• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Journal of Institute of Control, Robotics and Systems
• /
• v.13 no.2
• /
• pp.86-92
• /
• 2007

This paper presents the development of fire-fighting and rescue robot for Outdoor Environment. In the procedure of this development, we follow Target Oriented Design (TOD) which is recognized as the systematic methodology to design a system by specifying the target clearly. For some real fire fighting tasks (e.g. tasks in shopping street and a market), narrow road make it difficult for existing fire engine to access the firing place. On the other hand, for dangerous tasks (e.g. gasoline station and a storehouse) the explosive materials make it impossible for fire-fighters to access the firing place. Moreover, the smoke and the high-temperature caused by fire make fire fighting difficult. In this situation, the solution is to develop the fire-fighting and rescue robot. TOD is performed firstly by analyzing the environment properties of fro place and the demanded tasks and the fire-fighting and rescue robot is manufactured. For safety, the fire fighting robot should be controlled by remote operation to keep the operator away from the fire, and the control system is divided into three parts: the robot controllers, controller for remote operating device and wireless communication system. We have selected and developed appropriate hardware and software for each part of control system with considering TOD. As a result, the fire-fighting robot functions correctly and the performance and usefulness of our control architecture is validated by successfully performing some fire-fighting tasks.

• Journal of the Korea Computer Industry Society
• /
• v.6 no.3
• /
• pp.509-518
• /
• 2005

The RMS(Remote Monitoring System) is generalized to adopt in many automatic system by progress of industrial and technical growth. RMS has been developed from simple status monitoring system to realtime control system with multimedia interface. This study is to design and develop monitoring system that client is able to monitor and control target system on web browser. The RMS is consist of 4 functional modes, which is monitoring mode, control mode, setup mode and video mode. Monitoring mode is to observe remote target system with realtime on web browser. Control mode is to change target system status in monitoring mode. Setup mode is to change system variable in control mode. Video mode is to monitor target system environment visually by web camera. This RMS is easy to access and manage target system, and so useful to monitor remote automatic system and closing site.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.29-34
• /
• 2023

KMS (Knowledge Management System) is used by various organizations to share information. This KMS includes important information as well as basic information used by each organization. To protect infortant information stored in KMS, many KMS use user identification and authentication features. In such a KMS security environment, if the account information of a user who can access the KMS is leaked, a malicious attacker using the account information can access the KMS and access all authorized important information. In this study, we propose KMS with user access control function that can protect important information even if user account information is leaked. The KMS with the user access control function proposed in this study protects the stored files in the KMS by applying an encryption algorithm. Users can access important documents by using tokens after logging in. A malicious attacker without a Token cannot access important files. As a result of checking the unit function for the target user access control function for effectiveness verification, it was confirmed that the access control function to be provided by KMS is normally provided.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.1-8
• /
• 2016

Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise's server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.217-224
• /
• 2011

Existing wire based physical security system solutions show limitations in time and space. In order to solve these deficiencies, a remote physical security system has been implemented using smart phone based on mobile cloud computing technique. The security functions of mobile cloud computing technique include mobile device user authentication, confidentiality of communication, integrity of information, availability of system, and target system access control, authority management and secure hand off etc. Proposed system has been constructed as remote building management system using smart phone, and also has been efficient to reduce energy cost (5~30%), result of system average access and response time 7.082 second. This systems are evaluated to have high efficiency compared to performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.71-79
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, hey possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance supports and emergency measures. In order to solve these deficiencies, Wireless Remote Control System(W-RCS) was designed and implemented. W-RCS is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of W-RCS leads to these security problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to W-RCS. The security functions based on public key infrastructure include mobile device user authentication and target system access control. The W-RCS allows real-time user authentication, increases the flexibility of resource administrators and mobile device non, and provides not only uninterrupted services, but also safe mobile office environments.

• Journal of the Korean Institute of Telematics and Electronics
• /
• v.24 no.2
• /
• pp.315-323
• /
• 1987

Generally, general-purpose image processing system is so expensive that not so many users easily can access the system. In this paper attemps have been made to design and describe a general and economical image processing system for real-time aplications such as image data compression, pattern recognition and target tracking. The system comprises an operator console, image data acquisition/display sistem and IBM PC/XT. The system also utilizes a high speed Fairchild 16-bit microprocessor with ALU speed of 375 nsec for system control, algrithm execution and user computation. The system also can digitize /display a 256x 256x 8 bit image in real time and store two frames of images. All image pixels are directly accessible by the microprocessor for fast and efficient computation. Some experimental and illustrative results such as target tracking are presented to show the efficient performance of the system.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Journal of Biomedical Engineering Research
• /
• v.15 no.3
• /
• pp.317-324
• /
• 1994

This paper proposed a new method in the implementation of ISDN (integrated services digital network) LAPD (link access procedure on the D-channel) and LAPB (link access procedure on the B-channel) protocols. The proposed method in this paper implement ISDW LAPD protocol through multi-tasking operating system and adopt a kernel part that is changed operating system to target board. The features of implemented system are (1) the para.llel processing of the events generated at each layer, as follows (2) the supporting necessary timers for the implementation of ISDW LAPD protocol from the kernel part by using software, (3) the recommanded SAP (Service Access Point) from CCITT was composed by using port function in the operating system. With the proposed method, the protocols of ISDH layerl, layer2 and layer3 (call control) were implemented by using the kernel part and related tests were carried out by connecting the ISDH terminal simulator to ISDN S-interface system using the ISDN LAPD protocol The results showed that ISDW S-interface terminals could be discriminated by TEI (Terminal Equipment Identifier) assignment in layer 2 (LAPD) and the message transmission of layer 3 was verified by establishing the multi-frame transmission and then through the path established by the LAPD protocol, a user data was tranfered and received on B-channel with LAPB protocol Thererfore, as new efficient ISDN S-interface environment was implemented in the thesis, it was verified that the implemented system can be utilized by connecting ISDW in the future to transfer a medical image data.