• The Journal of Information Technology
• /
• v.6 no.1
• /
• pp.11-20
• /
• 2003

With the development of Information Communication Technique, electronic commerce using PKIs is widely used over the Internet. The goal of access control is to counter the threat of unauthorized operations involving Web-server or data base systems. The RBAC(Role-Based Access Control) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls. In this paper we propose two methods, the RBAC system using attribute certificates and the RBAC system using SPKI certificates. And we analyze and compare the two methods.

• Journal of Korean Academy of Nursing
• /
• v.49 no.2
• /
• pp.171-180
• /
• 2019

Purpose: The Korean Triage and Acuity Scale (KTAS) is a tool used to classify the severity and urgency of emergency department (ED) patients, focusing on their symptoms. In consideration of the importance of the KTAS, a web-based learning program has emerged as a new mode of education; it enables ED triage nurses to access it anytime and anywhere, and according to their own learning abilities. This study aimed to develop a web-based KTAS learning program and evaluate its effects on self-efficacy and triage performance ability in ED nurses. Methods: A quasi-experimental design with a non-equivalent control group pretest-posttest was used. The conceptual framework was Bandura's self-efficacy theory. There were 30 participants in the experimental group and 29 in the control group. The experimental group attended an orientation and 4 sessions of a web-based KTAS learning program. The learning program lasted 280 minutes over five weeks, consisting of 40 minutes of orientation and four 60-minute sessions. Results: The scores of self-efficacy, triage performance ability in KTAS level, and chief complaints significantly increased in the experimental group compared to the control group. In addition, the numbers of under-triage in KTAS significantly decreased in the experimental group in comparison to the control group. Conclusion: The results suggest that the learning program was effective in improving ED nurses' level of self-efficacy and triage performance ability (KTAS level and KTAS chief complaint). Accordingly, the web-based KTAS learning program can be applied as an education intervention to improve ED nurses' triage skill.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.208-210
• /
• 2001

본 논문은 기존에 운영되고 있는 접근 제한을 고려하지 않고 만들었던 웹사이트를 회전 접근 관리가 가능한 웹사이트로 확장하는 방법을 제안한다. 제시하는 방법은 확장에 필요한 모듈들을 컴포넌트 방식으로 추가하여 기존의 사이트의 수정이 필요 없이 회원관리가 가능하도록 한다. 특히 기존의 ACL(Access Control List)에 없는 새로운 방식인 Resource Grouping 방식을 제시하여 좀더 체계적이고 일괄적인 리소스 관리가 가능하게 한다. 이 Resource Grouping 방식은 Simple Resource Grouping, Resource Grouping With Attributes, Resource Grouping with Parameter로 세부 분류되어 소개된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• The Journal of the Korea Contents Association
• /
• v.8 no.11
• /
• pp.25-32
• /
• 2008

Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. In terms of XML documents, it is necessary to describe policies more flexibly beyond simple authorization and to consider access control methods which can be selected. This paper describes and designs the access control policy system for authorization for XML document access and for efficient management to suggest a way to use the capacity of XML itself. The system in this paper is primarily characterized by consideration of who would exercise what access privileges on a specific XML document and by good adjustment of organization-wide demands from a policy manager and a single document writer.

• The Journal of the Korea Contents Association
• /
• v.6 no.1
• /
• pp.137-142
• /
• 2006

As a large quantity of information is represented in XML format on the web, there are increasing demands for XML security. Until now research on XML security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex, however, XML security comes to involve not only network security but also managerial security. But XML encryption support only simple network security. So it cannot support multiple users and multiple access control policy. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can support multiple authorization of multiple users with integrating access control.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.464-466
• /
• 2021

Currently, most companies have security solutions such as firewalls or WAF (Web Application Firewall) for web services, cloud systems, and data centers. Recently, as the need for remote access increases, the task of overcoming the security vulnerabilities of remote access control is becoming more important. In this paper, the concept of the network security model from the perspective of zero trust and the strategy and security system using it will be reviewed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.3-15
• /
• 2005

As a large quantity of information is presented in XML format on the web, there are increasing demands for XML security. Research area or n security is about Encryption Digital signature, Key management and Access control. until now research on U security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex XML security comes to involve not only network security but also managerial security. Managerial security is guaranteed through access control. But XML Encryption supports simple network security. So it can't support multiple users and multiple access control policies. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can supper multiple authorizations of multiple users with integrating access control. And this can reduce the cost of evaluation process of the existing complicated access authorization with pre-processing.

• 제어로봇시스템학회:학술대회논문집
• /
• 2001.10a
• /
• pp.44.1-44
• /
• 2001

This paper discusses the interacting mobile robots for tele-operation system using the world wide web. In multi-agent and web-based teleoperation environment the problem of communication delay must be solved for the efficient and robust control of the system. The standard graphic user interface(GUI)is implemented using Java Programing language. The web browser is used to integrate the virtual environment and the standard GUI(Java applet) in a single user interface. Users can access a dedicated WWWserver and download the user interface. Reinforcement learning is applied to indirect control in order to autonomously operate without the need of human intervention. Java application has been developed to communicate and control multi robots using WWW. The effectiveness of our multi robots system is verified by simulation and experiments ...

• Proceedings of the IEEK Conference
• /
• 2002.06e
• /
• pp.197-200
• /
• 2002

This paper is about a system development which control and monitor a PLC of the remote-distance through the Internet using the web-browser. In general, the PLC uses its own communication protocol of PLC Manufacture. It is actually impossible to be used through the Internet, because the PLC communication protocol is basically developed to be suitable for short-distance. Therefore, what we need is a transformation system which can convert the PLC communication protocol into the form which can connect to the Internet. In that sense, this paper is that about remote-control method through the WWW ( World Wide Web ). This system have three characteristics. First, it is possible to connect the Internet directly irrespective of CPU, Operating system and browser. Second, it is easy for user to access and treat. Third, it needs only HTML to operate without java or plug-in expansion. In this paper, we will introduce the monitoring and control system of PLC on the Linux with the Apache web-server.