• Journal of Internet Computing and Services
• /
• v.11 no.1
• /
• pp.167-181
• /
• 2010

WebDAV is an IETF standard protocol which supports asynchronous collaborative authoring on the Web. The WebDAV Access Control Protocol provides various methods of controlling the resources on a WebDAV server and their properties, helping high-level group activities to be performed through the WebDAV server. In this paper, to provide high level collaboration, we introduce a technique for managing access control over WebDAV resources through the WebDAV Access Control Protocol and describe the development of an access control manager for the CoSlide Collaborative system based on the technique. To provide users with the access control features in an easily understandable manner, the developed technique presents the privileges for performing WebDAV methods instead of the standard privileges in the WebDAV Access Control Protocol. In addition, we present the facility for detecting conflicts between new access privileges on resources and old access privileges on them. We applied the method-based access control management technique to the CoSlide collaborative system. The developed access control manager enables us to create group workspaces with flexible access control strategies for group members and resources.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.720-722
• /
• 2015

In this paper, we propose a new type of integrated wireless control system using a cloud-based AP Controller. With this system, network administrator can control wireless network in head office and branch hierarchically. In head office, they have an AP Controller Manager, it can control all Access Points, Access point Controllers in their networks. In addition, if we need to install new Access point Controller because of the increasing number of Access Point, the process of making virtual Access point Controller can be automated. This paper presents an architecture of the integrated wireless control system, as well as describes its components and protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.71-81
• /
• 2008

In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.35-44
• /
• 2008

It is important to manage access control for secure ubiquitous applications. In this paper, we present an access-control system for executing policy file which includes access control rules. We implemented Context-aware Access Control Manager(CACM) based on Java Context-Awareness Framework(JCAF) which provides infrastructure and API for creating context-aware applications. CACM controls accesses to method call based on the access control rules in the policy file. We also implemented a support tool to help programmers modify incorrect access control rules using static analysis information, and a simulator for simulating ubiquitous applications. We describe simulation results for several ubiquitous applications.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.127-144
• /
• 2007

This paper describes an Security Manager that integrally manages the Information Service related to RFID middleware, Object Name Service, and Web Service for upper level applications. In order to provide the access control of distributed RFID objects, Single-Sign-On has been implemented by extending existing UCON (Usage Control) model and SAML (Security Assertion Markup Language) assertions. The security technology of distributed RFID systems can be included in middleware and protect RFID information. In the future, it can be also applied to ubiquitous sensor networks.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.999-1008
• /
• 2004

The Jini system provides an infrastructure to facilitate a programmer to develop distributed systems. As one of the Jini services, JavaSpare has been used as a repository which is accessible publicly in the Java distributed environment. Although JavaSpace could give a useful method for saving and sharing java object, it would not be applicable to develop a distributed system requiring access securities for the objects because JavaSpare does not support secure access control. In this paper, we present a secure JavaSpare service based on Jini2.0 named SeureJS, which strengthens the security weakness of JavaSpare. The system consists of ObjectStore to store Java objects, AccessManager to control access of ObjectStore and KeyManager to manage public keys.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.805-807
• /
• 2001

안전한 컴퓨터 시스템 평가기준인 TCSEC(Trusted Computer System Evaluation Criteria)[1] B1급 이상 시스템의 안전한 운영체제들은 강제접근통제(Mandatory Access Control : MAC) 메커니즘을 이용하여 정보의 흐름을 제어하고 있다. 하지만 아무리 정확하게 설계된 접근통제 메커니즘이라고 하더라도 시스템 관리자 또는 보안 관리자가 어떻게 시스템이 접근통제 메커니즘을 관리.운영하느냐에 따라 그 시스템의 안전성과 보안에 대한 신뢰도가 결정된다고 할 수 있다. 지금까지 연구되고 있는 대부분의 MAC을 적용한 안전한 운영체제는 접근통제메커니즘의 적용 및 관리.운영상의 보안문제점을 관리할 적당한 방법을 제시하고 있지 않다[4][5][6][7]. 본 논문은 MAC을 적용한 안전한 운영체제의 안전하고 효율적인 관리.운영을 위한 방법으로 LMACM(Log Manager for Access Control Mechanism)을 제안한다.

• The Korean Journal of Archival Studies
• /
• no.38
• /
• pp.3-35
• /
• 2013

The physical access or control of records with material entities is relatively easy. However, in the case of electronic records, due to its heightened applicative aspect that allows anyone with the authority to have access over the data, it requires an appropriate standard and stability to ensure the authenticity and integrity of electronic records. This study performed functional evaluation by extracting the minimum critical items from the national functional requirements documents and standards to explore the access control function that play an important role for the standard records management system to maintain quality requirements of electronic records. Based on this checklist, it evaluates whether the standard records management system properly carries out the access control function and investigates the current condition of application to practical records management work. Records managers generally do not use access control function, which may be because they do not feel the necessity, since the application of records management system is not yet actively promoted. In order for the standard records management system to be developed to become a more active system, it requires system improvement as well as considerations for below factors: First, although the necessity of establishing access control conditions is already recognized, it requires a clear stipulation of the regulation. Second, measures must be taken to implement access control in the records management system through document security solution. Third, it requires self-reflection of records manager, who utilizes the records management system. Instead of placing all responsibility on the National Archives, which established the system, professionals must further develop the system through continuous evaluation and improvement. Finally, a general discussion is required to publicize the issue of functional improvement of records management system. Although there is a bulletin board already created for this purpose, its users are extremely limited and it only deals with current problems. A space in online as well as in offline is required to solve the fundamental problems and exchange opinions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.55-70
• /
• 2006

In this paper, we propose a new access control security architecture for supporting flexibility in Secure Operating Systems. By adding virtual access control system layer to the proposed security architecture, various access control models such as MAC, DAC, and RBAC can be applied to Secure Operating Systems easily. The proposed security architecture is designed to overcome the problem of Linux system's base access control system. A policy manager can compose various security models flexibly and apply them to Operating Systems dynamically. Also, the proposed architecture is composed of 3 modules such as access control enforcement, access control decision, and security control. And access control models are abstracted to hierarchy structure by virtual access control system. And, we present the notation of policy conflict and its resolution method by applying various access control model.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.6
• /
• pp.951-956
• /
• 2011

CAN communication developed for communication between electric control devices in vehicle, was recently applied to automatic breaking devices, and can also be applied to field bus for production automation. Recently, field bus is introduced in engine control etc., for large ship. In this paper, cabin access control system is implemented, based on CAN communication. The cabin access control system based on CAN communication consists of access control server, embedded system based on ARM9, and micro-controller built-in CAN controller. The access control server can be able to manage overall access control system by accessing with manager. And embedded system adopted ARM9 processor transmits access information of RFID reader controller connected with CAN networks to server, also performs access control. The embedded system carry CAN frames to server, so it is used as gateway.