• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10a
• /
• pp.73-76
• /
• 2001

다중등급을 갖고 있는 대용량 데이터베이스 환경에서 각 보안등급을 갖고 있는 사용자가 데이터베이스에 접근할 때 확장된 강제적 접근제어(MAC:Mandatory Access Control) 방식과 역한 그래프(Role Graph)를 이용해 하위등급의 사용자가 상위등급의 데이터를 추론하거나 인지하는 데이터 유출을 방지하여 데이터의 무결성(integrity)과 데이터베이스 관리시스템(DBMS:Database Management System) 전체의 보안을 유지하며 각 보안등급의 데이터와 사용자를 효율적으로 관리하고 제어한 수 있는 역할관리 보안모델을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1161-1164
• /
• 2004

정보통신기술의 급속한 발전과 웹을 통한 기업모델의 다양화로 인해 개인정보를 통한 새로운 경영기법의 발전은 향상되었던 반면 개인정보의 오용과 남용은 인터넷 발전의 가장 큰 저해 요소 중 하나로 대두되게 되었다. 그러므로 방대한 정보를 부당한 사용자로부터 보호하면서 개인의 프라이버시를 보장하기 위해서는 적절한 접근통제 정책이 요구되어진다. 본 논문에서는 Biba 모델의 엄격한 무결성 정책에 대한 접근모드, 시스템 상태정보 그리고 주체의 생성과 실행에 따른 제약조건을 기술하였다. 또한, 객체의 용도(purpose)와 접근권한의 제약조건으로 구성되는 컨텍스트를 엄격한 무결성 정책에 적용하므로서 주체에 의한 객체정보의 임의적 연산을 방지하므로서 객체 정보를 보호할 수 있다.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.39 no.5
• /
• pp.54-64
• /
• 2002

Recently System On a Chip(SoC) design based on IP cores has become the trend of If design To prevent the testing problem from becoming the bottleneck of the core-based design, defining of an efficient test architecture and a successful test methodology are mandatory. This paper describes a test architecture and a test control access mechanism for SoC based on IEEE 1149.1 boundary,scan. The proposed SoC test architecture is fully compatible with IEEE P1500 Standard for Embedded Core Test(SECT), and applicable for both TAPed cores and Wrapped cores within a SOC with the same test access mechanism. Controlled by TCK, TMS, TDI, and TDO, the proposed test architecture provides a hierarchical test feature.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.12
• /
• pp.1053-1068
• /
• 2003

In this paper, we propose a new scheduling method without timing covert channel of real-time transaction for secure database systems that implement mandatory access control. Our scheduling method use the wait queue based on security level to remove timing covert channel. And it use priority queue that consider transaction type, deadline, and weight. Therefore, the proposed scheduling method prevents timing covert channel because it is kept noninterference between transactions with different security level, and maximizes the sum of the weight of transactions that satisfy its deadline. The simulation results, is a comparison of traditional methods, show that our scheduling method is improved to 30%.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• Korea Journal of Hospital Management
• /
• v.21 no.3
• /
• pp.65-70
• /
• 2016

The Long-Term Care Hospital (LTCH) accreditation system was initiated in 2013 in the form of mandatory accreditation system in order to improve patient safety and the quality of medical service at LTCHs. By June 2016, the accredited LTCHs were 76.2%. This research was conducted to review the implementation process in the first cycle and to promote development of the second cycle of LTCH accreditation system. There are some changes which reinforced the accreditation standards, accreditation survey, and public access to accreditation results in order to strengthen patient safety in the first cycle LTCH accreditation system. LTCHs which participated in the accreditation system achieved certain outcomes in respect to patient safety and employee satisfaction. However, there are several urgent problems in placement criteria of night duty health care providers, reinforcement plans in the accreditation system, and incentives for accredited hospitals. In order to solve these problems, the most important thing is to clearly recognize the fact that the healthcare accreditation system is not the means for control and regulate hospitals but a system to induce hospitals to continue to strive for improvements in patient safety and medical service quality. In addition, it is required that LTCHs, accrediting agency and the Ministry of Health and Welfare compromise and cooperate to seek solutions every time issues related to the accreditation system arise.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.3
• /
• pp.429-438
• /
• 2021

The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.6 s.360
• /
• pp.9-17
• /
• 2007

This paper shows an implementation of the baseband processor compliant with the IEEE 802.11a standard. Some innovative techniques are proposed to fulfill the mandatory requirements of the standard. For verification and analysis of this design, we use a Platform-based SoC (system on chip) environment. The entire system consists of test-board for the baseband processor chip and the SoC platform for implementing MAC (medium access control).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.43-54
• /
• 2001

In this paper we study the use of polyinstantiation for spatial data, for the purpose of solving cover in topology channel in multilevel secure spatial database systems. Spatial database system with topological structure has a number of spatial analysis function using spatial data and neighbored one\`s each other. But. it has problems that information flow is occurred by topological relationship in spatial database systems. Geographic Information System(CIS) must be needed mandatory access control because there ,are many information flow through positioning information And topological relationship between spatial objects. Moreover, most GIS applications also graphe user interface(GUI). In addressing these problems, we design the MLS/SRDM(Multi Level Security/Spatial Relational Data Model) and propose polyinstantiation for spatial data for solving information flow that occurred by toplogical relationship of spatial data.

• Fire Science and Engineering
• /
• v.34 no.1
• /
• pp.103-114
• /
• 2020

The purpose of this study is to investigate the effect of apartment residents' safety education satisfaction and the application of fire protection plans on fire safety awareness. The analysis results are as follows. First, the low levels of satisfaction with safety education content had a negative effect on anxiety about fire safety. This means that apartment residents' low levels of interest or participation in education affected their safety awareness, which prevented them from securing safety from fire. It is necessary for control staff to have a positive impact on their educational satisfaction via the learning support information system, among others, in order to create a satisfying education and safety culture. Second, competence in the execution of firefighting plans had a positive effect on fire safety awareness. These results indicate that apartment residents do not have the opportunity to access the education and training necessary for safety, nor the legal responsibility to complete mandatory safety education, which leads to their lack of safety awareness. Therefore, the control staff need to raise awareness of fire safety and the importance of participating in safety education among apartment residents by strengthening and activating the execution of firefighting plans in order to ensure safe living. Third, the competency of the firefighting plans moderated the effects of apartment residents' educational satisfaction on their awareness of fire safety.