• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.127-137
• /
• 2006

We propose two phase filtering scheme to develop an efficient mechanism for XML databases to control query-based access. An access control environment for XML documents and some techniques to deal with fine-grained authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query-based access. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form through a query optimization technique, which is guaranteed to have no access violations using tree-aware metadata of XML schemas. The scheme can be applied to any XML database management system and has several advantages such as small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.3-11
• /
• 2004

The XML has been becoming a basis of the related application and industry standards with proliferation of electronic transactions on the web, and the standardization on XML Signature, which can be applied to the digital contents including XML objects from one or more sources, is in the progress through a joint effort of W3C(World Wide Web Consortium) and IETF(Internet Engineering Task Force). Along with this trend, the development of products implementing XML Signature has been growing, and the XML Signature products are required to implement the relevant standards correctly to guarantee the interoperability among different XML Signature products. In this paper, we propose a conformance testing method for testing the XML Signature products, which includes a testing procedure and test cases. The test cases were obtained through analysis of XML Signature standards. Finally we describe the design and uses of our XML Signature conformance testing tools which implements our testing method.

• Journal of Convergence for Information Technology
• /
• v.11 no.12
• /
• pp.1-13
• /
• 2021

This study tried to suggest ways to improve the indicator system to strengthen the personal information protection. For this purpose, the components of indicator system are derived through domestic and foreign literature, and it was selected as main the diagnostic indicators through FGI/Delphi analysis for personal information protection experts and a survey for personal information protection officers of public institutions. As like this, this study was intended to derive an inspection standard that can be reflected as a separate index system for personal information protection, by classifying the specific IT technologies of the 4th industrial revolution, such as big data, cloud, Internet of Things, and artificial intelligence. As a result, from the planning and design stage of specific technologies, the check items for applying the PbD principle, pseudonymous information processing and de-identification measures were selected as 2 common indicators. And the checklists were consisted 2 items related Big data, 5 items related Cloud service, 5 items related IoT, and 4 items related AI. Accordingly, this study expects to be an institutional device to respond to new technological changes for the continuous development of the personal information management level diagnosis system in the future.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.20-32
• /
• 2020

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Journal of the Korean Society for information Management
• /
• v.41 no.2
• /
• pp.245-268
• /
• 2024

As the recognition of data's value increases, the role of data repositories in managing, preserving, and utilizing data is becoming increasingly important. This study investigates ways to enhance the trustworthiness of data repositories through obtaining CoreTrustSeal (CTS) certification. Trust in data repositories is critical not only for data protection but also for building and maintaining trust between the repository and stakeholders, which in turn affects researchers' decisions on depositing and utilizing data. The study examines the CoreTrustSeal, an international certification for trustworthy data repositories, analyzing its impact on the trustworthiness and efficiency of repositories. Using the example of DataON, Korea's first CTS-certified repository operated by the Korea Institute of Science and Technology Information (KISTI), the study compares and analyzes four repositories that have obtained CTS certification. These include DataON, the Physical Oceanography Distributed Active Archive Center (PO.DAAC) from NASA, Yareta from the University of Geneva, and the DARIAH-DE repository from Germany. The research assesses how these repositories meet the mandatory requirements set by CTS and proposes strategies for improving the trustworthiness of data repositories. Key findings indicate that obtaining CTS certification involves rigorous evaluation of organizational infrastructure, digital object management, and technological aspects. The study highlights the importance of transparent data processes, robust data quality assurance, enhanced accessibility and usability, sustainability, security measures, and compliance with legal and ethical standards. By implementing these strategies, data repositories can enhance their reliability and efficiency, ultimately promoting wider data sharing and utilization in the scientific community.

• Journal of KIISE:Databases
• /
• v.34 no.1
• /
• pp.1-17
• /
• 2007

As XML is becoming a de facto standard for distribution and sharing of information, the need for an efficient yet secure access of XML data has become very important. To enforce the fine-level granularity requirement, authorization models for regulating access to XML documents use XPath which is a standard for specifying parts of XML data and a suitable language for both query processing. An access control environment for XML documents and some techniques to deal with authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query access. Developing an efficient mechanism for XML databases to control query-based access is therefore the central theme of this paper. This work is a proposal for an efficient yet secure XML access control system. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form which is guaranteed to have no access violations using tree-aware metadata of XML schemes and set operators supported by XPath 2.0. The scheme can be applied to any XML database management system and has several advantages over other suggested schemes. These include implementation easiness, small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• Journal of KIISE:Software and Applications
• /
• v.34 no.7
• /
• pp.635-645
• /
• 2007

Component technology has been widely accepted as an effective way for building software systems with reusable components, and Microsoft (MS) .NET is one of the recent representative component technologies. Model Driven Architecture (MDA) is a new development paradigm which generates software by transforming design models automatically and incrementally. Transformation of structural models in MDA has been successfully applied. However, transformation of dynamic models and pervasive services, such as transaction service, security service, synchronization service and object pooling are largely remains as an area for further research. The recent enterprise system has multi tier distributed architecture, and the functionality of early mentioned pervasive services is essential for this architecture. .NET platform can implement Component Object Model+ (COM+) component for supporting pervasive services by specify Attribute code. In this paper, we specify the functionalities of the COM+ component offering pervasive services, and then those functionalities are defined by UML profile. By using the profile, the Platform Specific Model (PSM) for .NET/C# is specified, and .NET components are automatically generated through our tool. The development productivity, extensibility, portability, and maintenance of software can be dramatically improved by using of the proposed methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.1
• /
• pp.185-191
• /
• 2015

This paper suggest the safety class communication board in order to design the safety network of the nuclear safety class controller. The reactor protection system use the digitized networks because from analog system to digital system. The communication board shall be provided to pass the required performance and test of the safety class in the digital network used in the nuclear safety class. Communication protocol is composed of physical layer(PHY), data link layer(MAC: Medium Access Control), the application layer in the OSI 7 layer only. The data link layer data package for the cyber security has changed. CRC32 were used for data quality and the using one way communication, not requests and not responses for receiving data, does not affect the nuclear safety system. It has been designed in accordance with requirements, design, verification and procedure for the approving the nuclear safety class. For hardware verification such as electromagnetic test, aging test, inspection, burn-in test, seismic test and environmental test in was performed. FPGA firmware to verify compliance with the life-cycle of IEEE 1074 was performed by the component testing and integration testing.

• Journal of Navigation and Port Research
• /
• v.48 no.4
• /
• pp.335-341
• /
• 2024

Recently, research, development, and commercialization of maritime autonomous surface ships (MASS) and remote control are in progress. Remote control is intended to secure autonomous navigation environments for existing ships or early-stage MASS using a remote control system (RCS). The main function of an RCS is to control MASS using data transmission between the MASS and the remote control centre. Remote control by a remote control officer also has an important function. The purpose of this study was to develop RCS and a performance evaluation technique for operation data provided by the RCS. The experiment was conducted during the navigation period of a training ship 'Hannara' after building experimental equipment at both an onshore remote control center and a training ship. As a result of evaluating data transmitted and received using the developed RCS, it was confirmed that data transmission was possible within an error range of 0.1%p. Fourteen types of ship information reflecting the navigation environment of the training ship were confirmed to be transmitted and received. The RCS developed in this work complies with the three principles of remote control: safety, reliability, and availability. This study provides a core technology for the development of RCSs for MASS and the evaluation of data transmission performance.