• Title, Summary, Keyword: 네트워크 접근제어

Search Result 458, Processing Time 0.046 seconds

Design and Implementation of Access Control System Based on XACML in Home Networks (XACML 기반 홈 네트워크 접근제어 시스템의 설계 및 구현)

  • Lee, Jun-Ho;Lim, Kyung-Shik;Won, Yoo-Jae
    • The KIPS Transactions:PartC
    • /
    • v.13C no.5
    • /
    • pp.549-558
    • /
    • 2006
  • For activating home network, the security service is positively necessary and especially the access control supports secure home network services and differentiated services. But, the existing security technology for home network seldom consider access control or has a architecture to be dependent on specific middleware. Therefore, in this paper we propose a scheme to support integrated access control in home network to use XACML, access control standard of next generation, to have compatability and extensibility and we design and implement XACML access control system based on this. we also had m access control experiment about various policy to connect developed XACML access control system with the UPnP proxy based on OSGi in order to verify compatability with existing home network system.

Design and Safety Analysis of a Role-Based Access Control Framework for Mobile Agents in Home Network Environments (홈 네트워크 환경에서 이동 에이전트의 역할에 기반한 접근제어 프레임워크 설계 및 안전성 평가)

  • Jung, Young-Woo;Ko, Kwang-Sun;Kim, Gu-Su;Eom, Young-Ik
    • The KIPS Transactions:PartC
    • /
    • v.14C no.6
    • /
    • pp.537-544
    • /
    • 2007
  • A home network is a residential local area network in which digital home appliances are connected with each other. Applying the mobile agent technology to the home network is expected to provide a new computing model. In particular, mobility and asynchronous ability of mobile agent can be used to reduce network traffic generated for managing home appliances. However, in order to apply the mobile agent concept to the home network, access control for mobile agents is necessary. In the existing home network system, there is one special server, sometimes called home server This server generally has mapping tables to be updated periodically, which describes access control lists between users' authorities and corresponding devices. In this paper, we propose a role-based access control framework with mobile agents in home networks. This framework, called Secure KAgent framework, is designed and implemented based on KAgent system. It has two main characteristics: to control access permissions based on Role-Based Access Control(RBAC) scheme and to safety assign roles to mobile agents by role tickets.

Development of Security Metric of Network Access Control (네트워크 접근제어 시스템의 보안성 메트릭 개발)

  • Lee, Ha-Yong;Yang, Hyo-Sik
    • Journal of Digital Convergence
    • /
    • v.15 no.6
    • /
    • pp.219-227
    • /
    • 2017
  • Network access control should be able to effectively block security threats to the IT infrastructure, such as unauthorized access of unauthorized users and terminals, and illegal access of employees to internal servers. From this perspective, it is necessary to build metrics based on relevant standards to ensure that security is being met. Therefore, it is necessary to organize the method for security evaluation of NAC according to the related standards. Therefore, this study builds a model that combines the security evaluation part of ISO / IEC 15408 (CC: Common Criteria) and ISO 25000 series to develop security metric of network access control system. For this purpose, we analyzed the quality requirements of the network access control system and developed the convergence evaluation metric for security of the two international standards. It can be applied to standardization of evaluation method for network access control system in the future by constructing evaluation model of security quality level of network access control system.

A Design and Development on Authentication Protocol for Secure Home Network System (홈 네트워크 구축을 위한 인증 프로토콜의 설계 및 구현)

  • Ko, Jae-Woon
    • Proceedings of the KAIS Fall Conference
    • /
    • /
    • pp.495-498
    • /
    • 2010
  • 본 논문에서는 외부 클라이언트가 홈 네트워크 시스템을 컨트롤 하기위하여 홈 네트워크의 보안요소 중 사용자 인증과 접근제어에 관하여 연구 하였으며 사용자 인증의 인증서는 X.509 v3의 인증서를 기반으로 사용하고 X.509 v3의 확장영역에 사용자의 그룹을 나누어 디바이스를 제어하고 접근이 제한된 디바이스는 ACL(Access Control List)을 추가하여 접근제어를 하는 방법으로 접근이 제한된 사용자와 이를 관리하는 관리자로 나누어 각 디바이스에 대한 접근제안과 외부 공격으로 부터의 안전하게 보호할 수 있게 제안한 논문이다.

  • PDF

Research of Agent-less Network Access Control Using Network Switch Firmware (네트워크 펌웨어를 이용한 Agent-less 방식의 네트워크접근제어 구현에 관한 연구)

  • Kim, JinSeok;Min, Sung-Gi;Oh, Sang-Seok
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.703-705
    • /
    • 2011
  • 내부 네트워크의 IP관리를 위해 많은 네트워크 관리 방안 및 솔루션들이 기 구축되어 운영 중이고, 이를 위해 내부 네트워크에 연결된 모든 단말에 특정 Agent를 설치하여 IP를 관리하고 있어 단말(PC, IPT전화기 등)의 OS에 따른 기종별 Agent의 호환문제 및 단말에 기 설치 운영중인 응용프로그램과의 충돌문제가 발생한다. 본 연구에서는 이러한 네트워크 IP관리를 위해 Agent가 필요 없는 네트워크 관리 방식을 제안한다. 네트워크 Switch장비 Firmware의 포트차단 설정을 이용한 기법으로 Agent의 설치없이 Switch장비의 Firmware를 이용하여 네트워크의 접근제어가 가능함을 제안한다. 이를 위하여 인가되지 않은 IP를 Switch장비의 Firmware로 차단하여 네트워크의 접근제어가 가능함을 증명하였다.

  • PDF

A Framework and User Admin Service for User Access Control in OSGi Service Platform (OSGi 서비스 플렛폼에서 사용자 접근제어를 위한 프레임워크와 사용자 관리 서비스)

  • Kim, Su-Jong;Cho, Eun-Ae;Moon, Chang-Joo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.1135-1138
    • /
    • 2005
  • OSGi 는 이질적인 다양한 기술들이 존재하는 홈 네트워크 환경에서 상호 운영성을 보장하는 서비스 플렛폼을 제공한다. 사용자 접근제어는 홈 네트워크에서 반드시 해결해야 하는 보안의 핵심분야 중에 하나지만 아직은 구체적인 연구가 진행되고 있지 않다. 본 논문에서는 OSGi 서비스 플렛폼이 운영되는 홈 네트워크 환경에서 사용자 접근제어를 위한 RBAC 기반의 권한부여 정책 관리 플렛폼과 보완된 사용자 관리 서비스를 제안한다. 제시된 접근제어 프레임워크는 사용자의 프라이버시 문제를 해결함과 동시에 사용자 편의성도 제공을 한다. 또한 보완된 사용자 관리 서비스의 인터페이스는 요구되는 주요 기능들을 추가 함으로써 접근제어를 위한 OSGi 서비스 프레임워크 구현에 가이드 라인을 제공 한다.

  • PDF

Relationship-based Dynamic Access Control Model with Choosable Encryption for Social Network Service (소셜 네트워크 서비스를 위한 선별적 암호화 기능을 제공하는 관계 기반 동적 접근제어 모델)

  • Kwon, Keun;Jung, Youngman;Jung, Jaewook;Choi, Younsung;Jeon, Woongryul;Won, Dongho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.59-74
    • /
    • 2014
  • The social network service is a online service letting users express the personality and enhancing the human network. However, these features result in side effects which diffuse personal information and make users access to treacherous information. Therefore, various access control models have been proposed. However, the access control mechanisms which encrypt data are only able to be applied for controlling access from direct node, and the access control mechanisms without data encryption allow service provider to access all the information. Moreover, both mechanisms do not consider dynamic changes in reliability of the users. In this paper, we propose relationship-based dynamic access control model including encryption of sensitive data, which consider the characteristics of SNS and improves the security of SNS.

A RBAC-based Access Control Framework in OSGi Service Platform (OSGi 서비스 플랫폼에서 RBAC 기반의 사용자 접근제어 프레임워크)

  • Cho, Eun-Ae;Moon, Chang-Joo;Baik, Doo-Kwon
    • Journal of KIISE:Information Networking
    • /
    • v.34 no.5
    • /
    • pp.405-422
    • /
    • 2007
  • Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

Design and Implementation of Network Access Control for Security of Company Network (사내 네트워크 보안을 위한 네트워크 접근제어시스템 설계 및 구현)

  • Paik, Seung-Hyun;Kim, Sung-Kwang;Park, Hong-Bae
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.47 no.12
    • /
    • pp.90-96
    • /
    • 2010
  • IT environment is rapidly changed, thus security threats such as worms and viruses have increased. Especially company's internal network requires to be inherently protected against these threats. In this respect, NAC(Network Access Control) has attracted attention as new network security techniques. The NAC implements the endpoint access decision based on the collected endpoint security status information and platform measurement information. In this paper, we describe the design and implementation of unauthorized NAC which protect against such as a worm, virus, malware-infected PC, and mobile device to connect to company's internal networks.

Study on Method of Active Node for Performance Improvement on Active Network (액티브 네트워크 성능향상을 위한 액티브 노드 구성 방안)

  • 최병선;이성현;이원구;이재광
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • /
    • pp.538-542
    • /
    • 2003
  • 본 논문에서는 액티브 네트워크 상에서 강력한 자원 관리와 액티브 응용의 제어를 위해 접근제어 메커니즘을 적용한 안전한 리눅스 커널을 분석 설계하였다. 설계된 접근제어 모델은 직무기반 접근제어를 이용하여 권한을 효과적으로 통제하고, 신분 및 규칙 기반 접근제어를 이용하여 정보 및 시스템의 비밀성, 무결성, 가용성의 보장 및 시스템의 불법적인 접근을 방지할 수 있다. 리눅스 마이크로 커널 기반 접근제어 모델을 직무, 보안등급, 무결성 등급 및 소유권의 다단계 보안 정책을 기반으로 시스템의 불법적인 접근, 직무기반, 소유권 등의 다단계 보안 정책을 기반으로 하여 시스템의 불법적인 접근을 통제 할 수 있다.

  • PDF