• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1397-1400
• /
• 2005

Multiprotocol Label Switching is an initiating IETF that integrated Layer2 information network links(bandwidth, latency, utilization) to Layer 3(IP) with a particular autonomous system(or ISP) in order to simplify and improve IP-packet exchange. MPLS gives network operators a grate deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks. The MPLS has advantages that will be able to solve existing problem of Network that ISP have had IP, QoS, Gigabit forwarding and traffic engineering. The purpose of this study is to measure Access-list and the capacities of PE Router that would operate as MPLS. Many ISP using MPLS service to handle high-speed internet traffic with apply to firewall in future.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.466-468
• /
• 2002

웹서비스의 등장으로 XML이 기반기술로서 자리 매김하고 있는 현재, XML을 이용하여 여러 표준기술을 제정하려는 움직임이 많아지고 있다. XACML은 접근제어 리스트(access control list)를 통해 보안이 요구되는 자원에 대해 미세한 접근 제어 서비스를 제공할 수 있는 XML 기반의 언어이다. XACML은 SAML PDP(Policy Decision Point)의 일부로서 역할을 수행 할 수 있으며 각 정의에 따라 각각의 사용자 별 XML 문서 접근 정책을 수립하고 적용 할 수 있다. 본 논문에서는 XML기반의 Access Control 표준인 XACML에 대하여 분석하고 적용방법에 대하여 연구하였다.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.8 no.1
• /
• pp.11-30
• /
• 2004

Access Control is one of essential branches to provide system's security. Depending on what standards we apply, in general, there are Role-based access control, History-based access control. The first is based on subject's role, The later is based on subject's history. In fact, RBAC has been implemented, we are using it by purchasing some orders through the internet. But, HBAC is so complex that there will occur some errors on the system. This is more and more when HBAC is used with other access controls. So HBAC's formalization and model which are general enough to encompass a range of policies in using more than one access control model within a given system are important. To simplify these, we design the mathematical model called non-access structure. This Non-access structure contains to historical access list. If it is given subjects and objects, we look into subject grouping and object relation, and then we design Non-access structure. Then we can determine the permission based on history without conflict.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.79-90
• /
• 2017

If digital forensic investigators can utilize file access logs when they audit insider information leakage cases or incident cases, it would be helpful to understand user's behaviors more clearly. There are many known artifacts related to file access in MS Windows. But each of the artifacts often lacks critical information, and they are usually not preserved for enough time. So it is hard to track down what has happened in a real case. In this thesis, I suggest a method to utilize SACL(System Access Control List) which is one of the audit functions provided by MS Windows. By applying this method of strengthening the Windows's audit settings, even small organizations that cannot adopt security solutions can build better environment for conducting digital forensic when an incident occurs.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.284-287
• /
• 2002

본 논문에서는 제안하는 AC(Attribute Certificate)를 이용하여 Web 상에서의 권한을 제어하는 방식은 기존의 아이디/패스워드 방식의 사용자 인증보다 좀더 안전하게 사용자에 대한 권한을 관리할 수 있다. 기존의 방식은 ACL(Access Control List)를 사용하여 권한 인증을 하기 때문에 서버의 자원을 낭비하게 된다. 본 논문에서 제한하는 방식은 Web상에서의 활동 시 AC를 이용하여 사용자를 인증하게 된다. 이러한 인증을 각 서비스 제공자 사이의 AC에 대한 양식을 공유하고 권한 정보를 공유함으로써 많은 서비스 제공자 사이의 DB 문제를 해결하고 제휴된 어느 서비스 제공자에게나 사용자가 자신의 AC를 제공하여 권한을 획득할 수 있다.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.3-10
• /
• 2021

Nowadays, data-based scientific research is a trend, and the transmission of large amounts of data has a great influence on research productivity. To solve this problem, a separate network structure for transmitting large-scale scientific big data is required. ScienceDMZ is a network structure designed to transmit such scientific big data. In such a network configuration, it is essential to establish an access control list(ACL) for users and resources. In this paper, we describe the R&E Together project and the network structure implemented in the actual ScienceDMZ network structure, and define users and services to which access control policies are applied for safe data transmission and service provision. In addition, it presents a method for the network administrator to apply the access control policy to all network resources and users collectively, and through this, it was possible to achieve automation of the application of the access control policy.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.10
• /
• pp.1003-1008
• /
• 2016

Recently hospitals have divided into many divisions, specialized the medical service, and shown organic cooperation, all to provide patients with various and high quality medical service. They have also showed improvement in information protection by introducing an information protection system to regulate the access to patients' medical and personal information. The purpose of this paper is to present a case study to implement of a limited hospital medical information system that can regulate the access to medical information. For this, a router-based virtual network applying an ACL(: Access Control List) to regulate access to information was made using a packet tracer.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.21 no.11
• /
• pp.2850-2861
• /
• 1996

This paper describes the design of AATM switch LIS of shared buffer type with linked-list architecture to control memory access. The proposed switch LSI consists of the buffer memory, controller and FIFO memory blocks and two special circuits to avoid the cell blocking. One of the special circuit is a new address control scheme with linked-list architecture which maintains the address of buffer memory serially ordered from write address to read address. All of the address is linked as chain is operated like a FIFO. The other is slip-flag register it will be hold the address chain when readaddress missed the reading of data. The circuits control the buffer memory efficiently and reduce the cell loss rate. As a result the designed chip operates at 33ns and occupied on 2.7*2.8mm$^{2}$ using 0.8.mu.m CMOS technology.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.847-850
• /
• 2001

본 논문에서는 최근에 많은 관심이 증가하고 있는 보안 운영체제를 위한 접근제어에 대해 기술하고 이 접근제어를 FreeBSD 에 구현한 것에 대해 설명한다. 강제적 접근제어(MAC), 신분 기반 접근제어(DAC), 그리고 역할기반 접근제어(RBAC) 과 같은 접근제어 정책들을 안전한 FreeBSD 운영체제를 위해 접근제어 정책으로 사용하였다. MAC 과 ACL 의 구현은 POSIX1003.le 의 표준에 기준 하였고 RBAC 의 구현은 NIST의 표준을 기준으로 하였다. 강제적 접근제어는 군기관이나 정부 기관의 보안 요구사항들을 만족시켜주지만 보안관리 측면에서는 유동적이지 못한 면이 있다. 반면에 역할기반 접근제어는 상업적 접근제어 정책 요구 사항들을 만족시켜주는 정책으로 유동적이고 다양한 보안 관리 정책의 요구사항들을 만족 시켜준다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10c
• /
• pp.382-384
• /
• 2001

인터넷 사용자의 증가로 인한 서버의 과부하 및 네트워크 응답시간 지연의 대안으로 캐시서버의 사용이 보편화되고 있다. 그러 나, 최근 유해사이트의 급격한 중가로 캐시 서버의 부가 기능인 ACL(Access Control List)또한 중요한 기능의 하나가 되면서 대량의 유해사이트 차단 목록이 캐시 서버의 병목현상을 가중시키고 있다 본 논문에서는 캐시 서버의 대명사격인 Squid의 ACL방식과 대량의 black list를 적용했을 때의 ACL의 regular expression방식의 문제점을 살펴보고, 대량의 black list에 적합한 hash기반 ACL 처리 방식을 제안한다. hash를 이용한 ACL방식은 빠른 검색을 제공하여 캐시 서버의 응답시간에 큰 영향을 주지않기 때문에 캐시서버가 정상적인 서비스를 할 수 있도록 해준다.