• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권11호
• /
• pp.2254-2271
• /
• 2011

Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.

• Journal of Korean Neurosurgical Society
• /
• 제61권6호
• /
• pp.707-715
• /
• 2018

Objective : To investigate the potential risk of approach-related complications at different access angles in minimally invasive lateral lumbar interbody fusion. Methods : Eighty-six axial magnetic resonance images were obtained to analyze the risk of approach-related complications. The access corridor were simulated at different access angles and the potential risk of neurovascular structure injury was evaluated when the access corridor touching or overlapping the corresponding structures at each angle. Furthermore, the safe corridor length was measured when the corridor width was 18 and 22 mm. Results : When access angle was $0^{\circ}$, the potential risk of ipsilateral nerve roots injury was 54.7% at L4-L5. When access angle was $45^{\circ}$, the potential risk of abdominal aorta, contralateral nerve roots or central canal injury at L4-L5 was 79.1%, 74.4%, and 30.2%, respectively. The length of the 18 mm-wide access corridor was largest at $0^{\circ}$ and it could reach 44.5 mm at L3-L4 and 46.4 mm at L4-L5. While the length of the 22 mm-wide access corridor was 42.3 mm at L3-L4 and 44.1 mm at L4-L5 at $0^{\circ}$. Conclusion : Changes in the access angle would not only affect the ipsilateral neurovascular structures, but also might adversely influence the contralateral neural elements. It should be also noted to surgeons that alteration of the access angle changed the corridor length.

• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제22권9호
• /
• pp.441-448
• /
• 2016

의료 정보시스템에서 널리 이용되는 역할기반접근제어는 승인된 권한을 오용/남용하여 비정상적인 접근 시도가 가능하다. 이를 해결하기 위해서는 접근 요청이 얼만큼의 위험도를 가지고 있는지 치료정보에 기반한 위험도의 평가가 필요하다. 따라서, 본 논문에서는 환자의 치료정보와 접근되는 정보객체간의 네트워크 연관성 분석을 수행하여 치료정보기반 위험도 평가 방법을 제안하고자 한다. 즉, 위험도 산출은 업무와 관련이 적은 접근의 탐지와 내부자의 정보 유출 위협을 판단할 수 있는 초기 지표로 활용하였고, 분석의 정확도 검증을 위하여 실제 의료정보시스템의 대용량 실증 데이터를 활용하였다.

• 한국멀티미디어학회논문지
• /
• 제20권5호
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• 한국임상약학회지
• /
• 제28권2호
• /
• pp.124-130
• /
• 2018

Objective: This study examined the Risk Sharing Agreement (RSA) on pharmaceutical pricing system in Korean national health insurance. Through RSA, the insurer was able to maintain the principles in the price listing process while managing the budget effectively and improving patient access to new drugs. Despite these positive effects, there are still issues raised by some stakeholders, such as lack of transparency in the listing process and doubts about its effectiveness. Therefore, we investigated the impacts of RSA on national health insurance financing and patient access to analyze the effects of RSA. Methods: The impact of RSA was investigated by analyzing the health insurance claims data for 2014~2016. The degree of improvement in patient access was determined by the decreased amount of patients' payment. Results: Results showed that the financial impact of RSA was not significant and patients' access to the new drug greatly improved. Conclusion: These results show that RSA is a good system for improving patient access to new drugs without additional expense on insurance.

• 한국안전학회지
• /
• 제26권3호
• /
• pp.63-68
• /
• 2011

Access-control of hazard zone in a steel manufacturing industry is studied in terms of safety management. Based on the results of risk evaluation for hazard zone, three risk zones with low, middle and high level are categorized. These zones have different color door and locking shape depending on their risk levels. At the high level, red door and key-based locking system are employed to accessed-controled path. Furthermore, tagout, lockout, interlock system for emergency stop, warning and flashing are also introduced. New standardized procedure of access-control for various hazard zones, which could help to greatly contribute to the prevention of accidents in advance, is proposed considering the risk level and the condition of given hazard zones. The standardized procedure of access-management suggested in this study will take an effective role as one of safety guide lines for hazardous workshop of manufacturing industries.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2007년도 춘계학술발표대회
• /
• pp.1107-1109
• /
• 2007

Context-based access control is an emerging approach for modeling adaptive solution, making access control management more flexible and powerful. However, these strategies are inadequate for the increased flexibility and performance that ubiquitous computing environment requires because such systems can not utilize effectively all benefit from this environment. In this paper, we propose a solution based on risk to make use of many context parameters in order to provide good decisions for a safety environment. We design a new model for risk assessment in ubiquitous computing environment and use risk as a key component in decision-making process in our access control model.

• Journal of Information Processing Systems
• /
• 제12권2호
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

• 정보처리학회논문지C
• /
• 제17C권1호
• /
• pp.15-26
• /
• 2010

'페이스북'이나 '마이스페이스'같은 소셜 네트워크는 사람들끼리 관심사를 공유하거나 인간관계를 유지 확장할 수 있는 유용한 도구로 인식되고 있다. 그러나 한편으로 소셜 네트워크를 통해 개인정보가 유출될 위험이 있으므로 이를 해결할 수 있는 방안이 필요하다. 기존 소셜 네트워크 사이트들이 접근 제어 방식을 통해 사용자 스스로 자신의 정보를 보호토록 하고 있으나 접근을 허용한 사람을 통해 제삼자로의 정보 유출이 가능하다는 점에서 효과적인 해결책이 되지 못한다. 온라인 소셜 네트워크의 특성 상 자신이 잘 알지 못하는 사람에게 정보 접근을 허용하는 경우가 자주 발생하는 데 여기에는 정보 유출의 가능성이 내포되어 있다. 이러한 문제에 대한 해결책으로 타인에 대한 신뢰도에 기반을 둔 접근제어 방법이 사용될 수 있으나 이러한 방식 또한 정보 유출의 객관적 위험성을 반영하지 못한다는 한계를 가진다. 이에 본 논문은 이러한 문제에 대한 해결책으로 신뢰도와 정보 유출 위험도를 합성한 지표를 기반으로 접근 제어를 수행하는 방법을 제안하였으며, 다양한 실험을 통해 정보 유출 위험도가 온라인 소셜 네트워크에서의 접근 제어에서 중요한 역할을 할 수 있음을 보였다.

• 정보보호학회논문지
• /
• 제25권2호
• /
• pp.343-361
• /
• 2015

국내 금융권은 은행창구를 통해 전통적 수신, 여신 상품을 판매하던 구조에서 금융 소비채널의 변화 및 금융상품의 패러다임 변화를 겪으며 무한경쟁시대로 진입하고 있다. 이에 따라, 금융서비스의 개인화는 점점 가속화되고 있으며, 금융 관련 개인정보의 가치는 더욱 높아지고 있다. 2014년 카드사 정보유출사고에서 보았듯이, 대부분의 대형 금융관련 정보유출 사고는 해당 정보에 접근 권한을 가진 인력에 의해 발생한다. 따라서, 이러한 대량의 금융 관련 개인정보에 접근 권한이 있는 인력에 대한 기존의 정보 접근 통제정책 적용기준에 문제는 없는지 확인해 볼 필요가 있으며, 보안사고의 위험도에 영향을 미치는 요인에 따라 정보 접근 통제정책을 보완할 필요가 있다. 본 논문에서는 직무상 대량의 금융 정보에 접근 권한이 필요한 금융IT인력에 대해 직무, 직책 및 접근 정보의 민감도를 기준으로 보안사고의 위험도 측정에 필요한 영향 요인이 무엇인지 양적분석을 수행하고, 분석결과를 반영한 정보 접근 통제정책을 실무적 사례에 적용해 봄으로써 금융IT인력의 보안사고 위험도를 최소화할 수 있는 방안을 제시한다.