• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.467-470
• /
• 2009

CAN communication developed for communication between electric control devices in vehicle, was recently applied to automatic braking devices, and can also be applied to field bus for production automation. Recently, field bus is introduced in engine control, etc. for large ship. In this paper, cabin access control system can be implemented, based on CAN communication. The cabin access control system based on CAN communication consists of access control server, embedded system based on ARM9, and micro-controller built-in CAN controller. The access control server can be able to manage overall access control system by accessing with manager. And embedded system adopted ARM9 processor transmits access information of RFID reader controller connected with CAN networks to server, also performs access control. The embedded system can carry CAN frames to server, so it can be used as gateway.

• The Journal of the Korea Contents Association
• /
• v.8 no.11
• /
• pp.25-32
• /
• 2008

Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. In terms of XML documents, it is necessary to describe policies more flexibly beyond simple authorization and to consider access control methods which can be selected. This paper describes and designs the access control policy system for authorization for XML document access and for efficient management to suggest a way to use the capacity of XML itself. The system in this paper is primarily characterized by consideration of who would exercise what access privileges on a specific XML document and by good adjustment of organization-wide demands from a policy manager and a single document writer.

• The KIPS Transactions:PartA
• /
• v.8A no.2
• /
• pp.91-98
• /
• 2001

TCP/IP based remote system using internet presented the method to access and control all the types of resources connected to network system over time and space. In this paper, We studied a resource control method through a mutual communication of a system association composed of service user, provider, and manager of the network system for the web based remote control system. The service users require the resources, and its providers are a variety of devices and digital electronic products which can provide the services in a network system. The service manager who operates the whole system performs the role to interconnect its users with its providers. Through an experiment, an implemented system confirmed flexibility, stability, and extensibility of the method presented in this paper.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.123-126
• /
• 2013

Access control system, when operating the infrastructure manager and the permissions for the user to clearly define the terminology that is. Various IT incidents still happening frequently occur, and these incidents in order to prevent the situation of access control is needed. In this study, the Copy command by hackers hacking incidents, such as walking dangerous limits for instructions attacks in advance, and also the internal administrator accident accidental limit command to walk off the risk in advance and even if the incident occurred access to the command history log and post it as evidence through the analysis techniques that can be utilized are described.

• Journal of Internet Computing and Services
• /
• v.4 no.1
• /
• pp.75-86
• /
• 2003

In this paper, we extended hierarchial structure of managed object class to support Role-Based Access Control, and described constraint conditions that have support dynamic temporal function as well as statical temporal function established by management process. And we defined about violation notifications should report to manager when rules violate constraint conditions. Also we presented system architecture that support RBAC with MIB(Management Information Base) of ITU-T recommendation. By access control enforcement and decision function, constraint conditions and activated translation procedure of each roles are described, our system presents dynamic temporal property systematically.

• Journal of Information Processing Systems
• /
• v.8 no.4
• /
• pp.603-620
• /
• 2012

Proxy Mobile IPv6 (PMIPv6) is a network-based mobility support protocol and it does not require Mobile Nodes (MNs) to be involved in the mobility support signaling. In the case when multiple interfaces are active in an MN simultaneously, each data flow can be dynamically allocated to and redirected between different access networks to adapt to the dynamically changing network status and to balance the workload. Such a flow redistribution control is called "flow mobility". In the existing PMIPv6-based flow mobility support, although the MN's logical interface can solve the well-known problems of flow mobility in a heterogeneous network, some missing procedures, such as an MN-derived flow handover, make PMIPv6-based flow mobility incomplete. In this paper, an enhanced flow mobility support is proposed for actualizing the flow mobility support in PMIPv6. The proposed scheme is also based on the MN's logical interface, which hides the physical interfaces from the network layer and above. As new functional modules, the flow interface manager is placed at the MN's logical interface and the flow binding manager in the Local Mobility Anchor (LMA) is paired with the MN's flow interface manager. They manage the flow bindings, and select the proper access technology to send packets. In this paper, we provide the complete flow mobility procedures which begin with the following three different triggering cases: the MN's new connection/disconnection, the LMA's decision, and the MN's request. Simulation using the ns-3 network simulator is performed to verify the proposed procedures and we show the network throughput variation caused by the network offload using the proposed procedures.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.288-299
• /
• 2012

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2001.04a
• /
• pp.523-528
• /
• 2001

In this paper, we describe the internet-based remote home automation system that con control and manage home appliances or digital devices bi-directionally through Internet. The platform-independency of VRML and Java applet enables users to access their home appliances and to check current state of them in t he virtual reality environment. The main focus is on three aspects. One is on the virtual reality technology to support the user interface efficiently by using 3D GUI in web-browser. Another is on the system architecture that consists of Home server and its manager server called Gate server in this paper. These servers have been implemented by Java RMI which is the basic single programming interface for distribution of objects and services using Java technology. The third, remote PLC controller and each digital devices are composed of home networking by PLC using CEBus protocol.