• Proceedings of the Korean Institute Of Construction Engineering and Management
• /
• 2007.11a
• /
• pp.832-835
• /
• 2007

The purpose of this study is to suggest the on-the-spot survey method of road occupation information. The on-the-spot survey method is proposed through the analysis of information searching function, document and process. The decision of road occupation permission and the grasp of illegal occupation status are closely connected with national rights and interests. To keep the road occupation permission and illegal occupation status, the easy acquisition of road occupation information is very important. But the person in charge of road occupation have a difficulty in obtaining occupation information because that information is still managed by paper drawing. Accordingly. this study develop the on-the-spot survey tool of road occupation using the occupation information that is managed by Construction Authorization & Permission System and the mobile techniques like UMPC. As the result of this study. the efficiency on the authorization. permission. and public grievance of construction project has improved

• Proceedings of the Korea Contents Association Conference
• /
• 2014.06a
• /
• pp.221-222
• /
• 2014

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.12
• /
• pp.699-707
• /
• 2003

RBAC is accepted as a more advanced control method than existing DAC and MAC. Studies on the permission-role part of RBAC model are relatively insufficient compared with those on the user-role part, and researches on symmetric RBAC models to overcome this is also in an incipient stage. Therefore there is much difficulty in assigning permissions suitable for roles. This paper proposes an symmetric RBAC model that supplements the constraints on permission assignment set forth by previous studies. The proposed symmetric RBAC model reflects the conflicts of interests between roles and the sharing and integration of permissions on the assignment of permissions by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration. In addition, by expressing constraints prescribing prerequisite relations between dynamic permissions through AND/OR graphs, it is possible to effectively limit the complicated prerequisite relations of permissions. The constraints on permission assignment for the proposed symmetric RBAC model reduce errors in permission assignment by properly detailing rules to observe at the time of permission assignment.

• International Journal of Advanced Culture Technology
• /
• v.10 no.2
• /
• pp.225-232
• /
• 2022

When we drive a vehicle in an IoT environment, there is a problem in that information of car users is collected without permission. The security measures used in the existing wired network environment cannot solve the security problem of cars running in the Internet of Things environment. Information should only be shared with entities that have been given permission to use it. In this paper, we intend to propose a method to prevent the illegal use of vehicle information. The method we propose is to use attribute-based encryption and dynamic threshold encryption. Real-time processing technology and cooperative technology are required to implement our proposed method. That's why we use fog computing's proxy servers to build smart gateways in cars. Proxy servers can collect information in real time and then process large amounts of computation. The performance of our proposed algorithm and system was verified by simulating it using NS2.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• Journal of The Korean Society of Grassland and Forage Science
• /
• v.42 no.1
• /
• pp.32-40
• /
• 2022

In this study, the appropriate unit cost in grassland establishment was redeveloped by the grassland establishment method and work criteria. The grassland establishment method was divided into tillage establishment (all logging) and no-tillage establishment (all logging and partial logging). The price for the work criteria by the establishment method was presented for each permission/authorization and establishment work. In permission/authorization for grassland establishment, the cost of each work criteria was of environmental impact (small scale environmental impact) assessment, disaster impact assessment, cadastral serving fee, forest survey, and connection fee for control of mountainous districts. In establishment was of logging, cleaning/gruffing, plowing/soil preparation, seeding, fertilization, livestock manure compost, seed, herbicide, labor cost (fertilizer, seed and herbicide), soil consolidation, cattle trail, and fence. The unit cost of grassland establishment was KRW 115,894,212 for the tillage establishment, and KRW 110,281,572 and KRW 106,680,122 for the all and partial logging of the no-tillage establishment, respectively. The current study redeveloped the establishment method, work criteria, and estimation of the unit cost of grassland establishment. It can be usefully used to carry out government projects to support related to establishment and maintenance of grassland.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2550-2572
• /
• 2023

Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a wide range of people involved, a large number of data collected, strong requirements for information disclosure and high timeliness of data processing; 2) the epidemiological survey data need to be disclosed at different institutions and the use of data has different permission requirements. As a result, it easily causes personal privacy disclosure. Therefore, traditional access control technologies are unsuitable for the privacy protection of epidemiological survey data. In view of these situations, we propose a black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data. Firstly, a black box-assisted multi-attribute authority management mechanism without a trusted center is established to avoid authority deception. Meanwhile, the establishment of a master key-free system not only reduces the storage load but also prevents the risk of master key disclosure. Secondly, a sensitivity classification method is proposed according to the confidentiality degree of the institution to which the data belong and the importance of the data properties to set fine-grained access permission. Thirdly, a hierarchical authorization algorithm combined with data sensitivity and hierarchical attribute-based encryption (ABE) technology is proposed to achieve hierarchical access control of epidemiological survey data. Efficiency analysis and experiments show that the scheme meets the security requirements of privacy protection and key management in epidemiological survey.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

• The Korean Journal of Air & Space Law and Policy
• /
• v.29 no.1
• /
• pp.67-95
• /
• 2014

Some Contracting States of the Chicago Convention issue FAOC(Foreign Air Operator Certificate) and conduct various safety assessments for the safety of the foreign operators which operate to their state. These FAOC and safety audits on the foreign operators are being expanded to other parts of the world. While this trend is the strengthening measure of aviation safety resulting in the reduction of aircraft accident. FAOC also burdens the other contracting States to the Chicago Convention due to additional requirements and late permission. EASA(European Aviation Safety Agency) is a body governed by European Basic Regulation. EASA was set up in 2003 and conduct specific regulatory and executive tasks in the field of civil aviation safety and environmental protection. EASA's mission is to promote the highest common standards of safety and environmental protection in civil aviation. The task of the EASA has been expanded from airworthiness to air operations and currently includes the rulemaking and standardization of airworthiness, air crew, air operations, TCO, ATM/ANS safety oversight, aerodromes, etc. According to Implementing Rule, Commission Regulation(EU) No 452/2014, EASA has the mandate to issue safety authorizations to commercial air carriers from outside the EU as from 26 May 2014. Third country operators (TCO) flying to any of the 28 EU Member States and/or to 4 EFTA States (Iceland, Norway, Liechtenstein, Switzerland) must apply to EASA for a so called TCO authorization. EASA will only take over the safety-related part of foreign operator assessment. Operating permits will continue to be issued by the national authorities. A 30-month transition period ensures smooth implementation without interrupting international air operations of foreign air carriers to the EU/EASA. Operators who are currently flying to Europe can continue to do so, but must submit an application for a TCO authorization before 26 November 2014. After the transition period, which lasts until 26 November 2016, a valid TCO authorization will be a mandatory prerequisite, in the absence of which an operating permit cannot be issued by a Member State. The European TCO authorization regime does not differentiate between scheduled and non-scheduled commercial air transport operations in principle. All TCO with commercial air transport need to apply for a TCO authorization. Operators with a potential need of operating to the EU at some time in the near future are advised to apply for a TCO authorization in due course, even when the date of operations is unknown. For all the issue mentioned above, I have studied the function of EASA and EU Regulation including TCO Implementing Rule newly introduced, and suggested some proposals. I hope that this paper is 1) to help preparation of TCO authorization, 2) to help understanding about the international issue, 3) to help the improvement of korean aviation regulations and government organizations, 4) to help compliance with international standards and to contribute to the promotion of aviation safety, in addition.