• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1025-1035
• /
• 2013

There has been an explosive increase in the population of OSN(online social network) for 10 years. OSN provides users with many opportunities to have communication among friends, families and goes so far as to make relationships among unknown people having similar belief or interest. However, OSN also produced adverse effects such as privacy breaches, leaking uncontrolled information or disseminating false information. Access control models such as MAC, DAC, RBAC are applied to the OSN to control those problems but those models in OSN are not fit in dynamic OSN environment because user's acts in OSN are unpredictable and static access control imposes burden on users to change access control rules one by one. This paper proposes the dynamic trust-based access control to solve the problems of traditional static access control in OSN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.59-67
• /
• 2010

In the paper, we proposed an IM-ACM(Insider Misuse-Access Control Model) for preventing illegal information leakage by insider who exploits his legal rights in the ubiquitous computing environment. The IM-ACM can monitor whether insider uses data rightly using misuse monitor add to CA-TRBAC(Context Aware-Task Role Based Access Control) which permits access authorization according to user role, context role, task and entity's security attributes. It is difficult to prevent information leakage by insider because of access to legal rights, a wealth of knowledge about the system. The IM-ACM can prevent the information flow between objects which have the different security levels using context role and security attributes and prevent an insider misuse by misuse monitor which comparing an insider actual processing behavior to an insider possible work process pattern drawing on the current defined profile of insider's process.

• KEPCO Journal on Electric Power and Energy
• /
• v.7 no.2
• /
• pp.277-283
• /
• 2021

Power plant simulators have been used for operator training, control verification and engineering verification. In general, simulators can be used in the place where they are installed by only single user group at a time. Considering high cost of simulator development, a lot of available scenarios, the diversity of user level and accessibility based on users' work location, development of simulator system that can be used by multiple user groups regardless of location is required in order to enhance utilization of simulators. In this paper, the simulator system that can be used by multiple user group simultaneously without location limitation is proposed. The simulator system is composed of simulator servers, database servers, HMI servers, a web server, web clients. Simulator server consists of control model, process model that are developed for Circulating Fluidized Bed power plant located overseas. A web server manages user accounts, operation procedures, multiple server access between web client group and simulator server group. In other words, a web server makes a user group select a simulator server at a time. The developed simulator system is integrated after implementing process model, control model, HMI, and web server. Web client systems are installed on local site where power plant is located, while simulator servers, HMI servers, database servers, and a web server are located in KEPCO RI. The developed simulator system is verified by steady-state test, malfunction test and so on via remote access.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.60 no.2
• /
• pp.416-422
• /
• 2011

Smart grid is the next generation intelligent power grid that combines the existing electric power infrastructure and information infrastructure. It can optimize the energy efficiency in both directions, suppliers and power consumers to exchange information in real time. In smart grid environments, with existing network security threats due to the smart grid characteristics, there are additional security threats. In this paper, we propose a security mechanism that provides mutual authentication and key agreement between a remote user and the device. The proposed mechanism has some advantages that provides secure mutual authentication and key agreement and secure against a replay attack and impersonation attacks.

• Journal of Communications and Networks
• /
• v.11 no.2
• /
• pp.175-186
• /
• 2009

A new medium access control (MAC) scheme embedding physical channels into multiband carrier sense multiple access/collision avoidance (CSMA/CA) networks is proposed to provide strict quality of service (QoS) guarantee to high priority users. In the proposed scheme, two priority classes of users, primary and secondary users, are supported. For primary users physical channels are provided to ensure strict QoS, whereas secondary users are provided with best-effort service using CSMA/CA modified for multiband operation. The performance of the proposed MAC scheme is investigated using a new multiband CSMA/CA Markov chain model capturing the primary user activity and the operation of secondary users in multiple bands. The throughput of secondary users is obtained as a function of the primary user activity and other CSMA/CA parameters. It is shown that the new MAC scheme yields larger throughput than the conventional single-band CSMA/CA when both schemes use the same bandwidth.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.10
• /
• pp.2642-2648
• /
• 1999

This paper describes a DAVIC based VoD service system that allows access via the Web, taking advantage of the wide availability of Web browsers. A simple access mechanism of a DAVIC based VoD system, using a Web browser is adopted on the proposed system. The client and VoD server are compliant with DAVIC, a user can access the VoD server simply by selecting the Web server's address via a Web browser. A menu enables the user to select VCR-like buttons, to establish an S2 control flow and to send the commands contained in the buttons to the VoD server. A simple implementation shows the feasibility of the proposed approach.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Journal of Convergence for Information Technology
• /
• v.8 no.5
• /
• pp.69-75
• /
• 2018

The purpose of access control is to prevent computing resources from illegal behavior such as leakage, modification, and destruction by unauthorized users. As the cloud computing environment is expanded to resource sharing services using virtualization technology, a new security model and access control technique are required to provide dynamic and secure cloud-based computing services. The virtualization management convergence access control model provides a flexible user authorization function by applying the dynamic privilege assignment function to the role based access control mechanism. In addition, by applying access control mechanism based on security level and rules, we solve the conflict problem in virtual machine system and guarantee the safeness of physical resources. This model will help to build a secure and efficient cloud-based virtualization management system and will be expanded to a mechanism that reflects the multi-level characteristics.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.10
• /
• pp.169-177
• /
• 2007

Existing wireless access (mobile) routers are based commonly on the network address and port translation (NAPT) technique which permits simultaneously sharing a subscriber's connection to the network with multiple users. However, the NAPT architecturally makes the users invisible on the network side, thus becoming a user-oriented connection technique. In this paper, we propose a novel service provider-oriented unlicensed nomadic access relay station (WiNNERS) for helping wireless broadband network service providers to make their business more lucrative by accommdating unlicensed band users as subscribers into their network. The WiNNERS offers service providers the capability to directly manage each of the unlicensed band users at the network side. This direct management allows the service providers to flexibly and simply handle QoS, access control, and billing for each user. In order to distinguish each of the unlicensed band users the WiNNERS constructs a virtual tunnel from each user's terminal to the network access router using connection identifiers which is defined for service flow management within the WiBro system, Consequently, our proposed service provider-oriented relay station can be included into the WiBro network system with minimum modifications.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.