• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.59-66
• /
• 2002

The access controls are the methods which are generally used in such systems as computer operating systems, workflow systems, information security systems and etc.. In the paper, is proposed a role-based access control model which not only has fundamental security functions such as security, integrity and flow control, but also meets the access control requirements of role-based social organizations. The proposed role-based access control model is designed in order to perform its functions in simple and secure way, largely in the environment of web-based applications.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.4
• /
• pp.119-124
• /
• 2001

In the paper, is proposed a secure role-based access control model that not only has s functions such as security, integrity and flow control, but also can easily meet access requirements of role-based social organizations. The proposed role-based access control mod designed based on proven existing rule-based access control mechanisms in order to be app real access control systems. The model proposed in the paper is simple and secure. It can be used for the web-based application systems working on the Internet.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.981-988
• /
• 2005

Administrative Role-Based Access Control(ARBAC) is a typical model for decentralized authority management by plural security administrators. They have their work range on the role hierarchy. A problem is that legal modification of role hierarch may induce unexpected side effect. Role-Role Assignment 97(RRA97) model introduced some complex integrity principles to prevent the unexpected side effect based on geometric approach. We introduce simple and new one integrity principle based on simple set theory. It is simple and intuitive. It can substitute for all integrity principles of RRA97 model.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.88-93
• /
• 2020

Recently, SDN technology is applied to real communication business, users are getting bigger, and as the amount of data flowing in the network increases, interest in network data flow management is increasing. During this process, it must be ensured that the confidentiality, integrity, availability, and traceability of the data on the network being transmitted. In addition, it is necessary to develop an environment for observing the flow of data in real time on a network required in various fields and visually confirming the control. In this paper, first, Mininet is applied to construct a network topology and various environment attributes. Second, we added OpenDayLight in Mininet environment to develop a simulation environment to visually check and control network traffic flow in network topology.

• Journal of Digital Contents Society
• /
• v.1 no.1
• /
• pp.23-37
• /
• 2000

EDI is basically the concept of computer-to-computer exchange of messages relating to various types of activities or business areas, such as banking, trade, medicine, publishing, etc. Therefore, security, reliability and special functionality will be implicit requirements of EDI systems. We will design access control model to content security of these requirements. Access controls in information systems are responsible for ensuring that all direct access to the entities occur exclusively according to the access modes and rules fixed by security policies. On this paper, security policies for access control model are presented from the viewpoints of identity-based, rule-based, role-based policy. We give a design of access control model for secure EDI service based on the derived access control rules and operations to enforce the defined security policies. The proposed access control model provides integrity, confidentiality and a flow control of EDI messages.

• Proceedings of the KAIS Fall Conference
• /
• 2010.11a
• /
• pp.163-167
• /
• 2010

최근 컴퓨터시스템으로 전환되고 있는 열차제어시스템에서 소프트웨어에의 의존성이 급격히 증가함에 따라 임베디드화된 열차제어 소프트웨어 신뢰성과 안전성의 검증이 중요한 문제로 대두되기 시작했다. 이에 따라 열차제어 소프트웨어 관련 국제표준에서도 각종 소프트웨어 테스트 및 검증활동을 요구하고 있으며, 이에 대응하여 본 논문에서는 열차제어시스템 소프트웨어 테스트 커버리지 자동화 도구 및 기준 분석과 개발 결과에 대해 제시하고 있다. 본 논문에서는 열차제어 소프트웨어 안전성 검증을 위한 정량적인 항목으로 매우 중요한 테스트 커버리지를 자동으로 측정할 수 있는 제어흐름 분석도구를 개발하였으며, 본 도구의 결과를 실제 철도 산업 현장에서 활용하기 위해 타분야 제시 기준 등을 분석하여 철도 소프트웨어 안전무결성레벨(SWSIL)에 따른 판단 기준을 제시하였다.

• Annual Conference of KIPS
• /
• 2014.11a
• /
• pp.409-411
• /
• 2014

WAVE 기술은 차량이 고속 이동환경에서 차량간 또는 차량과 인프라간 패킷을 짧은 시간 내에 주고 받을 수 있는 무선통신 기술이다. 본 논문의 목적은 차량이 WAVE 시스템에 통신 할 때 상대방의 인증서가 폐기 되었는지 확인하기 위한 CRL(Certificate Revocation List) 다운로드 프로토콜을 설계하는 것이다. CRL 다운로드 프로토콜은 WAVE 시스템 환경에 맞추기 위해 TCP(Transmission Control Protocol)가 아닌 UDP(User Datagram Protocol) 상에서 동작한다. 그리고 보안기능을 지원하기 위해 ECDSA 를 사용하여 상호 인증을 하고 ECIES 를 사용하여 인증서의 기밀성을 보장한다. 또한 이 프로토콜은 MAC 을 CRL 데이터에 붙여 데이터의 무결성을 보장하고, UDP 상에서 동작할 때 발생할 수 있는 데이터의 손실을 줄이기 위해 에러 및 흐름제어 방식으로 Selective repeat ARQ 를 사용한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.6
• /
• pp.1161-1174
• /
• 2021

UDP is an unreliable data transmission protocol, in contrast to TCP, which implements reliable data delivery based on flow control and retransmission methods. However, the TCP operation algorithm for guaranteeing reliability is inefficient in improving transmission performance, and above all, there is no need to transmit data using the TCP method for fields that do not require perfect integrity. In this paper, we intend to discuss ways to improve the stability while maintaining the existing performance of UDP. To this end, a program applied with packet buffering and relaying techniques was developed, and the performance and stability of the experiment were verified.

• The Journal of the Acoustical Society of Korea
• /
• v.23 no.5
• /
• pp.390-399
• /
• 2004

In this paper, we design and implement a multiple-view VoiceXML editor to improve editing efficiency of the VoiceXML. The VoiceXML multiple-view Editor uses a MVC framework to support multiple views and paradigm. Our multiple-view editor consists of Model. View and Controller using MVC framework. A model, core data structure. is constructed of abstract syntax tree and abstract grammar. A view. user interface. is formalized in unparsing rules and unparser. A controller. to control model and view. is made of command interpreter and tree handler. The VoiceXML multiple-view editor overcomes a drawbacks of existing XML editors by showing document structure and context concurrently. as well as document flows. Our VoiceXML multiple-view editor. which MVC framework has been applied, provides various editing views concurrently to users. Thereby. it supports efficient and convenient editing environments for voice-web documents to users and it guarantees transparency of editors. as various views have a same consistent model.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.179-190
• /
• 2020

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.