• Journal of Korea Society of Industrial Information Systems
• /
• v.19 no.1
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.467-470
• /
• 2009

CAN communication developed for communication between electric control devices in vehicle, was recently applied to automatic braking devices, and can also be applied to field bus for production automation. Recently, field bus is introduced in engine control, etc. for large ship. In this paper, cabin access control system can be implemented, based on CAN communication. The cabin access control system based on CAN communication consists of access control server, embedded system based on ARM9, and micro-controller built-in CAN controller. The access control server can be able to manage overall access control system by accessing with manager. And embedded system adopted ARM9 processor transmits access information of RFID reader controller connected with CAN networks to server, also performs access control. The embedded system can carry CAN frames to server, so it can be used as gateway.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.4 s.32
• /
• pp.49-54
• /
• 2004

Rule-based access control can not completely be replaced by identity-based access control. Neither can role-based access control be a merger of identity-based access control and rule-based access control, but can be used complementarily for each other. In this paper, is proposed a simulation model designed for a new integrated access control method that has been created by means of integrating the existing access control methods. The integrated access control method is equipped with security, integrity and flow control and can easily accomodate the requirements for access control from role-based corporate bodies. The simulation model proposed in this paper can be applied for real working system designs.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.123-129
• /
• 2013

Android file system is vulnerable to the external access of system resources via its arbitrary access mode and need user's control for SD and UMS medias due to its open architecture. In response to the device control, there is a drawback that its controlability is valid only in the case of embedded linux kernel with VDC function. Hence the solution is to directly implement VDC through system call, with another security module for device storage than system module being added to android system. In this paper the new method of android storage access control for personal information is proposed via VDC for mount system of storage. The access method for SD and UMS were implemented using VDC and mount mechanism. This access control system has been designed to control the granted users in kernel level if files are flowed out by copying. As a result, it was proved through testing that the access control system has exactly detected the write access operation.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• The Journal of the Korea Contents Association
• /
• v.7 no.11
• /
• pp.43-51
• /
• 2007

Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. The existing access control has not taken information structures and semantics into full account due to the fundamental limitations of HTML. In addition, access control for XML documents allows only read operations, and there exists the problem of slowing down system performance due to the complex authorization evaluation process. In order to resolve this problem, this paper designs a XML Access Control Management System which is capable of making fined-grained access control. And then, in developing an access control system, it describes the subject and object policies of authorization for XML document on which authorization levels should be specified and which access control should be performed.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.12
• /
• pp.3123-3132
• /
• 1997

In this paper, we describe access control system for protection of pay TV program in digital DBS(Direct Broadcast satellite) system. We also propose a possible access control system and operation scenario for scrambling and descrambling which are important in access control system. Transport stream structure and option, entitlement checking message and entitlement management message for access control on digital broadcasting system are described in this paper. Especially, the authentication based on Flat-Shamir and Gulllou-Quisquater schemes required for verification of proper subscriber as access control is oriented to smart card number and subscriber ID(Identity). It has less restriction than scheme oriented to descrambler number.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.11-16
• /
• 2003

This paper implements Multiple User Authentication System to which the system authenticating with password only has been upgraded. The 4-staged authentication including user ID, password, smart card and access control information, etc. is used at the suggested Multiple User Authentication System. The user authentication system that this paper suggests has been developed based on SecuROS/FreeBSD with the function of access control added to FreeBSD kernel. It provides both the function to limit accost range to the system to each user and the function to check that when inputting important information the demand is the one if the system ; thus, the reliability becomes increased. In the SecuROS/FreeBSD system, MAC and RBAC are being used. So, in the case of users accessing to the system, the Information about the policies of MAC and RBAC to which users would access is used in the authentication. At the time, the access to system if permitted only when the access control information that users demanded satisfies all the access control rules which have been defined In the system.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.35-44
• /
• 2008

It is important to manage access control for secure ubiquitous applications. In this paper, we present an access-control system for executing policy file which includes access control rules. We implemented Context-aware Access Control Manager(CACM) based on Java Context-Awareness Framework(JCAF) which provides infrastructure and API for creating context-aware applications. CACM controls accesses to method call based on the access control rules in the policy file. We also implemented a support tool to help programmers modify incorrect access control rules using static analysis information, and a simulator for simulating ubiquitous applications. We describe simulation results for several ubiquitous applications.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.6
• /
• pp.1394-1401
• /
• 2007

Secure access control is a hot issue of large-scale organizations or information systems, because they have numerous users and information objects. In many cases, system developers should implement an access control module as a part of application. This way induces difficult modification of the module and repeated implementation for new applications. In this paper we implement a Java API library for access control to support system developers who use Java. They can easily build up access control module using our library. Our library supports typical access control models, and it can offer new types of access control. Furthermore, it is able to run multiple access control models at the same time.