• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.33-38
• /
• 2001

역할기반 접근제어(RBAC : Role Based Access Control)는 임의적 접근제어와 강제적 접근제어에 비해 견고함과 유연성을 제공한다. 따라서 RBAC은 최근 금융시스템 및 병원시스템 등에서 많은 관심의 대상이 되고 있다. 본 논문에서는 안전성이 인증된 다중등급보안(MLS : Multi-Level Security) 리눅스를 이용하여 인터넷상에서 가상은행의 금융업무를 안전하게 처리할 수 있는 다중등급기반의 RBAC 시스템을 구현함을 보인다.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.39-48
• /
• 2010

In a complex, secure IT system environment there will be groups of data that be segregated from one another, yet reside on the same system. Users of the system will have varying degrees of access to specific data. The Configuration Management(CM) of the information architecture, the physical architecture, user privileges and application security policies increases the complexity for operations, maintenance and security staff. This pager describes(current work to merge the capabilities of a network CM toll with those of a Computer Aided System Engineering(CASE) tool. The rigour of Systems Engineering(SE) modelling techniques can be used to deal with the complexities of multi-level information security. The SE logical and physical models of the same system are readily tailorable to document the critical components of both the information architecture and physical architecture that needs to be managed. Linking a user-friendly, physical CM tool with the extended capabilities of a CASE tool provide the basis for improved configuration management of secure IT systems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.235-247
• /
• 2021

Today, the cloud computing has become a major demand of many organizations. The major reason behind this expansion is due to its cloud's sharing infrastructure with higher computing efficiency, lower cost and higher fle3xibility. But, still the security is being a hurdle that blocks the success of the cloud computing platform. Therefore, a novel Multi-tenant Decentralized Information Flow Control (MT-DIFC) model is introduced in this research work. The proposed system will encapsulate four types of entities: (1) The central authority (CA), (2) The encryption proxy (EP), (3) Cloud server CS and (4) Multi-tenant Cloud virtual machines. Our contribution resides within the encryption proxy (EP). Initially, the trust level of all the users within each of the cloud is computed using the proposed two-stage trust computational model, wherein the user is categorized bas primary and secondary users. The primary and secondary users vary based on the application and data owner's preference. Based on the computed trust level, the access privilege is provided to the cloud users. In EP, the cipher text information flow security strategy is implemented using the blowfish encryption model. For the data encryption as well as decryption, the key generation is the crucial as well as the challenging part. In this research work, a new optimal key generation is carried out within the blowfish encryption Algorithm. In the blowfish encryption Algorithm, both the data encryption as well as decryption is accomplishment using the newly proposed optimal key. The proposed optimal key has been selected using a new Self Improved Cat and Mouse Based Optimizer (SI-CMBO), which has been an advanced version of the standard Cat and Mouse Based Optimizer. The proposed model is validated in terms of encryption time, decryption time, KPA attacks as well.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.228-232
• /
• 2006

최근 활발히 개발 중인 보안운영체제의 핵심인 보안커널(security kernel)은 참조모니터(reference monitor)에서 주체(subject)가 객체(object)에 대한 실행(action) 권한을 판단함으로써 접근 제어를 실행한다. 보안운영체제의 대표적인 접근제어모델에는 다중레벨접근제어(MLS: Multi Level Security)모델과 역할기반접근제어(RBAC: Role Based Access Control) 모델 등이 있다. 리눅스 시스템에서 이러한 접근제어모델을 적용하기 위해서 접근 대상이 되는 객체들의 효과적인 분류가 요구된다. 본 논문에서는 리눅스 환경에서 효과적인 접근제어모델을 적용하기 위하여 객체들을 객체 클래스(class)와 유형(type)을 기준으로 분류 하였다.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.69-76
• /
• 2013

A lot of researches have been done to improve the energy efficiency of Wireless Sensor Networks. But all the current researches are based on the idea of direct communication between cluster head and sink node. Previous results assume that node can intelligently regulate signal energy according to the distance between nodes. It is difficult to implement algorithms based on this assumption. We present a multi-level routing algorithm from the sink node to all other nodes which have fixed radio wave radius. We also show the energy saving efficiency and the implementation in real WSN using the simulation result.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.3-8
• /
• 2023

Multi-domain optical transport networks are not fundamentally interoperable and require an integrated orchestration mechanism and path provision mechanism at the entire network level. In addition, ensuring network survivability is one of the important issues. MPLS-TP (Multi-Protocol Label Switching-Transport Profile) defines various protection/recovery methods as standards, but does not mention how to calculate and select protection/recovery paths. Therefore, an algorithm that minimizes protection/recovery collisions at the optical circuit packet integrated network level and calculates and sets a path that can be rapidly protected/recovered over the entire integrated network area is required. In this paper, we proposed an algorithm that calculates and sets up a path that can be rapidly protected and restored in a T-SDN network composed of multiple ring-mesh topology.

• Journal of Korean Society for Quality Management
• /
• v.41 no.4
• /
• pp.649-657
• /
• 2013

Purpose: In this study, the actual situation of domestic firms vulnerable to industrial security competence will be discussed. And accordingly be discussed for effective response measures. Methods: Using a structured questionnaire by mail, fax, e-mail and fill method was used respondents. By the end of '10 R&D Center, which holds 15,247 companies(population) among the 95% level of confidence, tolerance ${\pm}3%$ p-level corporate type, sector, region extraction method stratified multi-level companies were investigated through the final 1529. Results: The average level of industrial security capabilities 43.8%(out of 100) is very weak, so urgent and positive response measures also need to be investigated sought. Conclusion: we propose the effective management framework and improvement plans to prevent illegal industrial leakage are to be made.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.5 no.1
• /
• pp.51-64
• /
• 1995

In distributed environments, the DB secure models have been being studied to include the multi-level mechanism which is effective to control access according to the level of the data value. These mechanisms have the problems. The first, it is impossible to maintain the global data which is protected in the multi-level mechanism. The second, the access and the relation of the data is not clear due to the access revocation between the local data and the global's. In this paper, we proposed the mechanism using shema. The mechanism doesn't have the access revocation, and provides the protection of the data and the control to the global data.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.9 no.1 s.24
• /
• pp.80-88
• /
• 2006

The purpose of this thesis is to research and propose a practical Information Security Technical Architecture on Primary Defense Information Infrastructure with regard to requirement of information security. The scope of this research is limited to national defense information master plan & security rule, and U.S. DoD's IATF is used to plan a detailed structure. The result of this research can be used as a guide book for providing security for Army IT infrastructure now and in the future as well as to devise a plan for research and development in information protection technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.761-770
• /
• 2012

CAPTCHAs(Completely Automated Public Turing tests to tell Computer and Human Apart) have been widely used for preventing the automated attacks such as spam mails, DDoS attacks, etc.. In the early stages, the text-based CAPTCHAs that were made by distorting random characters were mainly used for frustrating automated-bots. Many researches, however, showed that the text-based CAPTCHAs were breakable via AI or image processing techniques. Due to the reason, the image-based CAPTCHAs, which employ images instead of texts, have been considered and suggested. In many image-based CAPTCHAs, however, the huge number of source images are required to guarantee a fair level of security. In 2008, Kang et al. suggested a new image-based CAPTCHA that uses test images made by composing multiple source images, to reduce the number of source images while it guarantees the security level. In their paper, the authors showed the convenience of their CAPTCHA in use through the use study, but they did not verify its security level. In this paper, we verify the security of the image-based CAPTCHA suggested by Kang et al. by performing several attacks in various scenarios and consider other possible attacks that can happen in the real world.