• Journal of Korea Port Economic Association
• /
• v.23 no.1
• /
• pp.19-39
• /
• 2007

Korean port developments have been mostly made by the central government. With the introduction of the Port Authority system, however, roles and function assignments of the central government in port development have been in change and the Port Authority has to find a solution for inducement of private investment in port development. This paper has examined the current legal system of port developments and then sought the way for inducement of private capital to improve specialty and efficiency of harbor facilities management and development under Port Authority. As the Ministry of Maritime Affairs and fisheries(MMAF) has two types of legal system for inducement of private investment on port developments, the Port Authorities can also have two types of private finance. Private finances by the Port Authorities has some more critical advantages than the one by the central government. It is also required to change the the administrative permissions and concession agreements which MMAF conveyed to private participants in port developments into the concession agreements between Port Authorities and private participants.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1553-1560
• /
• 2016

In this paper, we design a program that controls the execution permissions for the running application in the Windows system environment. It does not allow general users to execute the program converting the specific location information of the execution program, to any of the bit values with the formal structure information in window program. The converted bit value can be returned to the original bit value in the case of an authorized user, so that the original program can be normally performed. By doing so, it can be more safely used in the risk of reverse engineering for Windows executable program. We implemented the control program for the program execution authority we proposed in this paper, and the experiment was performed. At the results of experiments, it was confirmed that the control function to permit execution for the user program was working properly in the Windows environment.

• Journal of Korean Society of Rural Planning
• /
• v.19 no.4
• /
• pp.73-79
• /
• 2013

As facilities performing the production, processing, preservation, and shipment of agricultural products; agricultural facilities are categorized into planting facilities and livestock facilities based on the management target. Agricultural facilities are set in farmlands, and facility users mainly complain about the legal or institutional restrictions on farm rather than their own facilities itself. From 2009 to 2012, the Ministry of Agriculture Food and Rural Affairs (MAFRA) published the "Casebook of farmer Complaints on Farmlands" in order to help answer farmers' questions and support public workers' workloads. However, contents related to agricultural facility installed in farmland are currently not dealt with in particular. Among agricultural facilities, demands of property rights with livestock facilities have risen due to construction permissions, operational restrictions, and high initial investment costs; and relevant laws were revised and are now being executed. However, for planting facilities such as mushroom facilities, ginseng facilities, and greenhouses; farmer complaints related to property rights are constantly increasing because revisions to relevant laws are not being made despite the rising diversity of construction materials through technical developments as well as the rising scale of assets-i.e. mechanization, automation, and the application of New Regeneration Energies according to capital influx. In this study, the current state of relevant agricultural facility legislation were organized and their drawbacks deduced in order to propose improvements of Agricultural Facility Legislation. The result of interviewing with public workers and farmers show that agricultural facilities should be regarded as extensions of farmlands rather than as facilities built in land where development actions were being taken. Alternatives able to reflect these opinions were suggested through expert consultation.

• Journal of KIISE
• /
• v.42 no.12
• /
• pp.1611-1622
• /
• 2015

Although Android systems provide a permission-based access control mechanism and demand a user to decide whether to install an app based on its permission list, many users tend to ignore this phase. Thus, an improved method is necessary for users to intuitively make informed decisions when installing a new app. In this paper, with regard to the permission-based access control system, we present a novel approach based on a machine-learning technique in order to support a user decision-making on the fly. We apply the K-NN (K-Nearest Neighbors) classification algorithm with necessary weighted modifications for malicious app classification, and use 152 Android permissions as features. Our experiment shows a superior classification result (93.5% accuracy) compared to other previous work. We expect that our method can help users make informed decisions at the installation step.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.330-334
• /
• 2017

Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.649-652
• /
• 2009

Now Broadcasting system of TV has been developed from analogue to digital we call that IPTV(Internet Protocol Television) or DCATV(Digital Cable Television). But, The characteristics of digital broadcasting is the high-quality contents of easily and almost no damage piracy, and Copyright loss is increasing by Internet, P2P(Peer to Peer) and personal path. Nevertheless user's permissions that recorded and reuse of broadcasting can't restraint, And Training Materials etc. use of fair program needs to be separated from illegality. In this paper using a digital certificate permit the use of stored program to authorized user and user of fair purpose, And illegal distribution of restriction design and implement a distribution system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3274-3297
• /
• 2021

Permission delegation is an important research issue in access control. It allows a user to delegate some of his permissions to others to reduce his workload, or enables others to complete some tasks on his behalf when he is unavailable to do so. As an ideal solution for controlling read access on outsourced data objects on the cloud, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has attracted much attention. Some existing CP-ABE schemes handle the read permission delegation through the delegation of the user's private key to others. Still, these schemes lack the further consideration of granularity and traceability of the permission delegation. To this end, this article proposes a flexible and fine-grained CP-ABE key delegation approach that supports white-box traceability. In this approach, the key delegator first examines the relations between the data objects, read permission thereof that he intends to delegate, and the attributes associated with the access policies of these data objects. Then he chooses a minimal attribute set from his attributes according to the principle of least privilege. He constructs the delegation key with the minimal attribute set. Thus, we can achieve the shortest delegation key and minimize the time of key delegation under the premise of guaranteeing the delegator's access control requirement. The Key Generation Center (KGC) then embeds the delegatee's identity into the key to trace the route of the delegation key. Our approach prevents the delegatee from combining his existing key with the new delegation key to access unauthorized data objects. Theoretical analysis and test results show that our approach helps the KGC transfer some of its burdensome key generation tasks to regular users (delegators) to accommodate more users.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.2
• /
• pp.107-114
• /
• 2022

Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.