• Title/Summary/Keyword: multilevel security

Search Result 42, Processing Time 0.021 seconds

A Study on the Multilevel Electronic Commerce Security using Scalable Multicast (확장 멀티캐스트를 이용한 다중레벨 전자상거래 보안에 관한 연구)

  • 서장원
    • The Journal of Society for e-Business Studies
    • /
    • v.7 no.1
    • /
    • pp.66-74
    • /
    • 2002
  • Through the increment of requirement for EC(Electronic Commerce) oriented communication services, security multicast communications is becoming more important. However, multicast to EC environment is much different from unicast concept most network security protocols. On the network security, using mandatory access control of multilevel architecture which assigns a specific meaning to each subject, so we accomplish access control. In this way, access control security based on the information security level is proposed. A security protocol based on the architecture proposed in this paper would be utilized in security multicast communications, group key management service and leveled security service through multilevel EC security policy, Also we discuss and propose the security level scaleability and key management method on the network.

  • PDF

THE MULTILEVEL SECURITY PROBLEM OVER CLASS SEMIGROUPS OF IMAGINARY QUADRATIC NON-MAXIMAL ORDERS

  • KIM, YONGTAE
    • Honam Mathematical Journal
    • /
    • v.28 no.2
    • /
    • pp.185-196
    • /
    • 2006
  • A scheme based on the cryptography for enforcing multilevel security in a system where hierarchy is represented by a partially ordered set was first introduced by Akl et al. But the key generation algorithm of Akl et al. is infeasible when there is a large number of users. In 1985, MacKinnon et al. proposed a paper containing a condition which prevents cooperative attacks and optimizes the assignment in order to overcome this shortage. In 2005, Kim et al. proposed key management systems for multilevel security using one-way hash function, RSA algorithm, Poset dimension and Clifford semigroup in the context of modern cryptography. In particular, the key management system using Clifford semigroup of imaginary quadratic non-maximal orders is based on the fact that the computation of a key ideal $K_0$ from an ideal $EK_0$ seems to be difficult unless E is equivalent to O. We, in this paper, show that computing preimages under the bonding homomorphism is not difficult, and that the multilevel cryptosystem based on the Clifford semigroup is insecure and improper to the key management system.

  • PDF

A Design of Network Security Kernel for Multilevel Secure Message Handling on the Distributed Network (분산 네트워크상에서 다중등급보안 메세지 처리를 위한 네트워크 보안 커널의 설계)

  • 홍기융;조인준;김동규
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.203-211
    • /
    • 1994
  • 본 논문에서는 다중 등급의 기밀성을 갖는 메세지의 보호를 위한 보안 특성 함수와 보안 오퍼레이션을 제시하였으며, 이를 구현하기 위한 네트워크 보안 커널의 구조를 설계하였다. 제안한 네트워크 보안 커널은 분산 네트워크상에서 다중등급보안 메세지를 안전하게 보호할 수 있도록 하는 분리된 (Isolated) 보호 기능을 제공한다.

  • PDF

A Two-way Donation Locking Protocol for Concurrency Control in Multilevel Secure Database (다단계 보안 데이터베이스에서 동시성 제어를 위한 양방향 기부 잠금 규약)

  • 김희완;이혜경;김응모
    • The KIPS Transactions:PartD
    • /
    • v.8D no.1
    • /
    • pp.24-31
    • /
    • 2001
  • In this paper, we present an advanced transaction scheduling protocol to improve the degree of concurrency and satisfy the security requirements for multilevel secure database. We adapted two-phase locking protocol, namely traditional syntax-oriented serializability notions, to multilevel secure database. Altruistic locking, as an advanced protocol, has attempted to reduce delay effect associated with lock release moment by use of the idea of donation. An improved form of altruism has also been deployed for extended altruistic locking OffiLl. This is in a way that scope of data to be early released is enlarged to include even data initially not intended to be donated. We also adapted XAL to multilevel secure database and we first of all investigated limitations inherent in both altruistic schemes from the perspective of alleviating starvation occasions for transactions in particular of short-lived nature for multilevel secure database. Our protocol is based on extended altruistic locking for multilevel secure database (XAL/MLS), but a new method, namely two-way donation locking for multilevel secure database (2DL!/-MLS), is additionally used in order to satisfy security requirements and concurrency. The efficiency of the proposed protocol was verified by experimental results.

  • PDF

Concurrency Control with Dynamic Adjustment of Serialization Order in Multilevel Secure DBMS (다단계 보안 데이타베이스에서 직렬화 순서의 동적 재조정을 사용한 병행수행 제어 기법)

  • Kim, Myung-Eun;Park, Seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.1
    • /
    • pp.15-28
    • /
    • 1999
  • In Multilevel Secure Database Management System(MLS/DBMS), we assume that system has a security clearance level for each user and a classification level for each data item in system and the objective of these systems is to protect secure information from unauthorized user. Many algorithms which have been researched have focus on removing covert channel by modifying conventional lock-based algorithm or timestamp-based algorithm. but there is high-level starvation problem that high level transaction is aborted by low level transaction repeatedly. In order to solve this problem, we propose an algorithm to reduce high-level starvation using dynamic adjustment of serialization order, which is basically using orange lock. Because our algorithm is based on a single version unlike conventional secure algorithms which are performed on multiversion, it can get high degree of concurrency control. we also show that it guarantees the serializability of concurrent execution, and satisfies secure properties of MLS/DBMS.

Extended Role Based Access Control Model with Multilevel Security Control (다단계 보안통제가 가능한 확장된 역할기반 접근통제 모델)

  • Kim, Hak-Beom;Hong, Gi-Yung;Kim, Dong-Gyu
    • The Transactions of the Korea Information Processing Society
    • /
    • v.7 no.6
    • /
    • pp.1886-1902
    • /
    • 2000
  • RBAC(Role Based Access Control) is an access control method based on the user's roles and it provides more flexibility and applicability on the various computer and network security fields than DAC(Discretionary Access Control) or MAC(Mandator Access Control). In this paper, e newly propose ERBAC\ulcorner(Extended RBAC\ulcorner) model by considering subject's and object's roles and security levels for roles additionally to RBAC\ulcorner model which is firstly proposed by Ravi S. Sandhu as a base model. The proposed ERBAC\ulcorner model provides finer grained access control with multilevel security on he base of subject and object level than RBAC\ulcorner model.

  • PDF

Transactions Ordering based Secure Concurrency Control Scheme (트랜잭션 순서 기반 보안 동시성 제어 기법)

  • Lee Won-Sup;Lee Sang-Hee
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.5 s.37
    • /
    • pp.57-64
    • /
    • 2005
  • While the secure concurrency control schemes in multilevel secure database management systems synchronize transactions cleared at different security level they must consider the problem covert channel. although previous works achieve the confidentiality successfully, they overlook the integrity or the availability. For being evaluated as highly secure database systems , the multilevel secure database management systems must achieve the confidentiality, integrity, and the availability that are the well-known major security aspects. By use of verified transactions ordering relationship, in this Paper, we Propose a new secure concurrency control scheme that is capable of increasing the degree of fairness among transactions cleared at different security levels.

  • PDF

The Operational Semantics of Extended Relations for Multilevel Security (다단계 보안을 위한 확장 릴레이션의 운영 의미론)

  • Cho, Wan-Soo;Bae, Hae-Young
    • The Transactions of the Korea Information Processing Society
    • /
    • v.3 no.1
    • /
    • pp.87-94
    • /
    • 1996
  • In order to design an extended relational database management system supporting multilevel security, the standard relational data model is extended and new relational integrity constrains are proposed for the model. The extended relational model and proposed multilevel integrity constraniants maintain database in consistent state and produce a basis that can eliminat eambiguity of entity and relation ship representations bypoly instantiation. The proposed up dates emantics canincreases the efficiency of up date operations by supporting multilevel entry and up dates. The semantics also provides a basis for the implementation of decomposition of extended relations.

  • PDF

Polyinstantiation for spatial data for multilevel secure spatial database (다단계 보안 공간 데이터베이스를 위한 공간 다중인스턴스화)

  • 오영환;이재동;임기욱;배해영
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.1
    • /
    • pp.43-54
    • /
    • 2001
  • In this paper we study the use of polyinstantiation for spatial data, for the purpose of solving cover in topology channel in multilevel secure spatial database systems. Spatial database system with topological structure has a number of spatial analysis function using spatial data and neighbored one\`s each other. But. it has problems that information flow is occurred by topological relationship in spatial database systems. Geographic Information System(CIS) must be needed mandatory access control because there ,are many information flow through positioning information And topological relationship between spatial objects. Moreover, most GIS applications also graphe user interface(GUI). In addressing these problems, we design the MLS/SRDM(Multi Level Security/Spatial Relational Data Model) and propose polyinstantiation for spatial data for solving information flow that occurred by toplogical relationship of spatial data.

The extension of the IDEA Methodology for a multilevel secure schema design (다단계 보안 스키마 설계를 위한 IDEA 방법론의 확장)

  • Kim, Jung-Jong;Park, Woon-Jae;Sim, Gab-Sig
    • The Transactions of the Korea Information Processing Society
    • /
    • v.7 no.3
    • /
    • pp.879-890
    • /
    • 2000
  • Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새? Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

  • PDF