• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.135-144
• /
• 2010

Privacy protection can only be achieved by enforcing privacy policies within an enterprise's on and offline data processing systems. There are P-RBAC model and purpose based model and obligations model among privacy policy models. But only these models each can not dynamically deal with the rapidly changing business environment. Even though users are in the same role, on occasion, secure system has to opt for a figure among them who is smart, capable and supremely confident and to give him/her a special mission during a given period and to strengthen privacy protection by permitting to present fluently access control conditions. For this, we propose Integrated Privacy Protection Model based on RBAC. Our model includes purpose model and P-RBAC and obligation model. And lastly, we define high level policy language model based XML to be independent of platforms and applications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.11a
• /
• pp.349-352
• /
• 2006

현재, 대기업이나 중소기업에서는 회사 내 정보보호 및 누출을 막기 위해 데이터 접근 기술을 적용 및 개발하고 있다. 하지만 기존 XML기반 RBAC 접근제어 기술은 회사환경에 적용하기에 무리가 있고 한계를 지나고 있기 때문에 사용자로부터 회사의 기밀정보를 보호하고, 시스템 디바이스에 대한 사용을 제어하기 위해서는 회사는 시스템의 보안 관리자에 의해 관리될 수 있는 보안매커니즘의 확립이 필요하다. 따라서 본 연구에서는 회사 특성에 맞는 데이터 접근방법을 제시하고자 한다. 제안방법은 기존 XML 기반 RBAC 확장하여 사내 데이터 접근환경에서 사용자를 식별할 수 있는 인증 매커니즘과 사용자의 사용권한을 식별하는 인가 메커니즘을 설계 및 구현한다. 또한 각 부서에 성격에 맞는 메시지 프로토콜을 정의하고 제시함으로써 해당 부서에 요청하는 시스템에 따라 다른 정책을 제공할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.23-30
• /
• 2008

Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.684-698
• /
• 2004

The Hippocratic database model recently proposed by Agrawal et al. incorporates privacy protection capabilities into relational databases. Since the Hippocratic database is based on the relational database, it needs extensions to be adapted for XML databases. In this paper, we propose the Hippocratic XML database model, an extension of the Hippocratic database model for XML databases and present an efficient access control mechanism under this model. In contrast to relational data, XML data have tree-like hierarchies. Thus, in order to manage these hierarchies of XML data, we extend and formally define such concepts presented in the Hippocratic database model as privacy preferences, privacy policies, privacy authorizations, and usage purposes of data records. Next, we present a new mechanism, which we call the authorization index, that is used in the access control mechanism. This authorization index, which is Implemented using a multi-dimensional index, allows us to efficiently search authorizations implied by the authorization granted on the nearest ancestor using the nearest neighbor search technique. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 13.6 times over the top-down access control strategy and by up to 20.3 times over the bottom-up access control strategy The major contributions of our paper are 1) extending the Hippocratic database model into the Hippocratic XML database model and 2) proposing an efficient across control mechanism that uses the authorization index and nearest neighbor search technique under this model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.111-122
• /
• 2008

Web service is defined to support interoperable machine to machine interaction over a network and defined as distributed technologies. Recently in web service environment, security has become one of the most critical issues. An attacker may expose user privacy and service information without authentication. Furthermore, the users of web services must temporarily delegate some or all of their behalf. This results in the exposure of user privacy information by agents. We propose a delegation model for providing safety of web service and user privacy in ubiquitous computing environments. In order to provide safety of web service and user privacy, XML-based encryption and a digital signature mechanism need to be efficiently integrated. In this paper, we propose web service management server based on XACML, in order to manage services and policies of web service providers. For this purpose, we extend SAML to declare delegation assertions transferred to web service providers by delegation among agents.

• Journal of Internet Computing and Services
• /
• v.12 no.1
• /
• pp.55-70
• /
• 2011

In this paper, we propose a policy-driven RFID data management event definition language, which is possibly applicable as a partial standard for SSI (Software System Infrastructure) Part 4 (Application Interface, 24791-4) defined by ISO/IEC JTC 1/SC 31/WG 4 (RFID for Item Management). The SSI's RFID application interface part is originally defined for providing a unified interface of the RFID middleware functionality―data management, device management, device interface and security functions. However, the current specifications are too circumstantial to be understood by the application developers who used to lack the professional and technological backgrounds of the RFID middleware functionality. As an impeccable solution, we use the concept of event-constraint policy that is not only representing semantic contents of RFID domains but also providing transparencies with higher level abstractions to RFID applications, and that is able to provide a means of specifying event-constraints for filtering a huge number of raw data caught from the associated RF readers. Conclusively, we try to embody the proposed concept by newly defining an XML-based RFID event policy definition language, which is abbreviated to rXPDL. Additionally, we expect that the specification of rXPDL proposed in the paper becomes a technological basis for the domestic as well as the international standards that are able to be extensively applied to RFID and ubiquitous sensor networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.1211-1214
• /
• 2011

OLAP(On-Line Analytical Processing) 툴은 조직 운영에서 발생하는 데이터의 양이 많아짐에 따라 분석 수요도 함께 급증하며 전문 분석가의 역량만으로는 처리할 수 없는 분석 요구 사항을 충족시키기 위한 툴이다. OLAP 에서는 다양한 사용자가 직접 데이터베이스에 접근하여 대화식으로 질의를 던지고 응답을 받아 분석 업무를 진행할 수 있다. 이렇게 많은 사용자들이 데이터베이스에 직접 접근을 하게 됨에 따라 조직의 민감한 데이터를 지키기 위한 보안 정책이 필수가 되었다. 하지만 기존 연구에서는 OLAP 의 기능적인 분석에 치중하여 MDX(Multidimensional Expressions)와 XMLA(XML for Analysis) 등의 기법으로 기능을 구현하는 것에 그치고 있다. 이에 본 연구에서는 OLAP 보안 관련 연구를 분석하고 보안 모듈을 설계하여 효율적인 정보 보호를 위한 데이터 접근 제어 방법을 제시한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.301-306
• /
• 2004

The Grid VO(Virtual Organization) is temporary VO where gather indivisual, authority, or system resource, differ from previous VO concept that controled by internal principal and policy set. It have many problems in case of indivisuals, authorities, or system resources that became member\ulcorner of some Grid VO at same time and combination followed changing condition of system resource for building Grid VO. This paper propose lightweighted Grid VO authentication system based on XML security to solve the authentication of the problems occuring in building Grid VO. In this paper, Grid VO authentication system is including Grid VO authentication module that is intermediate management system in PH to previous authentication service structure and provide effective authentication service to Grid VO.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.739-743
• /
• 2004

The Grid VO(Virtual Organization) is temporary VO where gather indivisual, authority, or system resource, differ from previous VO concept that controled by internal principal and policy set. It have many problems in case of indivisuals, authorities, or system resources that became member of some Grid VO at same time and combination followed changing condition of system resource for building Grid VO. This paper propose lightweighted Grid VO authentication system based on XML security to solve the authentication of the problems occuring in building Grid VO. In this paper, Grid VO authentication system is including Grid VO authentication module that is intermediate management system in PKI to previous authentication service structure and provide effective authentication service to Grid VO.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.91-98
• /
• 2012

OLAP(On-Line Analytical Processing) is a tool to satisfy the requirements of managing overflowing data analysis. OLAP can provide an interactive analytical processing environment to every end-user. Security policy is necessary to secure sensitive data of organization according to users direct access database. But earlier studies only handled the subject in its functional aspects such as MDX(Multidimensional Expressions) and XMLA(XML for Analysis). This research work is purported for solving such problems by designing and implementing an efficient data access control mechanism for the information security on OLAP. Experimental evaluation result is proposed and its efficiency and accuracy are verified through it.