• Journal of Intelligence and Information Systems
• /
• v.29 no.4
• /
• pp.165-184
• /
• 2023

Recently, Deep learning analysis of unstructured text data using language models, such as Google's BERT and OpenAI's GPT has shown remarkable results in various applications. Most language models are used to learn generalized linguistic information from pre-training data and then update their weights for downstream tasks through a fine-tuning process. However, some concerns have been raised that privacy may be violated in the process of using these language models, i.e., data privacy may be violated when data owner provides large amounts of data to the model owner to perform fine-tuning of the language model. Conversely, when the model owner discloses the entire model to the data owner, the structure and weights of the model are disclosed, which may violate the privacy of the model. The concept of offsite tuning has been recently proposed to perform fine-tuning of language models while protecting privacy in such situations. But the study has a limitation that it does not provide a concrete way to apply the proposed methodology to text classification models. In this study, we propose a concrete method to apply offsite tuning with an additional classifier to protect the privacy of the model and data when performing multi-classification fine-tuning on Korean documents. To evaluate the performance of the proposed methodology, we conducted experiments on about 200,000 Korean documents from five major fields, ICT, electrical, electronic, mechanical, and medical, provided by AIHub, and found that the proposed plug-in model outperforms the zero-shot model and the offsite model in terms of classification accuracy.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.207-209
• /
• 2024

딥러닝은 선형 연산과 비선형 연산을 조합하여 목표로 하는 시스템을 잘 표현할 수 있는 함수를 찾기 위해 사용하며, 이미지 분류 및 생성, 거대 언어 모델 및 객체 인식의 영역에서 활발하게 사용되고 있다. 그러나 딥러닝 연산을 위해서는 모델과, 연산을 수행하고자 하는 데이터가 하나의 공간에 저장되어야 한다. 모델과 데이터를 데이터 소유자가 관리할 경우, 데이터 소유자가 모델 데이터의 프라이버시를 침해할 수 있으며, 이는 모델을 적대적 예제 생성 공격에 취약하도록 만드는 원인이 된다. 한편 모델과 데이터를 모델 소유자가 관리할 경우, 모델 소유자는 데이터의 프라이버시를 침해하여 데이터 소유자의 정보를 악의적으로 이용할 수 있다. 본 논문에서는 딥러닝 모델과 데이터의 프라이버시를 모두 보호하기 위해 주어진 딥러닝 모델의 암호화와 복호화를 수행하는 EncNet 을 구현하였으며, MNIST 와 Cifat-10 데이터셋에 대하여 실효성을 테스트하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.149-160
• /
• 2008

As individual users have to provide more information than the minimum for using information communication service, the invasion of privacy of Individual users is increasing. That is why client/server based personal information security platform technologies are being developed such as P3P, EPAL and XACML. By the way enterprises and organizations using primarily role based access control can not use these technologies. because those technologies apply access control policies to individual subjects. In this paper, we suggest an expression language for privacy enhancing role-based access control policy. Suggested privacy enhancing role-based access control policy language model is a variation of XACML which uses matching method and condition, and separately contains elements of role, purpose, and obligation. We suggest policy language model for permission assignment in this paper, shows not only privacy policy scenario with policy document instance, but also request context and response context for helping understanding.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.135-144
• /
• 2010

Privacy protection can only be achieved by enforcing privacy policies within an enterprise's on and offline data processing systems. There are P-RBAC model and purpose based model and obligations model among privacy policy models. But only these models each can not dynamically deal with the rapidly changing business environment. Even though users are in the same role, on occasion, secure system has to opt for a figure among them who is smart, capable and supremely confident and to give him/her a special mission during a given period and to strengthen privacy protection by permitting to present fluently access control conditions. For this, we propose Integrated Privacy Protection Model based on RBAC. Our model includes purpose model and P-RBAC and obligation model. And lastly, we define high level policy language model based XML to be independent of platforms and applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.53-63
• /
• 2011

An SNS(Social Network Service) enables people to form a social network on online as in the real world. With the rising popularity of the service, side effects of SNSs were issued. Therefore we propose and implement a policy-based privacy protection module and access control policy language for ensuring the right of control of personal information and sharing data among SNSs. The policy language for protecting privacy is based on an attribute-based access control model which grants an access to personal information based on a user's attributes. The policy language and the privacy protection module proposed to give the right of control of personal information to the owner, they can be adopted to other application domains in which privacy protection is needed as well as secure sharing data among SNSs.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.139-149
• /
• 2009

In order to verify that a lot of legal requirements and regulations are correctly translated into software, this paper provides a solution for formal and computable representations of rules and requirements in data protection legislations with a DSML (Domain Specific Modeling Language). All policies are formally specified through Prolog and then integrated with DSML, According to the time of policy verification, this solution has two kinds of policies: static policies, dynamic policies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.438-447
• /
• 2007

In the Internet, an identity service must to obtain permission from a user to allow them to share data with requesting service. For that, the privacy policy, which reflects legal regulations and preferences made by the user, is needed. Also, the management interface that aids the user to make the privacy policy and the PDP system that makes admission control and policy decisions in response to a request from an entity wanting to access the personal information are needed. In this paper, the privacy controller system model handled under the internet Identity management system environment is proposed. The system has the easy interface of policy generation and the efficient policy decision process. The system applies and modifies to the XACML of OASIS group. We propose that the privacy policy is divided into the three policies, which are the user policy, the domain policy and the basic offering policy. To resolve the collision between the policies, we also propose the collision resolution policy.

• Journal of Service Research and Studies
• /
• v.13 no.3
• /
• pp.172-189
• /
• 2023

This study investigated the potential contribution of ChatGPT, a massive language and information model, in the decision-making process of public design policies, focusing on the characteristics inherent to public design. Public design utilizes the principles and approaches of design to address societal issues and aims to improve public services. In order to formulate public design policies and plans, it is essential to base them on extensive data, including the general status of the area, population demographics, infrastructure, resources, safety, existing policies, legal regulations, landscape, spatial conditions, current state of public design, and regional issues. Therefore, public design is a field of design research that encompasses a vast amount of data and language. Considering the rapid advancements in artificial intelligence technology and the significance of public design, this study aims to explore how massive language and information models like ChatGPT can contribute to public design policies. Alongside, we reviewed the concepts and principles of public design, its role in policy development and implementation, and examined the overview and features of ChatGPT, including its application cases and preceding research to determine its utility in the decision-making process of public design policies. The study found that ChatGPT could offer substantial language information during the formulation of public design policies and assist in decision-making. In particular, ChatGPT proved useful in providing various perspectives and swiftly supplying information necessary for policy decisions. Additionally, the trend of utilizing artificial intelligence in government policy development was confirmed through various studies. However, the usage of ChatGPT also unveiled ethical, legal, and personal privacy issues. Notably, ethical dilemmas were raised, along with issues related to bias and fairness. To practically apply ChatGPT in the decision-making process of public design policies, first, it is necessary to enhance the capacities of policy developers and public design experts to a certain extent. Second, it is advisable to create a provisional regulation named 'Ordinance on the Use of AI in Policy' to continuously refine the utilization until legal adjustments are made. Currently, implementing these two strategies is deemed necessary. Consequently, employing massive language and information models like ChatGPT in the public design field, which harbors a vast amount of language, holds substantial value.