• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.3
• /
• pp.1263-1279
• /
• 2020

Activating appropriate roles for a session in the role-based access control (RBAC) model has become challenging because of the so-called role explosion. In this paper, factors and issues related to user-driven role management are analysed, and a session role activation (SRA) problem based on reasonable assumptions is proposed to describe the problem of such role management. To solve the SRA problem, we propose an extended RBAC model with context-based role filtering. When a session is created, context conditions are used to filter roles that do not need to be activated for the session. This significantly reduces the candidate roles that need to be reviewed by the user, and aids the user in rapidly activating the appropriate roles. Simulations are carried out, and the results show that the extended RBAC model is effective in filtering the roles that are unnecessary for a session by using predefined context conditions. The extended RBAC model is also implemented in the Apache Shiro framework, and the modifications to Shiro are described in detail.

• Journal of Internet Computing and Services
• /
• v.7 no.5
• /
• pp.109-121
• /
• 2006

In this paper, we suggest lattice based role graph security management model which changes security level in mandatory access control model as well as constraint and role hierarchy systematically in role base access control model. In this model, we solved privilege abuse of senior role that is role graph model's problem, and when produce conflict between privileges, we can keep integrity of information by reseting grade of subject through constraint. Also, we offer strong security function by doing to be controlled by subject's security level as well as privilege inheritance by role hierarchy, Finally, we present the role graph algorithms with logic to disallow roles that contain conflicting privileges.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.1B
• /
• pp.1-9
• /
• 2009

In this paper, we propose an enhanced handoff support scheme based on network-based mobility management protocol, Proxy Mobile IPv6 (PMIPv6), which is actively standardized by the IETF NETLMM working group. By utilizing the dynamic virtual hierarchy network architecture between mobile access gateways (MAGs), the proposed scheme can support network scalability and reliability to wireless access network. In addition, we propose pre-authentication process based on the policy store (PS) to support a fast and seamless handoff. We evaluate the performance of the proposed scheme in terms of handoff delay and end-to-end delay thru computer simulation. Thru, various computer simulation results, we verified the superior performance of the proposed scheme by comparing with the results of other schemes.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.55-69
• /
• 2010

This article proposed the authentication protocol for peer-to-peer resource sharing community. The proposed protocol does not require a priori information for generating and exchanging authentication key. Also this protocol can provide the delicate access control by allowing the user(authenticator) to assign the trust level to the authentication supplicant, which can be used to decide if the resource providing node will accept the resource sharing request from a resource requesting node. Trust Relationship Chaining provides the environment where trust levels (included in the trust table) of nodes in the resource sharing community are propagated among nodes when trust tables are exchanged between two nodes engaged in mutual authentication process and authentication refresh so that any two nodes which are not directly mutual-authenticated can assign the trust level each other for the access control for resource sharing. In the proposed protocol a node can implements the authentication refresh continuously to verify the effectiveness of authentication after mutual authentication so that the authentication of new node or authentication revocation(effectiveness cancellation) of the departed node can be propagated to the all the nodes in RSC and eventually safe resource sharing community is configured.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.28 no.2
• /
• pp.75-89
• /
• 2003

Media Access Control (MAC) Protocol in IEEE 802.11 Wireless LAN standard supports two types of services, synchronous and asynchronous. Synchronous real-time traffic is served by Point Coordination Function (PCF) that implements polling access method. Asynchronous nonreal-time traffic is provided by Distributed Coordination Function (DCF) based on Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. Since real-time traffic is sensitive to delay, and nonreal-time traffic to error and throughput, proper traffic scheduling algorithm needs to be designed. But it is known that the standard IEEE 802.11 scheme is insufficient to serve real-time traffic. In this paper, real-time traffic scheduling and admission control algorithm is proposed. To satisfy the deadline violation probability of the real time traffic the downlink traffic is scheduled before the uplink by Earliest Due Date (EDD) rule. Admission of real-time connection is controlled to satisfy the minimum throughput of nonreal-time traffic which is estimated by exponential smoothing. Simulation is performed to have proper system capacity that satisfies the Quality of Service (QoS) requirement. Tradeoff between real-time and nonreal-time stations is demonstrated. The admission control and the EDD with downlink-first scheduling are illustrated to be effective for the real-time traffic in the wireless LAN.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.2
• /
• pp.281-289
• /
• 2020

This research analyses the challenges facing SMEs in Oman in their quest for internationalization. The study is based on the OECD Model of Internationalization put forward in the report titled "How to Foster the Internationalization of SMEs through the Pacific Alliance Integration Process" which focuses on four factors namely finance, business environment, firm capabilities and market access, which are appropriate for an emerging economy like Oman. This study used a descriptive and quantitative research design in attempting to analyze the challenges being faced by Omani SMEs in their endeavors to internationalize. The research investigates causal relationship between variables using positivist and deductive approach. Data collected from 102 respondents was analysed by Structural Equation Modeling(SEM) using AMOS. It was found that finance availability was the most significant predictor of internationalization challenges followed by market access and business environment, while firm capabilities had no impact. Thus SMEs need easier access to credit and have to develop their international business networks and their marketing capabilities in order to grow internationally. Keeping in mind the contribution made by SMEs the government has to intervene by opening up easy lines of credit to SME exporters and allowing them relaxations in customs and other duties.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.10
• /
• pp.481-489
• /
• 2020

The study examines the role of facilitating conditions and user habits in the use of technology in Online Learning Platform (OLP) in Indonesia. The adoption of online learning, persistence, and learning results in online platforms is essential for ensuring that education technology is implemented and gets as much value as possible. People who use technology and systems will embrace new technologies even more. This quantitative study is based on a survey of 254 respondents, who were active users of the technology, and considers the facilitating conditions and user habits variables. Two research hypotheses were tested using the Partial Least Square-Structural Equation Modeling method. Cronbach's Alpha, path coefficient, AVE, R-square, T-test were applied. The results showed that the factors significantly influence the Online Learning Platform technology behavioral intention. This impact is primarily associated with the availability of the resources required to use OLP technology. The availability of these resources includes supporting infrastructures such as widespread Internet access, easy access to mobile devices, and file sizes that affect access speed. The findings of this study suggest that it is necessary to introduce and increase the availability of resources for using OLP technology, and familiarize people with the technology features.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.23 no.8
• /
• pp.2096-2105
• /
• 1998

As there can be coincident bursts which may result in congetsion in a node of ATM network, reactive flow control schemes are required to guarantee user's Quality of Service. But, the high speed characteristics of ATM networks make it difficult to control source transmission rate in reacting to congestions in intermediate nodes. Therefore, flow control in Customer Premise Network may be more efficient than end-to-end flow control. In this paper, we propose a management model for flow ontrol in CPN and new Network Access Flow/Congestsion control scheme to utilize efficiently Virtual Path Connection.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.288-299
• /
• 2012

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.