• Journal of Korea Society of Industrial Information Systems
• /
• v.5 no.4
• /
• pp.16-21
• /
• 2000

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. Administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system must be maintain the integrity of user-role and role-role relationships in the RBAC Database. Therefor, it is required set functions, properties defining integrity of database. When it will be designed security systems which is applying RBAC policy on the Linux(server system environments, this paper defines integrity of database for user-role and role-role relationships, and we propose formal specification of operation in order to manage these relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. Also, this paper can easily derive the implementation of the RBAC administration tool by formal specification of operations. It leads us tn the minimal set for a more efficiently implementation of administration tool.

• Korean Security Journal
• /
• no.48
• /
• pp.79-111
• /
• 2016

This study aims at analyzing the global trend of standardization in the field of Industrial Security through ISO/TC 292. It covers broad areas from risk management for industrial property protection and loss prevention through supply chain security, product and document fraud and counterfeiting countermeasures and control and community resilience. It also explores the historical background of the standardization in the security field, how ISO TC 292 came out as a leading group in order to standardize relevant security management systems. TC 292 deals with terminology, general security-related standards and supply chain security management. One of the major findings from this analysis is that security targets and threats are diversified and so organizations like enterprises should have proper flexibility to adapt themselves to new security environment and take appropriate resilience system to cope with the threats and incidents. Also the ISO standardization requires public or private entities to take holistic approaches in security management. Finally, it was found that South Korea has to prepare for this global trend of standardization in this field so that ISO certification market demand and the requirements for transnational trades can be well met.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.5
• /
• pp.2051-2066
• /
• 2017

This paper deals with reconfigurable secured mobile systems where the reconfigurability has the potential of providing a required adaptability to change the system requirements. The reconfiguration scenario is presented as a run-time automatic operation which allows security mechanisms and the addition-removal-update of software tasks. In particular, there is a definite requirement for filtering and intrusion detection mechanisms that will use fewer resources and also that will improve the security on the secured mobile devices. Filtering methods are used to control incoming traffic and messages, whereas, detection methods are used to detect malware events. Nevertheless, when different reconfiguration scenarios are applied at run-time, new security threats will be emerged against those systems which need to support multiple security objectives: Confidentiality, integrity and availability. We propose in this paper a new approach that efficiently detects threats after reconfigurable scenarios and which is based on filtering and intrusion detection methods. The paper's contribution is applied to Android where the evaluation results demonstrate the effectiveness of the proposed middleware in order to detect the malicious events on reconfigurable secured mobile systems and the feasibility of running and executing such a system with the proposed solutions.

• The Korean Journal of Air & Space Law and Policy
• /
• v.31 no.2
• /
• pp.99-143
• /
• 2016

General aviation and air transport are two wings of the civil aviation industry. Chinese air transport is developing rapidly, and has become the world second air transport system only second to US since 2005. However, Chinese civil aviation is far behind the world average level, and cannot meet requirements of economic construction and social development. The transition and structural adjustment of Chinese economy provide the general aviation with a unprecedented broad market. The prospect of general aviation is promising and anticipated. The development of general aviation industry needs the legislative supports, and the current legislative conditions of Chinese general aviation are undoubtedly far behind the realistic requirements. Accelerating the legislation in Chinese general aviation industry requires scientific legislation concept. First, Legislation must promote development of general aviation industry. The general aviation will serves as a Chinese emerging industry that boosts domestic demand, promotes employment and expedite domestic economic development. We should, based on both the concept of promoting the industrial development of general aviation and national industrial planning, enact and rectify relative laws and regulations. And we should also straighten out the relationship between aviation security and industrial development and promote the revolution of low-altitude airspace management in an all-round way, in order to improve the utilization rate of airspace resources, classify and establish airspace, simplify examination and approval procedure and intensify operation management. In addition, what we should do is to expedite the infrastructure layout construction, guide the differentiated but coordinated development of general aviation industries in various areas, establish a united supervision mechanism of general aviation, redistrict the responsibilities of Chinese Air Control Agency and set up legislation, law enforcement and judicial systems with clarified institutions, clear positioning and classified responsibilities, so as to usher in a new era of the legislative management of Chinese general aviation industry. Second, shift the focus from regulations to both regulations and services. Considering the particularity of the general aviation, we should use American practices for reference and take into account both regulation and service functions when enacting general aviation laws. For example, we should reduce administrative licensing and market supervision, and adopt "criteria" and "approval" management systems for non-commercial and commercial aviation. Furthermore, pay attention to social benefits. Complete social rescuing mechanism through legislation. It should be clarified in legislation that general aviation operators should take the responsibilities of, and ensure to realize social benefits of environmental protection and ecological balance .Finally, rise in line with international standards. Modify Chinese regulations which is inconsistent with international ones to remove barriers to international cooperation. Specify basic legislative principles. One is the principle of coordination. Realize coordination between the civil aviation and general aviation, between military aviation and civil aviation, and among departments. Two is the principle of pertinence. The general aviation has its own rules and specialties, needing to be standardized using specialized laws and regulations. Three is the principle of efficiency. To realize time and space values of general aviation, we should complete rules in aerospace openness, general aviation airport construction, general aviation operations, and regulation enforcement. Four is the principle of security. Balance the maximum use of resources of Chinese airspace and the according potential threats to Chinese national interests and social security, and establish a complete insurance system which functions as security defense and indemnificatory measure. Establish a unified legal system. Currently, the system of Chinese general aviation laws consists of national legislation, administrative laws and regulations and civil aviation regulations (CAR). Some problems exist in three components of the system, including too general content, unclear guarantee measures, incomplete implementation details, and lacking corresponding pertinence and flexibility required by general aviation regulations, stringency of operation management and standards, and uniformity of standards. A law and regulation system, centered on laws and consisting of administrative laws regulations, industrial regulations, implementation details, industrial policies and local laws and regulations, should be established. It is suggested to modify the Civil Aviation Law to make general aviation laws complete, enact the Regulations of General Aviation Development, and accelerate the establishment, modification and abolition of Chinese general aviation laws to intensify the coordination and uniformity of regulations.

• Journal of Industrial Convergence
• /
• v.21 no.12
• /
• pp.37-43
• /
• 2023

In today's business landscape, collaboration and interoperability are crucial for organizational success and profitability. However, integrating operations across multiple organizations is challenging due to differing roles and policies in Identity and Access Management (IAM). User-centric identity (UCI) adopts a personalized approach to digital identity management, centering on the end-user for authentication and access control. It provides a decentralized system that ensures secure and customized access for each user. UCI aims to address complex security challenges by aligning access privileges with individual user requirements. This research delves into UCI's ability to streamline resource access amidst conflicting IAM roles and protocols across various organizations. The study presents a UCI-based multi-domain access control (MDAC) framework, which encompasses an ontology, a unified method for articulating access roles and policies across domains, and software services melding with UCI infrastructure. The goal is to enhance organizational resource management and decision-making by offering clear guidelines on access roles and policy management across diverse domains, ultimately boosting companies' return on investment.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.4
• /
• pp.446-458
• /
• 2017

In order to make a decision about the acquisition of command control communication weapon systems considering the client's technology level requirements, the improvement of the domestic technology level and security of core technology, the person in charge can perform technology evaluation/analysis based on command control communication weapon system patent data. As a method of collecting such patent data, we can collect the patent data of government-designated (Defense Acquisition Program Act Article 35) companies (11 Major defense companies/9 General defense companies) through the Korea Intellectual Property Rights Information System (KIPRIS) of the Korean Intellectual Property Office (KIPO) In this way, we collected 1,526 patents and 134 International Patent Classification (IPC) types through the KIPRIS of the KIPO. Based on these data, we performed three types of analysis, General information analysis, Principal Components Analysis (PCA) and Network analysis, and extracted 27, 19 and 13 IPC types from them, respectively. Based on the above three analysis results, we confirmed 8 IPC types (F41A, F41G, G06F, G01S, H04B, H04L, H04M and H04W) as the key technologies and representative technology fields of domestic communication-electronics defense companies.