• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.11
• /
• pp.2254-2271
• /
• 2011

Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.

• Journal of Korean Neurosurgical Society
• /
• v.61 no.6
• /
• pp.707-715
• /
• 2018

Objective : To investigate the potential risk of approach-related complications at different access angles in minimally invasive lateral lumbar interbody fusion. Methods : Eighty-six axial magnetic resonance images were obtained to analyze the risk of approach-related complications. The access corridor were simulated at different access angles and the potential risk of neurovascular structure injury was evaluated when the access corridor touching or overlapping the corresponding structures at each angle. Furthermore, the safe corridor length was measured when the corridor width was 18 and 22 mm. Results : When access angle was $0^{\circ}$, the potential risk of ipsilateral nerve roots injury was 54.7% at L4-L5. When access angle was $45^{\circ}$, the potential risk of abdominal aorta, contralateral nerve roots or central canal injury at L4-L5 was 79.1%, 74.4%, and 30.2%, respectively. The length of the 18 mm-wide access corridor was largest at $0^{\circ}$ and it could reach 44.5 mm at L3-L4 and 46.4 mm at L4-L5. While the length of the 22 mm-wide access corridor was 42.3 mm at L3-L4 and 44.1 mm at L4-L5 at $0^{\circ}$. Conclusion : Changes in the access angle would not only affect the ipsilateral neurovascular structures, but also might adversely influence the contralateral neural elements. It should be also noted to surgeons that alteration of the access angle changed the corridor length.

• KIISE Transactions on Computing Practices
• /
• v.22 no.9
• /
• pp.441-448
• /
• 2016

RBAC(Role-Based Access Control), which is widely used in Medical Information Systems, is vulnerable to illegal access through abuse/misuse of permissions. In order to solve this problem, treatment based risk assessment of access requests is necessary. In this paper, we propose a risk evaluation method based on treatment information. We use network analysis to determine the correlation between treatment information and access objects. Risk evaluation can detect access that is unrelated to the treatment. It also provides indicators for information disclosure threats of insiders. We verify the validity using large amounts of data in real medical information systems.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• Korean Journal of Clinical Pharmacy
• /
• v.28 no.2
• /
• pp.124-130
• /
• 2018

Objective: This study examined the Risk Sharing Agreement (RSA) on pharmaceutical pricing system in Korean national health insurance. Through RSA, the insurer was able to maintain the principles in the price listing process while managing the budget effectively and improving patient access to new drugs. Despite these positive effects, there are still issues raised by some stakeholders, such as lack of transparency in the listing process and doubts about its effectiveness. Therefore, we investigated the impacts of RSA on national health insurance financing and patient access to analyze the effects of RSA. Methods: The impact of RSA was investigated by analyzing the health insurance claims data for 2014~2016. The degree of improvement in patient access was determined by the decreased amount of patients' payment. Results: Results showed that the financial impact of RSA was not significant and patients' access to the new drug greatly improved. Conclusion: These results show that RSA is a good system for improving patient access to new drugs without additional expense on insurance.

• Journal of the Korean Society of Safety
• /
• v.26 no.3
• /
• pp.63-68
• /
• 2011

Access-control of hazard zone in a steel manufacturing industry is studied in terms of safety management. Based on the results of risk evaluation for hazard zone, three risk zones with low, middle and high level are categorized. These zones have different color door and locking shape depending on their risk levels. At the high level, red door and key-based locking system are employed to accessed-controled path. Furthermore, tagout, lockout, interlock system for emergency stop, warning and flashing are also introduced. New standardized procedure of access-control for various hazard zones, which could help to greatly contribute to the prevention of accidents in advance, is proposed considering the risk level and the condition of given hazard zones. The standardized procedure of access-management suggested in this study will take an effective role as one of safety guide lines for hazardous workshop of manufacturing industries.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1107-1109
• /
• 2007

Context-based access control is an emerging approach for modeling adaptive solution, making access control management more flexible and powerful. However, these strategies are inadequate for the increased flexibility and performance that ubiquitous computing environment requires because such systems can not utilize effectively all benefit from this environment. In this paper, we propose a solution based on risk to make use of many context parameters in order to provide good decisions for a safety environment. We design a new model for risk assessment in ubiquitous computing environment and use risk as a key component in decision-making process in our access control model.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.15-26
• /
• 2010

Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.343-361
• /
• 2015

The financial industry in South Korea has witnessed a paradigm shift from selling traditional loan/deposit products to diversified consumption channels and financial products. Consequently, personification of financial services has accelerated and the value of finance-related personal information has risen rapidly. As seen in the 2014 card company information leakage incident, most of major finance-related information leakage incidents are caused by personnel with authorized access to certain data. Therefore, it is strongly required to confirm whether there are problems in the existing access control policy for personnel who can access a great deal of data, and to complement access control policy by considering risk factors of information security. In this paper, based on information of IT personnel with access to sensitive finance-related data such as job, position, sensitivity of accessible data and on a survey result, we will analyze influence factors for personnel risk measurement and apply data access control policy reflecting the analysis result to an actual case so as to introduce measures to minimize IT personnel risk in financial companies.