• Annual Conference of KIPS
• /
• 2015.10a
• /
• pp.646-647
• /
• 2015

정보통신의 발달로 개인의 모바일 기기를 업무에 활용하는 BYOD(Bring Your Own Device) 시대가 도래 하면서 기업들은 기밀정보 유출 방지, 접근 제어 및 효율적인 자원 관리를 위해 다양한 시스템을 도입하였다. 하지만 접근제어 정책은 획일화 되어 사용자에게 적용되고 있고, 기기의 잦은 분실과 도난, 낮은 보안성 등으로 인한 보안 위협이 존재하기 때문에 BYOD는 적극적으로 도입되지 못하고 있다. 따라서 개인화된 상황정보 수집을 통하여 유연한 정책 설정 및 비정상 사용자를 탐지 및 통제하는 방법이 필요하다. 본 논문에서는 BYOD 환경에서 발생할 수 있는 비정상 행위를 탐지하기 위해 사용자의 서비스 이용속도 분석하여 비정상 행위를 탐지하는 방안에 대해 논의한다.

• Annual Conference of KIPS
• /
• 2003.11c
• /
• pp.1755-1758
• /
• 2003

본 논문에서는 리눅스 상에 효율적인 보안 정책 관리를 위한 보안 정책 서버를 분석하고, 보안 정책 변경을 위한 인터페이스를 설계하였다. 리눅스는 소스가 공개된 운영체제이기 때문에, 보안상의 취약점을 이용하여 수많은 공격을 당하게 된다. 이러한 보안상의 문제를 해결하기 위하여 본 논문에서는 효율적인 정책 서버를 분석하여 리눅스에 적용함으로써, 리눅스가 가지는 보안상의 취약점을 해결하고자 하였다. 또한 관리자가 쉽게 정책을 적용할 수 있도록 보안 정책 적용을 위한 인터페이스를 설계하였다. 설계된 보안 정책 서버를 통하여 기존 리눅스 커널의 수정을 최소화하면서, 다른 접근제어 모델을 사용한 때에는 관련 모듈만 교체만 하면 되기 때문에 이미 설정된 보안 정책을 손쉽게 변화 할 수 있다

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.182-187
• /
• 2003

액티브 네트워크 환경에서 액티브 노드(라우터 또는 스위치)의 기능은 액티브 익스텐션(active extension)에 의해 다이나믹하게 확장될 수 있다 즉, 액티브 노드 기능을 확장하는 소프트웨어 모듈을“익스텐션”이라 할 수 있다. 이러한 융통성(flexible)이 강한 구조는 새로운 네트워크 프로토콜과 서비스들을 활성화시키고 있으나, 다른 한편으로는 매우 심각한 안전성(safety)과 보안(security) 문제를 야기 시키게 된다. 본 논문에서 다루는 액티브 익스텐션 관련 보안 문제는 하나의 액티브 노드상의 익스텐션이 다른 액티브 노드에 접근하려 할 경우 이에 대한 제어 방법이 반드시 제공되어야 한다는 것이다. 특히, 이 문제에서는 액티브 노드들간의 인증(authentication)이 매우 중요하다. 여기에서는 액티브 노드들간의 접근 정책 전송을 위해 각 객체가 갖는 고유 정보인 아이덴티티(identity)를 이용한다. 우리는 본 논문에서 아이덴티티를 통하여 액티브 노드들간의 인증(authentication)을 행하는 새로운 방식의 접근 정책(access policy) 전송 방법을 제안한다.

• Journal of KIISE:Databases
• /
• v.34 no.1
• /
• pp.1-17
• /
• 2007

As XML is becoming a de facto standard for distribution and sharing of information, the need for an efficient yet secure access of XML data has become very important. To enforce the fine-level granularity requirement, authorization models for regulating access to XML documents use XPath which is a standard for specifying parts of XML data and a suitable language for both query processing. An access control environment for XML documents and some techniques to deal with authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query access. Developing an efficient mechanism for XML databases to control query-based access is therefore the central theme of this paper. This work is a proposal for an efficient yet secure XML access control system. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form which is guaranteed to have no access violations using tree-aware metadata of XML schemes and set operators supported by XPath 2.0. The scheme can be applied to any XML database management system and has several advantages over other suggested schemes. These include implementation easiness, small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.57-70
• /
• 1999

Since a hybrid firewall filters packets at a network layer along with providing gateway functionalities at an application layer, it has a better performance than an If filtering firewall. In addition, it provides both the various kinds of access control mechanisms and transparent services to users. However, the security policies of a network layer are different from those of an application layer. Thus, the user interfaces for managing a hybrid firewalls in a consistent manner are needed. In this paper, we implement a graphical user interface to provide access control mechanisms and management facilities for a hybrid firewall such as log analysis, a real-time monitor for network traffics, and the statisics on traffics. And we also propose a new rule script language for specifying access control rules. By using the script language, users can generate the various forma of access control rules which are adapted by the existing firewalls.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.317-322
• /
• 2013

Mobile cloud environment is recently becoming popular due to Internet access through various environments. Driven by computer performance improvement and service development, the demand for mobile cloud is increasing and accordingly the damage is on the rise. Therefore, it needs to conduct a study on problems of security necessary in large database that occurs in mobile cloud services. Although various security solutions limiting database access, security strategies about new user environments should be analyzed. This study analyzes weakness of safe data access through database management in mobile cloud environment and examines security requirements for safe data management. In addition, this study looks into threatening factors of security in cloud services and then draws security requirements about safer access control. A study on system application and evaluation of security requirements about access control is required.

• Journal of Convergence for Information Technology
• /
• v.10 no.10
• /
• pp.32-39
• /
• 2020

In the large-scale infrastructure of cloud environment, illegal access rights are frequently caused by sharing applications and devices, so in order to actively respond to such attacks, a strengthened access control system is required to prepare for each situation. We proposed an entity attribute-based access control(EABAC) model based on security level and relation concept. This model has enhanced access control characteristics that give integrity and confidentiality to subjects and objects, and can provide different services to the same role. It has flexibility in authority management by assigning roles and rights to contexts, which are relations and context related to services. In addition, we have shown application cases of this model in multi service environment such as university.

• Journal of Industrial Convergence
• /
• v.21 no.12
• /
• pp.37-43
• /
• 2023

In today's business landscape, collaboration and interoperability are crucial for organizational success and profitability. However, integrating operations across multiple organizations is challenging due to differing roles and policies in Identity and Access Management (IAM). User-centric identity (UCI) adopts a personalized approach to digital identity management, centering on the end-user for authentication and access control. It provides a decentralized system that ensures secure and customized access for each user. UCI aims to address complex security challenges by aligning access privileges with individual user requirements. This research delves into UCI's ability to streamline resource access amidst conflicting IAM roles and protocols across various organizations. The study presents a UCI-based multi-domain access control (MDAC) framework, which encompasses an ontology, a unified method for articulating access roles and policies across domains, and software services melding with UCI infrastructure. The goal is to enhance organizational resource management and decision-making by offering clear guidelines on access roles and policy management across diverse domains, ultimately boosting companies' return on investment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.838-840
• /
• 2003

본 논문에서는 안전한 리눅스 개발을 위한 보안 정책 서버에 대해 연구하였다. 리눅스가 소스가 공개된 운영체제라는 장점을 제공하는 반면, 소스의 공개로 인해 보안상의 취약점 또한 공개되어 있다. 즉, 리눅스는 소스가 공개된 운영체제이기 때문에 보안상의 취약점을 이용하여 수많은 공격을 당하고 있다. 많은 전문가들이 이를 보완하고 있지만, 아직까지 리눅스에서 완벽한 보안을 제공하고 있지는 않다. 이러한 보안상의 문제를 해결하기 위하여 본 논문에서는 효율적인 정책관리를 위한 보안 정책 서버를 분석하여 리눅스에 적용함으로써, 리눅스가 가지는 보안상의 취약점을 해결하고자 하였다. 보안 정책 서버를 통하여 기존 리눅스 커널의 수정을 최소화하면서, 다른 접근제어 모델을 사용할 때에는 관련 모듈만 교체만 하면 되기 때문에 이미 설정된 보안 정책을 손쉽게 변화 할 수 있다.

• Journal of Internet Computing and Services
• /
• v.8 no.1
• /
• pp.99-113
• /
• 2007

In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.