• 한국정보시스템학회지:정보시스템연구
• /
• 제14권3호
• /
• pp.1-8
• /
• 2005

This paper formally defines a role-driven security and access control model of a business process in order eventually to provide a theoretical basis for realizing the secured business process management systems. That is, we propose a graphical representation and formal description of the mechanism that generates a set of role-driven security and access control models from a business process modeled by the information control net(ICN) modeling methodology that is a typical business process modeling approach for defining and specifying business processes. Based upon the mechanism, we are able to design and accomplish a secured business process management system that provides an unified resource access control mechanism of the business process management engine domain's and the application domain's. Finally, we strongly believe that the secured access control policies from the role-driven security and access control model can be easily transformed into the RBAC(Role-based Access Control) model that is a standardized security technology for computer and communications systems of commercial and civilian government organizations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권9호
• /
• pp.2052-2072
• /
• 2012

Access control is an essential security component in protecting sensitive data and services from unauthorized access to the resources in mission-critical Cyber-Physical Systems (CPSs). CPSs are different from conventional information processing systems in such that they involve interactions between the cyber world and the physical world. Therefore, existing access control models cannot be used directly and even become disabled in an emergency situation. This paper proposes an adaptive Access Control model for Emergences (AC4E) for mission-critical CPSs. The principal aim of AC4E is to control the criticalities in these systems by executing corresponding responsive actions. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the AC4E model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner. Eventually, a wide set of simulations and performance comparisons of the proposed AC4E model are presented.

• 한국산업정보학회논문지
• /
• 제19권1호
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• International journal of advanced smart convergence
• /
• 제4권2호
• /
• pp.69-75
• /
• 2015

There are several possible places which are accessible in many buildings and facilities, various types of systems have been utilized such as access control or surveillance depending on the purpose. Especially if security is important, it must go through the various authentication procedures when people can access. Until now many access control systems have been proposed and developed, they are applied and utilized to companies which security is needed. However, as time passes the problems with existing access control systems occur or the vulnerabilities related to access control are reported, as technology advances. The solution to this, we propose authentication technology related to access control using LED-QR tag.

• 한국정보처리학회논문지
• /
• 제5권4호
• /
• pp.967-974
• /
• 1998

대부분의 침입차단시스템의 접근통제 기능은 전통적인 임의적 접근통제 기법을 적용하여 외부로 부터의 침입을 방지하고 있다. 이러한 전통적인 임의적 접근통제 기법은 다중등급의 네트워크에서 데이터의 중요도에 따라 정보 흐름을 안전하게 통제할 수 없다. 그러므로 다중등급 보안환경에서 활용될 침입차단시스템을 강제적 접근통제 기능을 제공하여야 한다. 본 논문에서는 다중등급 정보를 처리하기 위해 보안 레이블과 강제적 접근통제에 대한 보안 메커니즘 설계방법을 제시한다.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2002년도 ITC-CSCC -3
• /
• pp.2047-2050
• /
• 2002

At present, many applications independently provide access control for their own resources, for example Web, Databases and Operating Systems, etc. Such independent access control systems result in multiple access control configurations each of which deals with the access control in its own application context. Since those multiple configurations are operated in isolation, and maintained by possibly different administrators, they are likely to be incoherent. In this paper, we propose a logical specification to reason about multiple access control configurations. Our specification can be used to detect the incoherence in multiple configurations. Furthermore, it of offers many kinds of policies for multiple configurations that can capture several kinds of requirements for multiple access control systems.

• International Journal of Railway
• /
• 제5권4호
• /
• pp.135-138
• /
• 2012

The article suggests criteria of dividing transport systems into systems of limited and open access. Possibilities of implementing principles of the open access in conjunction with the adaptive control at the railway transport have been analyzed. The author makes a grounded conclusion that the development of transport systems based on the open access and adaptive control can play a positive role in overcoming the global instability of the economy and form prerequisites of its stable grows.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• 정보교육학회논문지
• /
• 제1권2호
• /
• pp.57-66
• /
• 1997

The primary purpose of security mechanisms in a computer systems is to control the access to information. There are two types of access control mechanisms to be used typically. One is discretionary access control(DAC) and another is mandatory access control(MAC). In this study an access control mechanism is introduced for secure access path in security system. The security policy of this access control is that no disclosure of information and no unauthorized modification of information. To make this access control correspond to security policy, we introduce three properties; read, write and create.

• 한국컴퓨터정보학회논문지
• /
• 제26권1호
• /
• pp.103-110
• /
• 2021

본 논문에서는 5G 무선 네트워크 D2D 시스템에서 수행될 수 있는 두 가지 액세스 제어 메커니즘들을 비교해 보고 효과적인 액세스 제어 기법을 제안한다. 현재 5G D2D 시스템에서는 액세스 제어 기법이 표준 규격에 제정 되어 있지 않고 있으나, 두 가지 액세스 제어 기법들이 가능하다. 하나의 방식으로는 UE-to-Network Relay 기반의 액세스 제어 기법이고, 다른 하나의 방식으로는 Remote UE 기반의 액세스 제어 기법이다. 전자의 경우는 UE-to-Network Relay가 액세스 제어 검사를 수행하는 것이며, 후자의 경우는 Remote UE가 액세스 제어 검사를 직접 수행하는 방식이다. 실험 평가 결과, 본 논문에서는 5G 무선 네트워크 D2D 시스템에서 효율적인 액세스 제어 방안으로써 Remote UE 기반의 액세스 제어 기법을 최종 제안한다. Remote UE 기반의 액세스 제어 기법은 UE-to-Network Relay 기반의 액세스 제어 기법이 비하여, 신호 오버헤드를 최소화하고, 서로 액세스 제어 기능들이 다른 경우 보다 효율적인 액세스 제어 검사를 수행할 수 있다.