• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1634-1652
• /
• 2022

Due to the increasing need for data sharing in the age of big data, how to achieve data access control and implement user permission revocation in the blockchain environment becomes an urgent problem. To solve the above problems, we propose a novel blockchain-based data sharing scheme (BDSS) with fine-grained access control and permission revocation in this paper, which regards the medical environment as the application scenario. In this scheme, we separate the public part and private part of the electronic medical record (EMR). Then, we use symmetric searchable encryption (SSE) technology to encrypt these two parts separately, and use attribute-based encryption (ABE) technology to encrypt symmetric keys which used in SSE technology separately. This guarantees better fine-grained access control and makes patients to share data at ease. In addition, we design a mechanism for EMR permission grant and revocation so that hospital can verify attribute set to determine whether to grant and revoke access permission through blockchain, so it is no longer necessary for ciphertext re-encryption and key update. Finally, security analysis, security proof and performance evaluation demonstrate that the proposed scheme is safe and effective in practical applications.

• Journal of KIISE:Databases
• /
• v.32 no.2
• /
• pp.193-203
• /
• 2005

XML (extensible Markup Language) is recognized as a standard of data representation and transmission on Internet. XPath is a standard for specifying parts of XML documents anda suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access control XPath expressions. In the proposed method, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposedstructure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.307-318
• /
• 2013

Smart grid is composed of variable domains including different systems, and different types of the access control are needed in the multiple domain. Therefore, the access control model suitable for the smart grid environment is required to minimize access control error and deny the unauthorized access. This paper introduce the access control requirements in the smart grid environment and propose the access control model, SG-RBAC, satisfied with the requirements. SG-RBAC model imposes constraints on the access right activation according to the user property, the role property, and the system property. It also imposes constraints on the delegation and the inheritance of access right according to temporal/spatial information and a crisis occurrence.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.337-346
• /
• 2015

There is great need for efficient user rights management method to provide a flexible service on variety protocols, domains, applications of IoT environments. In this paper, we propose a IoT service platform with CapSG to provide efficient access control for IoT various services of the environment. CapSG uses a token including authentication and access rights to perform authentication and access control service entity providing services. In addition, the generated token for service management, delegation, revocation, and provides a function such as denied. Also, it provides functions such as generation, delegation, disposal and rejection for service token management. In this paper, it provides the flexibility and efficiency of the access control for various services require of the IoT because of it is available to access control specific domain service by using the token group for each domain and is designed to access control using specific service token of tokens group.

• The Journal of the Korea Contents Association
• /
• v.13 no.12
• /
• pp.568-574
• /
• 2013

In recent years, IT companies offer various cloud services using hardware-based technologies or software-based technologies. User can access these cloud services without the constraints of location or devices. The technologies are virtualization, provisioning, and big data processing. However, security incidents are constantly occurring even with these techniques. Thus, many companies build and operate private cloud service to prevent the leak of critical data. If virtual environment are different according to user permission, many system are needed, and user should login several virtual system to execute an program. In this paper, I suggest the access control method for application software on virtual operating system using the Open Authentication protocol in the Cloud system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.12
• /
• pp.4324-4342
• /
• 2014

Previous papers analyzed the throughput performance of the CDMA ALOHA system in Rayleigh fading channel, but they assume that the channel coefficient of Rayleigh fading was the same in the whole packet, which is not realistic. We recently proposed the finite-state Markov channel (FSMC) model to the throughput analysis of DS uncoded CDMA/unslotted ALOHA networks for fixed length data traffic in the mobile environment. We now propose the FSMC model to the throughput analysis of coded DS CDMA/unslotted ALOHA networks with variable length data traffic and one or two user classes in the mobile environment. The proposed DS CDMA/unslotted ALOHA wireless networks for two user classes with access control can maintain maximum throughput for the high priority user class under high message arrival per packet duration.

• The KIPS Transactions:PartD
• /
• v.15D no.4
• /
• pp.441-450
• /
• 2008

Recently, access control on form-based web information systems has become one of the useful methods for implementing client systems in a service-oriented architecture. In particular, XForms language is being adopted in many systems as a description language for XML-based user interfaces and server interactions. In this paper, we propose an efficient algorithm for the evaluation of XPath-based access rules for XForms pages. In this model, an XForms page is a sequence of queries and the client system performs user interface realization along with XPath rule evaluations. XPath rules have instance-dependent predicates, which for the most part are shared between rules. For the efficient evaluation of shared predicate expressions in access control rules, we proposed a predicate graph model that reuses the previously evaluated results for the same context node. This approach guarantees that each predicate expression is evaluated for the relevant xml node only once.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8B
• /
• pp.755-761
• /
• 2004

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAM access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802. 1x standards and related protocols likeEAPoL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG.(Intelligent Wireless Internet Gateway).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.192-193
• /
• 2014

Attendant services (user) roles (Role) and act on the data used should be based access control and permissions. Large amounts of important information to view and change the pre-approval must be acquired. Non-constant time for the session must control actions.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.12a
• /
• pp.373-377
• /
• 1999

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. The administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system is required the consistency of a relationships between user and role in the RBAC Database. In this paper, we propose formal specification in order to manage user-role and role-role relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. This paper can easily derive the implementation of the RBAC administration tool by formal specification of operations.