• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.271-273
• /
• 2006

유비쿼터스 인프라의 발달로 인한 업무 환경의 활발한 변화는, 다양한 (이동성) 단말과 끊김 없는 네트워크를 통하여, 기업 내외부의 응용을 활용하며, 효율적인 상황인식에 따른, 실시간적 업무공간을 지원 받을 것이다. 이는 인증과 인가의 분리 구조로서, 기업 내부의 접근제어 미들웨어와 기업 외부의 서비스 프로바이더 간의 분산 환경을 의미한다. 그러나 이러한 처리는 도메인 상호간 안전한 상호운용성이 선결되어야 한다. 즉 유비쿼터스 업무공간의 협업 서비스를 위한 접근제어모델은, 상황인식과 실시간 정책변경의 처리가 다중도메인간의 안전한 연동과 함께 요구된다. 본 논문은 메타정책(Metapolicies) 기반으로 도메인 내부와 외부도메인의 접근제어를 구분하여 보호한, 다중도메인 관계의 동적 협업 RBAC모델을 제안한다.

• Journal of Industrial Convergence
• /
• v.21 no.12
• /
• pp.37-43
• /
• 2023

In today's business landscape, collaboration and interoperability are crucial for organizational success and profitability. However, integrating operations across multiple organizations is challenging due to differing roles and policies in Identity and Access Management (IAM). User-centric identity (UCI) adopts a personalized approach to digital identity management, centering on the end-user for authentication and access control. It provides a decentralized system that ensures secure and customized access for each user. UCI aims to address complex security challenges by aligning access privileges with individual user requirements. This research delves into UCI's ability to streamline resource access amidst conflicting IAM roles and protocols across various organizations. The study presents a UCI-based multi-domain access control (MDAC) framework, which encompasses an ontology, a unified method for articulating access roles and policies across domains, and software services melding with UCI infrastructure. The goal is to enhance organizational resource management and decision-making by offering clear guidelines on access roles and policy management across diverse domains, ultimately boosting companies' return on investment.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.6
• /
• pp.1394-1401
• /
• 2007

Secure access control is a hot issue of large-scale organizations or information systems, because they have numerous users and information objects. In many cases, system developers should implement an access control module as a part of application. This way induces difficult modification of the module and repeated implementation for new applications. In this paper we implement a Java API library for access control to support system developers who use Java. They can easily build up access control module using our library. Our library supports typical access control models, and it can offer new types of access control. Furthermore, it is able to run multiple access control models at the same time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.109-119
• /
• 2004

The home network environment can be defined as a network environment, connecting digital home devices such as computer systems, digital appliances, and mobile devices. In this kind of home network environments, there will be numerous local/remote interactions to monitor and control the home network devices and the home gateway. Such an environment may result in communication bottleneck. By applying the mobile agents that can migrate among the computing devices autonomously and work on behalf of the user, remote interactions and network traffics can be reduced enormously. The mobile agent authentication is necessary to apply mobile agent concept to the home network environments, as a prerequisite technology for authorization or access control to the home network devices and resources. The existing mobile agent systems have mainly used the public key based authentication scheme, which is not suitable to the home network environments, composed of digital devices of limited computation capability. In this paper, we propose a shared key based mobile agent authentication scheme for single home domain and expand the scheme to multiple domain environments with the public key based authentication scheme. Application of the shared key encryption scheme to the single domain mobile agent authentication enables to authenticate the mobile agent with less overhead than the public key based authentication scheme.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.3
• /
• pp.393-404
• /
• 2004

Recently, public home have used a more than two computer connected with network, and several home appliances using independently with internet or network are developing to be related closely with the network. Therefore, the home utilized for a simple terminal of the global network in the past is being expanded to another part of the sub network. For a variety of connecting home-area protocols with the existing existing network, we require a new Residential Gateway(RG) that does not only make the home-area network operating in the sub network but also connects to the external network. In this paper, RG has intrinsic limits against flexible service due to IP address assignment and hardware capacity. In order to solve this problem in the RG, we propose a Management Server(MS). The MS that offers the integrated managements and control services for a variety of devices connected the RG in the home-area. It can not only solve the dynamic IP address assigning problem but also assigns private IP addresses to the home network devices through the Network Address Translation(NAT). It also provides somewhat useful functions for the home network and the RG for other additional services. <중략> The MS is using a SNMP protocol for managing the RG in the domain, a polling method of the MS and the RG compose a sequence polling method, a polling method using a multi-process and a multi-thread. In this paper, we introduce a problem with polling method separately, show a polling method between the MS and the RG using a multi-thread.