• Proceedings of the KAIS Fall Conference
• /
• 2007.11a
• /
• pp.270-273
• /
• 2007

본 논문에서는 외부 클라이언트가 홈 네트워크 시스템을 컨트롤 하기위하여 홈 네트워크의 보안요소 중 사용자 인증과 접근제어에 관하여 연구 하였으며 사용자 인증의 인증서는 X.509 v3의 인증서를 기반으로 사용하고 X.509 v3의 확장영역에 사용자의 그룹을 나누어 디바이스를 제어하고 접근이 제한된 디바이스는 ACL(Access Control List)을 추가하여 접근제어를 하는 방법으로 접근이 제한된 사용자와 이를 관리하는 관리자로 나누어 각 디바이스에 대한 접근제안과 외부 공격으로 부터의 안전하게 보호할 수 있게 제안한 논문이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.697-699
• /
• 2015

본 논문에서는 하둡의 인메모리 기반 ACL(access control list)을 RDBMS 기반으로 관리하도록 기존 하둡을 재설계하였다. 기존 하둡은 ACL을 인메모리에서 관리하기 때문에 대용량 ACL 정보를 관리함에 있어 메모리 오버헤드, ACL 정보 관리의 비효율성 등 몇 가지 문제가 발생할 수 있다. 본 논문에서는 ACL 관리에 RDBMS를 사용함으로써 메모리 크기에 종속되지 않으며, 외부 응용 프로그램에서도 쉽고 일관성있게 ACL 정보를 관리할 수 있다. 이 같은 결과에 따라, 본 논문은 빅데이터를 하둡에서 안정하게 관리할 수 있는 우수한 연구 설계 결과라 생각된다.

• International Journal of Knowledge Content Development & Technology
• /
• v.13 no.1
• /
• pp.75-100
• /
• 2023

With research data generation on the rise, Institutional Repositories (IR) are one of the tools to manage it. However, the variety of data practices across institutions, domains, communities, etc., often requires dedicated studies in order to identify the research data management (RDM) require- ments and mapping them to IR features to support them. In this study, we investigated the data practices for a few national universities in North Macedonia, including 110 participants from different departments. The methodology we adopted to this end enabled us to derive some of the key RDM requirements for a variety of data-related activities. Finally, we mapped these requirements to 6 features that our participants asked for in an IR solution: (1) create (meta)data and documentation, (2) distribute, share, and promote data, (3) provide access control, (4) store, (5) backup, and (6) archive. This list of IR features could prove useful for any university that has not yet established an IR solution.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.3
• /
• pp.179-186
• /
• 2012

Nowadays, the multihomed host equipped with multiple network interfaces has been interested research in next generation wireless network, because the mobile users expect that they can be able to access services not only anywhere, at any time and from any network but also simultaneously. This paper addresses the mobility simulation model of the multihomed node for supporting MIPv4 and MIPv6 function in an interworking of Worldwide Interoperability for Microwave Access (WiMAX) and IEEE 802.11 WLAN. The multihomed node with two air interfaces has been developed based on WiMAX and WLAN workstation node model in simulation software. The main point of the developed model is to support both MIPv4 and MIPv6 function, and provide network selection policy for the multihomed node between WiMAX and WLAN network. Based on the received Router Advertisement along with the interface number, we can manage the access interfaces in ordered list to make handover decision while the multihomed node is moving. In the end of this paper, the simulation scenarios and results are shown for testing MIPv4 and MIPv6 function.

• Journal of KIISE
• /
• v.42 no.12
• /
• pp.1611-1622
• /
• 2015

Although Android systems provide a permission-based access control mechanism and demand a user to decide whether to install an app based on its permission list, many users tend to ignore this phase. Thus, an improved method is necessary for users to intuitively make informed decisions when installing a new app. In this paper, with regard to the permission-based access control system, we present a novel approach based on a machine-learning technique in order to support a user decision-making on the fly. We apply the K-NN (K-Nearest Neighbors) classification algorithm with necessary weighted modifications for malicious app classification, and use 152 Android permissions as features. Our experiment shows a superior classification result (93.5% accuracy) compared to other previous work. We expect that our method can help users make informed decisions at the installation step.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.77-85
• /
• 2018

With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with　the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.75-86
• /
• 2014

Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP defines new architecture and security requirement for Release 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-the-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any related research studying HeNB security was not published before. Towards this end, this paper proposes an improved authentication and key agreement mechanism for HeNB which adopts proxy-signature and proxy-signed proxy-signature. Through our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishes minimum distance from use-tolerable authentication delay.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.535-542
• /
• 2001

Mobile codes such as Java, Java-Script, ActiveX, and Script code are loaded into a client system first and then run without any notice to the client user. Executing code by this mechanism may cause various security problems such as flowing out system information, deleting or modifying files, and exhausting system resources. In this paper we propose an integrated authentication system to establish the uniform security countermeasure on various mobile codes. The system helps to solve to problems mentioned above. An integrated authentication system allows to load into an interpreter using ACL (Access Control List) which sets up an access authority to the executable contents and communicates with an interpreter using client/server model.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.155-164
• /
• 2006

VoIP technology is Eight New Services among Ubiquitous-IT839 strategies. This paper tested wiretapping or VoIP service in connected a soft phone and LAN and WAN sections, Internet telephones and a device. IP PBX, a banner operator network to have been connected to VoIP Internet network. As a result of having experimented on wiretapping of VoIP networks, Vulnerability was found. and a wiretapping by attacks of a hacker was succeeded in a terminal and proxy and attachment points of a VoIP network like a hub to follow a CVE list. Currently applied a security plan of an each wiretapping section in viewpoints of 6 security function of Access Control. Confidentiality, Authentication. Availability, Integrity. Non-repudiation in VoIP networks named to 070. Prevented wiretapping of contents by the results, the AES encryption that executed wiretapping experiment about a packet after application of a security plan. Prevented wiretapping, and kept security and audit log. and were able to accomplish VoIP information protection to network monitoring and audit log by an access interception and qualification and message hash functions and use of an incoming refusal.