• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• 한국산업정보학회논문지
• /
• 제19권1호
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권3호
• /
• pp.1315-1329
• /
• 2018

Ciphertext-policy attribute-based encryption (CP-ABE) associates ciphertext with access policies. Only when the user's attributes satisfy the ciphertext's policy, they can be capable to decrypt the ciphertext. Expressivity and security are the two directions for the research of CP-ABE. Most of the existing schemes only consider monotonic access structures are selectively secure, resulting in lower expressivity and lower security. Therefore, fully secure CP-ABE schemes with non-monotonic access structure are desired. In the existing fully secure non-monotonic access structure CP-ABE schemes, the attributes that are set is bounded and a one-use constraint is required by these projects on attributes, and efficiency will be lost. In this paper, to overcome the flaw referred to above, we propose a new fully secure non-monotonic access structure CP-ABE. Our proposition enforces no constraints on the scale of the attributes that are set and permits attributes' unrestricted utilization. Furthermore, the scheme's public parameters are composed of a constant number of group elements. We further compare the performance of our scheme with former non-monotonic access structure ABE schemes. It is shown that our scheme has relatively lower computation cost and stronger security.

• International Journal of Internet, Broadcasting and Communication
• /
• 제13권3호
• /
• pp.1-11
• /
• 2021

Development of ICT technologies leads exponential growth of various sharing economy over the last couple of years. The intuitive advantage of the sharing economy is efficient utilization of idle goods and services, but there are safety and security concerns. In this paper, we propose a onetime password based access control system to support secure accommodation sharing service and show the implementation results. To provide a secure service to both the provider and the user, the proposed system issues a onetime access password that is valid only during the sharing period reserved by the user, thereafter access returns to the accommodation owner. Especially, our system provides secure user access by merging the two elements of speaker recognition using voice and a one-time password to open and close the door lock. In this paper, we propose a secure system for accommodation sharing services as a use-case, but the proposed system can be applicable to various sharing services utilizing security-sensitive facilities.

• 정보교육학회논문지
• /
• 제1권2호
• /
• pp.57-66
• /
• 1997

The primary purpose of security mechanisms in a computer systems is to control the access to information. There are two types of access control mechanisms to be used typically. One is discretionary access control(DAC) and another is mandatory access control(MAC). In this study an access control mechanism is introduced for secure access path in security system. The security policy of this access control is that no disclosure of information and no unauthorized modification of information. To make this access control correspond to security policy, we introduce three properties; read, write and create.

• 정보처리학회논문지D
• /
• 제10D권5호
• /
• pp.773-780
• /
• 2003

SecuROS(Secure & Reliable Operating System) 시스템은 FreeBSD 4.3 운영체제 커널에 접근 제어, 사용자 인증, 감사 추적, 암호화 파일 시스템, 신뢰 채널 등의 보안 기능을 추가 구현하여 시스템에 발생 가능한 해킹을 방지하고 차단하는 시스템을 말한다. 본 논문에서는 SecuROS의 핵심 기술 중에 하나인 접근제어 기법을 기술하고, 해당 접근제어 정책인 DAC, MAC, RBAC의 구현 내용을 소개하며, 접근제어 정책의 적용에 따른 보안성과 성능 시험을 위한 도구 및 방법을 나타낸다. 기존의 운영체제 환경과 새로운 접근제어 정책을 적용한 환경 사이의 보안성 및 성능의 상관 관계를 기술한다.

• 정보처리학회논문지C
• /
• 제11C권7호
• /
• pp.999-1008
• /
• 2004

Jini 서비스는 개발자에게 분산시스템을 쉽게 개발할 수 있는 하부구조를 제공한다. Jini 서비스 중 하나인 JavaSpace는 자바환경의 분산 컴퓨팅 모델로서 객체를 저장하고 저장된 객체에 접근할 수 있는 공간을 말한다. 이러한 JavaSpace 서비스는 객체를 공유하는 방법으로 매우 유용하게 사용되고 있지만, 보안성이 취약하여 객체정보에 대한 접근 보안이 요구되는 분산시스템의 개발에는 적합하지 않다. 본 논문에서는 JavaSpace의 취약한 보안성을 강화시켜 안전한 JavaSpace 서비스를 제공하는 SecureJS 시스템에 대하여 설명한다. Jini2.0 기반의 SecureJS 시스템은 자바객체를 저장할 수 있는 ObjectStore와 사용자에 대한 ObjectStore의 접근을 제어하는 AccessManager 그리고 공개키를 관리하는 KeyManager로 구성되어 있다.

• 한국컴퓨터정보학회논문지
• /
• 제6권4호
• /
• pp.119-124
• /
• 2001

본 논문에서는 실제적인 접근 제어 시스템에 적용이 가능하도록 기존의 검증된 접근 제어 메커니즘을 적용하여 보안성, 무결성 및 흐름제어 보안 기능을 제공하며 직무 중심조직의 접근 제어 요구를 용이하게 수용할 수 있는 안전한 직무 기반 접근 제어 모델을 제안한다. 제안한 모델은 주로 인터넷 상에서 웹을 기반으로 하는 응용 시스템에 적용할 수 있는 간단하면서도 안전한 접근 제어 모델이다.

• 정보보호학회논문지
• /
• 제16권2호
• /
• pp.55-70
• /
• 2006

본 논문에서는 유연한 접근통제를 제공하는 보안 운영체제에 적합한 새로운 접근통제 보안구조를 제안한다. 제안된 보안구조는 가상 접근통제 시스템을 추가하여 다양한 접근통제모델을 보안 운영체제에 쉽게 적용할 있는 특성을 제공한다. 또한, 기존의 리눅스 시스템의 표준 접근통제의 단점을 극복하기 위해 설계되었으며, 유연하게 보안모델들을 조합할 수 있을 뿐만 아니라 동적으로도 보안모델들을 적용할 수 있다. 제안된 접근통제 보안구조는 접근통제집행부분과 접근통제결정 부분, 보안제어부분으로 분리되고, 가상 접근통제 시스템에 의해 접근통제 모델들은 계층적 구조로 추상화된다. 그리고 다양한 접근통제 모델을 적용함으로써 발생하는 정책충돌의 개념과 해결방법을 제시한다.

• Design & Manufacturing
• /
• 제15권4호
• /
• pp.14-23
• /
• 2021

In this study, we have analyzed the access status and the data usage trend of the public Wi-Fi on the bus, which has not been carried out in the previous studies. The analysis period of this study is 5 months from Nov. 2020 to Mar. 2021. When we compared the access status of Seoul metropolitan and the non-metropolitan region against each region's deployment status ratio, the access ratio of the metropolitan region was higher than the non-metropolitan region, of which the gap was 4.53%. The access for each region showed the growing trend, which was 43.5% on average. The data usage also showed the growing trend, 2.7% on average. Weekly data usage showed the growing trend irrespective of weekdays or weekends. The data usage of the weekdays was 695GB higher than weekends. The data usage during commuting hours including school (7:00~9:00 a.m. and 4:00~6:00 p.m.) was higher than 3,000GB. We can conclude that bus public Wi-Fi was used more actively in non-metropolitan region than Seoul metropolitan region by the office workers and students. The secure access also showed the growing trend. And the secure data usage also showed the growing trend.