pp.1-8
• /
• 2005

This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.5
• /
• pp.69-77
• /
• 2021

This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.72-83
• /
• 2006

It is not a practical solution that the DDoS attacks or worm propagations are protected and responded within a domain itself because it clogs access of legitimate users to share communication lines beyond the boundary a domain. Especially, the DDoS attacks with spoofed source address or with bogus packets that the destination addresses are changed randomly but has the valid source address does not allow us to identify access of legitimate users. We propose a scheme of distributed network security management to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses and sending the bogus packets. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The domain security manager forwards information regarding identified suspicious attack flows to neighboring managers and then verifies the attack upon receiving return messages from the neighboring managers. Through the experiment on a test-bed, the proposed scheme was verified to be able to maintain high detection accuracy and to enhance the. normal packet survival rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• Korean Journal of Social Welfare Studies
• /
• v.42 no.2
• /
• pp.205-233
• /
• 2011

This study aims to fathom the relationship between socio-economic security and social cohesion which are two sub-domains of Social Quality, on the institutional context of welfare state. In order to grasp the institutional context of welfare state, the study adopted welfare status theory and measured socio-economic resources of individuals via the status as welfare beneficiary and welfare taxpayer. The study postulates a theoretical model that the socio-economic security domain affects the social cohesion domain. In order to verity the theoretical hypothesis, this study utilized structural equations analysis(SEM) using social survey data conducted in year 2008. Recognition of social trust was included as the core index of social cohesion, and welfare statuses, socio-economic security and social trust were inserted in the sequence. Results revealed that the amount of resource in regards to welfare status of rights had significant influence on the socio-economic security, whereas it had no significant relations in regards to welfare status of duties. The recognition of socio-economic security derived from status of welfare rights and duties were positively associated with recognition of social trust. Also, the recognition of socio-eocnomic security turned out to have significant influence on social trust. Conclusively, among the two sub-domains of Social Quality, the study found that the socio-economic domain has influence on social cohesion domain. Such results suggest that in order to enhance the overall social cohesion in Korea, more delicate arrangement of welfare institutions are required.

• Bulletin of the Korean Mathematical Society
• /
• v.41 no.3
• /
• pp.473-482
• /
• 2004

Let D be an integral domain, I a proper ideal of D, and R =D[It, $t^{-1}$] a generalized Rees ring, where t is an indeterminate. For suitable conditions, we show that R satisfies the ACCP (resp., is a BFD, an FFD, a (pre-) Schreier domain, a G-GCD domain, a PVMD, a v-domain) if and only if D satisfies the ACCP (resp., is a BFD, an FFD, a (pre-) Schreier domain, a G-GCD domain, a PVMD, a v-domain).

• Communications of the Korean Mathematical Society
• /
• v.19 no.4
• /
• pp.701-713
• /
• 2004

We obtain the Hyers-Ulam-Rassias stability of a betatype functional equation $f(\varphi(x),\phi(y))$ = $ \psi(x,y)f(x,y)+ \lambda(x,y)$ with a restricted domain and the stability in the sense of R. Ger of the equation $f(\varphi(x),\phi(y))$ = $ \psi(x,y)f(x,y)$ with a restricted domain in the following settings: $g(\varphi(x),\phi(y))-\psi(x,y)g(s,y)-\lambda(x,y)$\mid$\leq\varepsilon(x,y)$ and $\frac{g(\varphi(x),\phi(y))}{\psi(x,y),g(x,y)}-1 $\mid$ \leq\epsilon(x,y)$.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.574-584
• /
• 2019

A new Mirai variant found recently was equipped with a dynamic update ability, which increases the level of difficulty for DDoS mitigation. Continuous development of 5G technology and an increasing number of Internet of Things (IoT) devices connected to the network pose serious threats to cyber security. Therefore, researchers have tried to develop better DDoS mitigation systems. However, the majority of the existing models provide centralized solutions either by deploying the system with additional servers at the host site, on the cloud, or at third party locations, which may cause latency. Since Internet service providers (ISP) are links between the internet and users, deploying the defense system within the ISP domain is the panacea for delivering an efficient solution. To cope with the dynamic nature of the new DDoS attacks, we utilized an unsupervised artificial neural network to develop a hierarchical two-layered self-organizing map equipped with a twofold feature selection for DDoS mitigation within the ISP domain.