• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• The Journal of Information Technology
• /
• v.4 no.3
• /
• pp.139-154
• /
• 2001

In current role-based systems, security officers handle assignments of users to roles. This may increase management efforts in a distributed environment because of the continuous involvement from security officers. The technology of role-based delegation provides a means for implementing RBAC in a distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a rule-based framework for user-level delegation model in which a user can delegate role authority by creating new delegation roles. Also, a rule-based language for specifying and enforcing the policies is introduced.

• The Journal of Information Technology
• /
• v.4 no.4
• /
• pp.15-24
• /
• 2001

In current role-based systems, security officers handle assignments of users to roles. This may increase management efforts in a distributed environment because of the continuous involvement from security officers. The role-based delegation provides a means for implementing RBAC in a distributed environment. The basic idea of a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a user-level delegation model, which is based on Extended Role-Based Access Control(ERBAC). ERBAC provides finer grained access control on the base of subject and object level than RBAC model.

• Journal of Internet Computing and Services
• /
• v.5 no.5
• /
• pp.27-37
• /
• 2004

The existing ad hoc network protocols suffer the scalability problem due to the inherent characteristics of node mobility. Cluster-based routing protocols divide the member nodes into a set of clusters and perform a hierarchical routing between these clusters. This hierarchical feature help to improve the scalability of ad hoc network routing. However, previous k-hop cluster-based routing protocols face another problems, that is, control overhead of the cluster headers. This paper proposes a novel k-hop cluster-based routing scheme with delegation functions for mobile ad hoc networks. The scheme employs is based on tree topology to manage cluster members in effectively. The cluster headers do not manage the routing table for whole members, while the header keeps the routing table for its neighbor members and the member list for one hop over nodes within k-hop cluster. Then the in-between leveled nodes manage the nested nodes which is structured in the lower level. Therefore, the proposed mechanism can reduce some control overhead of the cluster leaders.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.18 no.5
• /
• pp.746-756
• /
• 1993

Delegation model supports effective and highly reliable network management. It reduces traffic overhead caused by transmission of management informations. In this model, management scripts can be composed by the designers of managers, these are delegated to agents. Delegation models support effective distribution of management functions among managers and agents. Therefore, various functions are needed to create and delegate management scripts. In this paper, we design simple script language and implement script interpreter for efficient network management. And, we define script management functions and services. Moreover, we present manager/agent models and algorithms for script management. As an implementation environment, the ISODE services are ported. The methods employed for the implementation are also described.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.17 no.11
• /
• pp.1228-1237
• /
• 1992

Network management represents those activities which control and moitor the use of resources. Remote delegation model supports flexible and effective distribution of management functions among managers and agents, and it may cause an reliable network management in a relatively complex and high-speed networks. in this model, managers delegate to agents execution of management programs as prescribed in a management scripting language. In addition, primitives included in the management programs enable agents to monitor and control localmanaged objects effectively. We suggest management algorithms in which management scripts are delegated from managers to agents and partiality implement OSI fault management. This mans gement algorithm can effectively support delegation and control concurrent accesses to management information. Moreover, it can be easily translated into object-based concurrent programming language: ABCL. In this paper, we will scrutinize some essential aspects of this management.

• International Journal of Advanced Culture Technology
• /
• v.7 no.2
• /
• pp.7-12
• /
• 2019

Korea's laws regarding ICT must follow the Void for vagueness doctrine, the Principle of forbidden general delegation, the Principle of justification of system and the Principle of balancing test in the Constitution. The Act for the Promotion and Convergence and so on of Information and Communication in the Future should be improved as follows. It is desirable to improve the part where the principle of system justification of the Constitution is problematic in relation to existing laws. It is desirable to improve the ICT's policies on industry and convergence technologies so that they are well balanced between promotion and regulation of ICT's industries. It is desirable to improve the information service policy and legislative makeup relationship between various government agencies related to ICT. It is therefore desirable to improve the institutional complement to the post-regulatory framework for the protection of users of ICT in the future. It is desirable to create a device to replace the functions of the Information Service Budget Council in the special law of ICT.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.337-346
• /
• 2015

There is great need for efficient user rights management method to provide a flexible service on variety protocols, domains, applications of IoT environments. In this paper, we propose a IoT service platform with CapSG to provide efficient access control for IoT various services of the environment. CapSG uses a token including authentication and access rights to perform authentication and access control service entity providing services. In addition, the generated token for service management, delegation, revocation, and provides a function such as denied. Also, it provides functions such as generation, delegation, disposal and rejection for service token management. In this paper, it provides the flexibility and efficiency of the access control for various services require of the IoT because of it is available to access control specific domain service by using the token group for each domain and is designed to access control using specific service token of tokens group.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.309-321
• /
• 2009

Nowadays, requests of connecting to the Internet while moving are increasing more and more, and various technologies have been developed for satisfying those requests. The IETF nemo WG standardized "Network Mobility Basic Support Protocol" for supporting mobile network through extending existing MIPv6 protocol for supporting host mobility. But, mobile networks can be nested while they are changing their location. And if they are multi -level nested, that causes some problems because of protocol characteristic. In this paper, we try to solve the problem that is complicated routing path caused by multi-level nesting of mobile networks with our limited prefix delegation method. We give a little modification to the standard protocol and add some functions to mobile router. With results from analysis, we could say that our method has better performance than other proposed methods.