• Title/Summary/Keyword: Access control system

Search Result 1,727, Processing Time 0.031 seconds

Secure Attribute-Based Access Control with a Ciphertext-Policy Attribute-Based Encryption Scheme

  • Sadikin, Rifki;Park, Young Ho;Park, Kil Houm
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.19 no.1
    • /
    • pp.1-12
    • /
    • 2014
  • An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

Implementation Access Control System Based on CAN Communication (CAN통신 기반 출입통제 시스템 구현)

  • Song, Chong-kwan;Park, Jang-sik;Kim, Hyun-tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2009.05a
    • /
    • pp.467-470
    • /
    • 2009
  • CAN communication developed for communication between electric control devices in vehicle, was recently applied to automatic braking devices, and can also be applied to field bus for production automation. Recently, field bus is introduced in engine control, etc. for large ship. In this paper, cabin access control system can be implemented, based on CAN communication. The cabin access control system based on CAN communication consists of access control server, embedded system based on ARM9, and micro-controller built-in CAN controller. The access control server can be able to manage overall access control system by accessing with manager. And embedded system adopted ARM9 processor transmits access information of RFID reader controller connected with CAN networks to server, also performs access control. The embedded system can carry CAN frames to server, so it can be used as gateway.

  • PDF

Design of a Simulation Model for Integrated Access Control (통합 접근 제어를 위한 시뮬레이션 모델 설계)

  • Lee Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.4 s.32
    • /
    • pp.49-54
    • /
    • 2004
  • Rule-based access control can not completely be replaced by identity-based access control. Neither can role-based access control be a merger of identity-based access control and rule-based access control, but can be used complementarily for each other. In this paper, is proposed a simulation model designed for a new integrated access control method that has been created by means of integrating the existing access control methods. The integrated access control method is equipped with security, integrity and flow control and can easily accomodate the requirements for access control from role-based corporate bodies. The simulation model proposed in this paper can be applied for real working system designs.

  • PDF

Android Storage Access Control for Personal Information Security (개인정보를 위한 안드로이드 저장장치 접근제어)

  • You, Jae-Man;Park, In-Kyoo
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.13 no.6
    • /
    • pp.123-129
    • /
    • 2013
  • Android file system is vulnerable to the external access of system resources via its arbitrary access mode and need user's control for SD and UMS medias due to its open architecture. In response to the device control, there is a drawback that its controlability is valid only in the case of embedded linux kernel with VDC function. Hence the solution is to directly implement VDC through system call, with another security module for device storage than system module being added to android system. In this paper the new method of android storage access control for personal information is proposed via VDC for mount system of storage. The access method for SD and UMS were implemented using VDC and mount mechanism. This access control system has been designed to control the granted users in kernel level if files are flowed out by copying. As a result, it was proved through testing that the access control system has exactly detected the write access operation.

Security Improvement of File System Filter Driver in Windows Embedded OS

  • Seong, Yeon Sang;Cho, Chaeho;Jun, Young Pyo;Won, Yoojae
    • Journal of Information Processing Systems
    • /
    • v.17 no.4
    • /
    • pp.834-850
    • /
    • 2021
  • IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

A Study on Policy Design of Secure XML Access Control (안전한 XML 접근 제어의 정책 설계에 관한 연구)

  • Jo, Sun-Moon;Joo, Hyung-Seok;Yoo, Weon-Hee
    • The Journal of the Korea Contents Association
    • /
    • v.7 no.11
    • /
    • pp.43-51
    • /
    • 2007
  • Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. The existing access control has not taken information structures and semantics into full account due to the fundamental limitations of HTML. In addition, access control for XML documents allows only read operations, and there exists the problem of slowing down system performance due to the complex authorization evaluation process. In order to resolve this problem, this paper designs a XML Access Control Management System which is capable of making fined-grained access control. And then, in developing an access control system, it describes the subject and object policies of authorization for XML document on which authorization levels should be specified and which access control should be performed.

Access Control of Pay TV Program in Digital Satellite Broadcasting System (디지털 위성방송 시스템에서 유료 TV방송 프로그램 접근제어)

  • Park, Jeong-Hyun;Lee, Sang-Ho
    • The Transactions of the Korea Information Processing Society
    • /
    • v.4 no.12
    • /
    • pp.3123-3132
    • /
    • 1997
  • In this paper, we describe access control system for protection of pay TV program in digital DBS(Direct Broadcast satellite) system. We also propose a possible access control system and operation scenario for scrambling and descrambling which are important in access control system. Transport stream structure and option, entitlement checking message and entitlement management message for access control on digital broadcasting system are described in this paper. Especially, the authentication based on Flat-Shamir and Gulllou-Quisquater schemes required for verification of proper subscriber as access control is oriented to smart card number and subscriber ID(Identity). It has less restriction than scheme oriented to descrambler number.

  • PDF

Multiple User Authentication based on SecuROS/FreeBSD (SecuROS/FreeBSD 기반 다단계 사용자 인증 시스템)

  • Doo, So-Young;Kim, Jong-Nyeo;Kong, Eun-Bae
    • The KIPS Transactions:PartC
    • /
    • v.10C no.1
    • /
    • pp.11-16
    • /
    • 2003
  • This paper implements Multiple User Authentication System to which the system authenticating with password only has been upgraded. The 4-staged authentication including user ID, password, smart card and access control information, etc. is used at the suggested Multiple User Authentication System. The user authentication system that this paper suggests has been developed based on SecuROS/FreeBSD with the function of access control added to FreeBSD kernel. It provides both the function to limit accost range to the system to each user and the function to check that when inputting important information the demand is the one if the system ; thus, the reliability becomes increased. In the SecuROS/FreeBSD system, MAC and RBAC are being used. So, in the case of users accessing to the system, the Information about the policies of MAC and RBAC to which users would access is used in the authentication. At the time, the access to system if permitted only when the access control information that users demanded satisfies all the access control rules which have been defined In the system.

An Access Control System for Ubiquitous Computing based on Context Awareness (상황 인식 기반의 유비쿼터스 컴퓨팅을 위한 접근 제어 시스템)

  • Lee, Ji-Yeon;Ahn, Joon-Seon;Doh, Kyung-Goo;Chang, Byeong-Mo
    • The KIPS Transactions:PartA
    • /
    • v.15A no.1
    • /
    • pp.35-44
    • /
    • 2008
  • It is important to manage access control for secure ubiquitous applications. In this paper, we present an access-control system for executing policy file which includes access control rules. We implemented Context-aware Access Control Manager(CACM) based on Java Context-Awareness Framework(JCAF) which provides infrastructure and API for creating context-aware applications. CACM controls accesses to method call based on the access control rules in the policy file. We also implemented a support tool to help programmers modify incorrect access control rules using static analysis information, and a simulator for simulating ubiquitous applications. We describe simulation results for several ubiquitous applications.

A Design and Implementation of Java Library for Multiple Access Control Models (다중 접근제어 모델을 위한 Java 라이브러리의 설계 및 구현)

  • Oh, Se-Jong
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.8 no.6
    • /
    • pp.1394-1401
    • /
    • 2007
  • Secure access control is a hot issue of large-scale organizations or information systems, because they have numerous users and information objects. In many cases, system developers should implement an access control module as a part of application. This way induces difficult modification of the module and repeated implementation for new applications. In this paper we implement a Java API library for access control to support system developers who use Java. They can easily build up access control module using our library. Our library supports typical access control models, and it can offer new types of access control. Furthermore, it is able to run multiple access control models at the same time.

  • PDF