• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.1-9
• /
• 2005

XML is the most common tool for data processing and data transmission in web applications. Policies are extensively used in all online business solutions and it is recognized that abinary decision such as 'yes/no' for access requests is not enough. In this paper, a method is developed to convert policy rules with provisions and obligations in logic formula formats into XML formats. The primary purpose is to enable security policy programmers to write flexible authorization policies in XML and to implement them easily. General syntaxes are defined to specify information for users, objects and actions in XML formats and an XML DTD is developed to specify authorization rules with these three components. To support various security features such as data transcoding and non-repudiation depending on data in addition to access control based on authorization policies, studies for specifying them in XML policy rules will be performed in the future.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.331-334
• /
• 2024

하이퍼레저 패브릭(Hyperledger Fabric)은 참여자의 신원을 확인하고, 정보교환(트랜잭션)의 유효성을 검증하는 허가형 블록체인 모델이다. 기존의 대표적인 블록체인 모델인 비트코인, 이더리움과 대비하여 효율적인 데이터 검증 방안이 가능한대, 체인코드와 채널, 그리고 피어를 중심으로 구성되어 있기 때문이다. 먼저 본 블록체인 모델은 '체인코드'라는 스마트 계약(컨트랙트)를 실행하며 허가된 사용자만 네트워크에 참여할 수 있다. 또한, '채널' 기능이 있어 서로 다른 조직 간의 데이터 공유와 검증에 대한 새로운 접근방식을 보여줄 수 있으며, 특정 네트워크 내에서 데이터를 분리할 수 있다. 이를 통해 특정 데이터에 대한 접근권한을 제어하는 기능을 제공하며 동시에 데이터의 신뢰성과 보안성을 높일 수 있다. 마지막으로 '피어'는 체인코드를 통해 들어온 트랜잭션을 검증하고, 유효한 데이터만 원장에 추가하는 기법으로 무결성을 유지하는 데 중요한 역할 담당하고 있다. 본 연구결과를 기반으로 하이퍼레저 패브릭을 효과적으로 활용하여 데이터 검증 프로세스가 산업계에 널리 적용될 수 있기를 기대한다.

• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.181-190
• /
• 2009

DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.67-78
• /
• 2010

CAS(Conditional Access System) is used in Pay-TV System to prohibit unauthorized user(s) accessing the contents in IPTV broadcasting environment. In the CAS, Smartcard transfers CW which is necessary in the process of descrambling the scrambled program to STB. CW hacking problem is one of the most serious problems in pay-TV system. There have been many researches on generating secure communication channel between smartcard and STB for secure transmitting, But they had problems in efficiency and security. In this paper, we propose a lightweight key agreement protocol based on a symmetric key algorithm. We show that our proposed protocol is more efficient than existing protocols by comparing the amount of computations, and analyzing the security requirement of the proposed protocol.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.05a
• /
• pp.198-201
• /
• 2003

Changes in internet and network environment make it possible to provide high-quality content services in real time. As demand for digital content is increased, problems related to intellectual property rights are getting more important. Streaming service like video-on-demand solved this problem by preventing content from being saved. But, as the advent of several tools able to save streamed content, the streamed content is not free from these problems any more. So, with security countermeasure like access control, new technologies to control and manage rights for content are needed. One of the solutions is DRM In this paper, we describe a DRM-based streaming service that can send the ASF stream which is the multimedia file format of Microsoft.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.827-830
• /
• 2005

본 논문은 DRM(Digital Rights Management)의 핵심요소기술인 디지털 비디오 워터마킹 기술에서 암호화 기법을 함께 적용하여 저작권 판별 및 콘텐츠 보호의 두 가지 역할을 수행하는 시스템을 제안하고자 한다. 본 논문에서는 저작권 정보를 공개키 기반의 RSA 암호화 방법으로 암호문을 만든 후 이진화 과정을 수행하여 워터마크 키 정보를 생성하였고, 워터마킹 기법으로는 통계적 모델의 계산 속도가 빠른 NVF(Noise Visibility Function) 방식의 Adaptive Stationary GG(Generalized Gaussian) model[1]의 기법을 사용하였다. 암호문은 사용자 컨트롤러에서 제어가 가능하도록 하여 권한이 부여된 사용자만이 재생이 가능하도록 하였다. 본 논문의 구성은 2장에서 암호화 과정을 설명하고, 3장에서는 기존의 기법과는 다른 통계적 접근의 워터마킹 기법을 적용한 과정을 설명하며, 4장에서는 제안한 방법이 실제 환경에서의 실험 결과를 보여준다. 마지막으로 5장에서는 결론과 개선점을 바탕으로 향후 연구방향을 제시한다. 본 논문에서 제안한 방법은 미래사회 인터넷에서의 올바른 디지털 콘텐츠 사용 문화 정책에 큰 역할을 할 것으로 기대된다.

• The Journal of Society for e-Business Studies
• /
• v.14 no.4
• /
• pp.315-332
• /
• 2009

In logistic environments, a process, in that it manages the flow of materials among partners, involves more than one organization. In this regard, a logistic process, as a combined process consisting of multiple sub processes, needs to be managed with controling interaction among partners. In achieving systematic management of a logistic process, traditional Business Process Management (BPM) cannot be used for the entire flow, since it lacks the ability to manage interactions among partners. Particularly in logistic environments where RFID technologies are used, how to deal with the connection between RFID event and logistic flow has not been properly addressed. To overcome this limitation, this paper proposes a new method of managing multi-organizational logistic processes based on RFID events. We define inter-workflow pattern, and suggest ECA(Event-Condition-Action) rules for auto triggering of logistic processes. To adjust the rules to RFID events, we invent RFID-based ECA rules using complex event. A prototype system has been developed for the purpose of demonstrating the effectiveness of our approach.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.35-41
• /
• 2012

The rapid development of cloud computing and mobile internet service changes to an mobile cloud service environment that can serve and pay computing source that users want anywhere and anytime. But when user misses mobile device, the respond to any threat like user's personal information exposal is insufficient. This paper proposes cloud service access control model to provide secure service for mobile cloud users to other level users. The proposed role-based model performs access authority when performs user certification to adapt various access security policy. Also, the proposed model uses user's attribute information and processes before user certification therefore it lowers communication overhead and service delay. As a result, packet certification delay time is increased 3.7% and throughput of certification server is increased 10.5%.