• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.59-67
• /
• 2010

In the paper, we proposed an IM-ACM(Insider Misuse-Access Control Model) for preventing illegal information leakage by insider who exploits his legal rights in the ubiquitous computing environment. The IM-ACM can monitor whether insider uses data rightly using misuse monitor add to CA-TRBAC(Context Aware-Task Role Based Access Control) which permits access authorization according to user role, context role, task and entity's security attributes. It is difficult to prevent information leakage by insider because of access to legal rights, a wealth of knowledge about the system. The IM-ACM can prevent the information flow between objects which have the different security levels using context role and security attributes and prevent an insider misuse by misuse monitor which comparing an insider actual processing behavior to an insider possible work process pattern drawing on the current defined profile of insider's process.

• Journal of Digital Contents Society
• /
• v.10 no.1
• /
• pp.129-145
• /
• 2009

As the secure distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and efficient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the de-facto standard format of the Internet era for storing and exchanging information, there have been recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases. In this paper, we take a rather different approach. We explore how to support security models for XML documents by leveraging on techniques developed for relational databases considering object perspective. More specifically, in our approach, (1) Users make XML queries against the given XML view/schema, (2) Access controls for XML data are specified in the relational database, (3) Data are stored in relational databases, (4) Security check and query evaluation are also done in relational databases, and (5) Controlling access control is executed considering XML tree levels

• KIISE Transactions on Computing Practices
• /
• v.22 no.9
• /
• pp.441-448
• /
• 2016

RBAC(Role-Based Access Control), which is widely used in Medical Information Systems, is vulnerable to illegal access through abuse/misuse of permissions. In order to solve this problem, treatment based risk assessment of access requests is necessary. In this paper, we propose a risk evaluation method based on treatment information. We use network analysis to determine the correlation between treatment information and access objects. Risk evaluation can detect access that is unrelated to the treatment. It also provides indicators for information disclosure threats of insiders. We verify the validity using large amounts of data in real medical information systems.

• The Transactions of the Korea Information Processing Society
• /
• v.2 no.4
• /
• pp.581-591
• /
• 1995

An MIB is the heart of a network management system and it stores all information that is necessary for network management. To operate networks safely, it is essential to control accesses to managed objects. This paper provides three-level architecture of managers so as to perform network management more efficiently in large networks. Moreover, mandatory access control(MAC) policy and role-based access control policy are adopted to ensure the secure access to the MIB. These policies are modeled by using the active object-oriented data model, which makes easy to map these access control models into the active object-oriented database.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.83-90
• /
• 2015

Current PKI system will confront more dangerous elements in the wireless network. Accordingly, this study suggests a plan to strengthen authentication system plan with using access control and encryption to the location. Locational information collecting devices such as GPS and sensor are utilized to create a new key for authentication and collect locational information. Such a key encodes data and creates an authentication code for are access control. By using the method suggested by this study, it is possible to control access of a military secret from unauthorized place and to protect unauthorized user with unproposed technique. In addition, this technique enables access control by stage with utilizing the existing PKI system more wisely.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.437-454
• /
• 2020

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

• Journal of KIISE:Databases
• /
• v.36 no.3
• /
• pp.235-246
• /
• 2009

As demands intending to treat an access control on a client side that was conventionally controlled at a server are surged. it needs a way to treat query processing in effective and secure manners in an environment that has limited resources. Because the access control having been previously performed was only focused on safety, there was little effort to consider the access control in terms of efficiency. Researches about security including access control are started as the security issues are cropped up in a recent stream environment. This paper proposes a method for efficient and secure query processing of XML data streams like a PDA and a portable terminal at the client that is in limited resources. Specifically, this study suggests (1) an access control processing that possesses small overhead for attaining a secure result in a limited memory and (2) a way to enhance the performance, finding the parts being capable of optimizing in each processing step for offsetting the overhead caused by an addition of the access control processing. Superiority of the new method was analyzed by experiment.

• Journal of information and communication convergence engineering
• /
• v.8 no.3
• /
• pp.273-276
• /
• 2010

Opportunistic spectrum access (OSA) allows unlicensed users to share licensed spectrum in space and time with no or little interference to primary users, with bring new research challenges in MAC design. We propose a cognitive MAC protocol using statistical channel information and selecting appropriate idle channel for transmission. The protocol based on the CSMA/CA, exploits statistics of spectrum usage for decision making on channel access. Idle channel availability, spectrum hole sufficiency and available channel condition will be included in algorithm statistical information. The model include the control channel and data channel, the transmitter negotiates with receiver on transmission parameters through control channel, statistical decision results (successful rate of transmission) from exchanged transmission parameters of control channel should pass the threshold and decide the data transmission with spectrum hole on data channel. The proposed protocol's simulation will show that proposed protocol does improve the throughput performance via traditional opportunistic spectrum access MAC protocol.

• Proceedings of the KIEE Conference
• /
• 1998.07g
• /
• pp.2473-2475
• /
• 1998

In this paper, we implemented RS232C serial communication by the 2 wires(Data,GND), and multiple access, by the applying Collision Sensing Multiple Access(CSMA) Protocol. Multiple access is implemented by assigning a unique ID to each controller. The multiple access control operation starts by sending a command packet from a host to another host and the command packet is composed of ID bytes of source and target host computer, data bytes and the check sum, byte. In host computer, after sending command packet, the collision from loop back data. If collision is detected, it means a command packet was collided with another command packet for another host. The packet communication of the controller enables the multiple acces of the controller through the common serial data link. The application of this serial communication through CSMA protocol and the usage of two wires, have an effect on saving the wires and convenient of layout work.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.11
• /
• pp.351-356
• /
• 2020

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.