• Journal of the Korea Computer Industry Society
• /
• v.7 no.5
• /
• pp.481-486
• /
• 2006

Whereas conveniences deriving from the development of information and telecommunication technology increase, information outflow and illegal data use are also rapidly on the rise. Consequently, many studies to prevent illegal information outflow are currently under way, and the use of Smart Card is in steep jump. Recently, Java Card is diffused fast as an alternative to complement the technical problems of the Smart Card. This paper designed and Implementation the system for multi-users authentication and file access control by user through designing a Java Card applet that is used for information protection and in various application fields. For allowing a file access competence, each user's file access competence is processed via drawing up the access condition table in the applet. Therefore, illegal correction exposure and destruction of information, which become the concerns when multi-users have an access, can be prevented. In addition its application becomes possible in the system requiring multi-users certifications.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.455-468
• /
• 2008

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

• Proceedings of the Korean Association of Geographic Inforamtion Studies Conference
• /
• 2003.04a
• /
• pp.409-418
• /
• 2003

컴퓨터 기술과 정보통신기술의 발달로 인터넷이 보편화되고, 인터넷을 이용한 정보공유가 활성화되고 있으며, 이와 함께 위성영상정보에 대한 통합시스템 구축사업도 활발히 진행되고 있다. 본 논문에서는 공개키 기반구조(PKI)의 공개키 인증서와 권한인증기반구조(PMI)의 속성 인증서를 이용하여, 인터넷 웹서버 접근통제방안을 제시한다. 또한 웹서버에서의 권한인증을 통하여 분산된 위성영상정보 통합체계의 아카이빙시스템에 대한 효과적인 접근통제방안을 제시한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.11a
• /
• pp.291-295
• /
• 2004

As a large quantity of information is presented in XML format on the web, there are increasing demands for XML security. Until now research on XML security has been focused on the security of data network using digital signature and encryption technology. As XML data become extensive and complex however XML security comes to involve not only network security but also managerial security. But XML encryption support simple network security. So it cannot support multiple users and multiple access control policy. In this paper, we propose an integration method of encryption and access control policy for securing XML documents. This methodology can support multiple authorization of multiple users with integrating access control. And this can reduce the cost of the existing complicated access evaluation process of access control by using pre-processing.

• Journal of Convergence for Information Technology
• /
• v.10 no.10
• /
• pp.32-39
• /
• 2020

In the large-scale infrastructure of cloud environment, illegal access rights are frequently caused by sharing applications and devices, so in order to actively respond to such attacks, a strengthened access control system is required to prepare for each situation. We proposed an entity attribute-based access control(EABAC) model based on security level and relation concept. This model has enhanced access control characteristics that give integrity and confidentiality to subjects and objects, and can provide different services to the same role. It has flexibility in authority management by assigning roles and rights to contexts, which are relations and context related to services. In addition, we have shown application cases of this model in multi service environment such as university.

• Korean Security Journal
• /
• no.21
• /
• pp.177-199
• /
• 2009

In this study, I would try to observe the scopes and related matters of the authority of private security personnel based on the basic discussion about the identity of private security. Everybody knows, the problems of private personnel have been mainly discussed in the relations of the public police. Because the roles of private personnel are similar to the police, and in the perspective of the law, private security are regulated by the police. When we compared with the police, the scopes of authorities of private personnel are considered in several points. First, most private personnel are just only 'citizen', so they can exercise the authority as citizen. It can include self-defense, self-help. flagrante delicto arrest. But when discuss the authority in the scopes of a possessionary right or managemental right, the authority of private personnel can be extended somewhat. Moreover, when private personnel are delegated by the special laws, their authority are extended much more. Finally, when the whole authority are delegated by such as the privatization, private personnel authority can be nearly same to the police. But, it can be considered that the degrees of the delegated authority are flexible. And the exercise of the authority must be performed in the limit that not infringe the individual freedom and rights. It seems to me that the degrees of fairness in use of authorities and it's a permitted limit are set forth a premise not only the legitimate base but also judicial judgement. Therefore, the attitudes of the courts related the exercise of authority are very important. And the growth of private security and the extension of authority followed are inevitably accompany the various problems of responsibility, so it must be considered about that in many perspectives.

• Journal of Korea Multimedia Society
• /
• v.8 no.2
• /
• pp.211-224
• /
• 2005

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model and sub-role hierarchies concept. The proposed model, called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) Model, supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control now dependency and separation of duty constraints(SoDs). Also it supports unconditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies in order to allow expressing access control policies at a finer granularity in corporate enterprise environments.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.99-101
• /
• 1999

분산 컴퓨팅 환경에서 기업이나 조직내의 사용자들은 다른 사용자와 자원을 공유하며 상호작용을 통하여 보다 효율적으로 작업을 수행하게 된다. 이 경우에는 자원이나 정보의 불법적인 사용을 막고 데이터의 무결성을 유지하기 위하여 인증과정이 필요하며, 또한 사용자의 작업에 대한 접근 제어(Access Control)의 필요성이 더욱 중요시되고 있다. 현재 널리 알려진 임의의 접근 제어(DAC)는 객체의 소유자에게 모든 위임의 권한이 주어지고 강제적 접근제어(MAC)의 경우에는 주체와 객체단위의 정책 적용이 어려운 단점이 있다. 최근에는 역할-기반 접근 제어를 이용하여 조직의 보안 정책을 보다 효율적이고 일관성 있게 관리하고자 하는 시도가 있다. 하지만 역할-기반 접근 제어의 경우 각 역할의 계층에 의하여 권한의 상속이 결정되는 문제가 발생한다. 따라서 본 논문에서는 역할-기반 접근 제어에서 역할이 가지는 역할의 위임을 위한 위임 서버와 역할 위임 프로토콜을 제시한다.

• 한국공간정보시스템학회:학술대회논문집
• /
• 1999.06a
• /
• pp.109-117
• /
• 1999

접근통제(Access Control)의 목적은 여러 자원들에 대하여 허가되지 않은 접근을 막는 것이다. 허가되지 않은 접근이란 자원의 불법적인 사용, 노출, 수정, 파괴 등을 포함한다. 즉, 접근 통제는 각 자원에 대한 기밀성, 무결성, 가용성 및 합법적인 이용과 같은 정보보호 서비스에 직접적으로 기여하게 되며, 이러한 서비스들의 권한부여를 위한 수단이 된다. 본 논문에서는 X.509 계층구조의 한계점을 극복하기 위해 인터넷 드래프트 표준으로 제안된 SPKI(Simple Public Key Infrastructure) 인증서를 분석하고, 이를 DB 접근통제 수단으로 이용하는 방안을 제시한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10c
• /
• pp.521-525
• /
• 2007

본 논문에서는 상황 인식 역할 기반 접근 제어에 기반한 유비쿼터스 환경 정책 기술 언어를 제시한다. 역할 기반 접근 제어는 권한을 사용자에게 부여하지 않고 역할에 부여함으로써 접근 제어를 효율적으로 관리할 수 있다. 유비쿼터스 환경에서는 빈번하게 변화하는 사용자들의 일치 정보와 같은 동적인 상황을 고려해야 할 필요성이 있다. 본 논문에서는 유비쿼터스 환경에서 동적으로 변화하는 상황을 고려하는 역할 기반 접근 제어 모델을 고안하고 이에 기반하여 정책 기술 언어를 설계하였다. 제안된 언어는 역할 기반 접근 제어의 장점을 활용하며, 동적인 상황 조건에 따라 사용자에게 역할을 할당하고 정적인 상황 조건을 이용하여 역할에 권한을 부여하는 방법을 기술함으로써 역할 기반 접근 제어에 기반한 상황 인식 유비쿼터스 환경의 특징을 효율적으로 구현할 수 있다.