• Title/Summary/Keyword: flexible authorization

Search Result 14, Processing Time 0.022 seconds

Trusted Information Sharing Model in Collaborative Systems (협업 환경 내 신뢰할수 있는 정보 공유 모델)

  • Hong, Seng-Phil;Kim, Jae-Hyoun
    • Journal of Internet Computing and Services
    • /
    • v.8 no.1
    • /
    • pp.99-113
    • /
    • 2007
  • In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.

  • PDF

The Design of a Class Diagram Authorization Tool based on the MVC Design Pattern (MVC 디자인 패턴에 기반한 클래스 다이어그램 저작도구의 설계)

  • Kim, Jae-Hoon;Kim, Yun-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.14 no.12
    • /
    • pp.2707-2715
    • /
    • 2010
  • This paper suggests a implements and a design of class diagram authorization tool based on the MVC pattern. It defines and descries the structure of ClassInformation, ScreenDisplay and ToolManager. ClassInformation is responsible for processing or handling information of a diagram. ScreenDisplay is responsible for GUI to configure the screen of the authorization tool. ToolManager is responsible for event handling to process I/O of the authorization tool. Based on MVC pattern, ClassInformation, ScreenDisplay and ToolManager of the authorization tool are assigned each role independently. It is flexible to new requirement, because of loose coupling.

Secure User Authority Authentication Method in the Open Authorization (Open Authorization에서의 안전한 사용자 권한 인증 방법에 관한 연구)

  • Chae, Cheol-Joo;Lee, June-Hwan;Cho, Han-Jin
    • Journal of Digital Convergence
    • /
    • v.12 no.8
    • /
    • pp.289-294
    • /
    • 2014
  • Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

MVC model design for an Authorization Tool of UML Class Diagram (UML 클래스 도해의 저작도구를 위한 MVC모델의 설계)

  • Kim, Jae-Hoon;Kim, Yun-Ho
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.10a
    • /
    • pp.634-637
    • /
    • 2010
  • This paper suggests the design of MVC model for an authorization tool of UML class diagram. In the design of MVC model, it is designed to define view, controller and model and perform the individual role of each component. The View represents GUI and the Controller is responsible for data input and output and the Model is to handle the business logic. The MVC model design for an authorization tool of class diagram gives the role independently and tries to be flexible with system by dividing into the suitable features of each component.

  • PDF

Provision and Obligations in Policy Rules (정책규칙에서 Provision과 Obligation)

  • Kim, Su-Hee
    • Convergence Security Journal
    • /
    • v.5 no.1
    • /
    • pp.1-9
    • /
    • 2005
  • XML is the most common tool for data processing and data transmission in web applications. Policies are extensively used in all online business solutions and it is recognized that abinary decision such as 'yes/no' for access requests is not enough. In this paper, a method is developed to convert policy rules with provisions and obligations in logic formula formats into XML formats. The primary purpose is to enable security policy programmers to write flexible authorization policies in XML and to implement them easily. General syntaxes are defined to specify information for users, objects and actions in XML formats and an XML DTD is developed to specify authorization rules with these three components. To support various security features such as data transcoding and non-repudiation depending on data in addition to access control based on authorization policies, studies for specifying them in XML policy rules will be performed in the future.

  • PDF

A Study on Policy Design of Secure XML Access Control (안전한 XML 접근 제어의 정책 설계에 관한 연구)

  • Jo, Sun-Moon;Joo, Hyung-Seok;Yoo, Weon-Hee
    • The Journal of the Korea Contents Association
    • /
    • v.7 no.11
    • /
    • pp.43-51
    • /
    • 2007
  • Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. The existing access control has not taken information structures and semantics into full account due to the fundamental limitations of HTML. In addition, access control for XML documents allows only read operations, and there exists the problem of slowing down system performance due to the complex authorization evaluation process. In order to resolve this problem, this paper designs a XML Access Control Management System which is capable of making fined-grained access control. And then, in developing an access control system, it describes the subject and object policies of authorization for XML document on which authorization levels should be specified and which access control should be performed.

Policy System of Data Access Control for Web Service (웹 서비스를 위한 데이터 접근 제어의 정책 시스템)

  • Jo, Sun-Moon;Chung, Kyung-Yong
    • The Journal of the Korea Contents Association
    • /
    • v.8 no.11
    • /
    • pp.25-32
    • /
    • 2008
  • Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. In terms of XML documents, it is necessary to describe policies more flexibly beyond simple authorization and to consider access control methods which can be selected. This paper describes and designs the access control policy system for authorization for XML document access and for efficient management to suggest a way to use the capacity of XML itself. The system in this paper is primarily characterized by consideration of who would exercise what access privileges on a specific XML document and by good adjustment of organization-wide demands from a policy manager and a single document writer.

The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access (OAuth 2.0 프로토콜에서 E-mail을 이용한 사용자 권한 인증)

  • Chae, Cheol-Joo;Choi, Kwang-Nam;Choi, Kiseok;Yae, Yong-Hee;Shin, YounJu
    • Journal of Internet Computing and Services
    • /
    • v.16 no.1
    • /
    • pp.21-28
    • /
    • 2015
  • Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

New Public Key Encryption with Equality Test Based on non-Abelian Factorization Problems

  • Zhu, Huijun;Wang, Licheng;Qiu, Shuming;Niu, Xinxin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.2
    • /
    • pp.764-785
    • /
    • 2018
  • In this paper, we present a new public key encryption scheme with equality test (PKEwET). Compared to other PKEwET schemes, we find that its security can be improved since the proposed scheme is based on non-Abelian factorization problems. To our knowledge, it is the first scheme regarding equality test that can resist quantum algorithm attacks. We show that our scheme is one-way against chosen-ciphertext attacks in the case that the computational Diffie-Hellman problem is hard for a Type-I adversary. It is indistinguishable against chosen-ciphertext attacks in the case that the Decisional Diffie-Hellman problem is hard in the random oracle model for a Type-II adversary. To conclude the paper, we demonstrate that our scheme is more efficient.

A JTAG Protection Method for Mobile Application Processors (모바일 애플리케이션 프로세서의 JTAG 보안 기법)

  • Lim, Min-Soo;Park, Bong-Il;Won, Dong-Ho
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.57 no.4
    • /
    • pp.706-714
    • /
    • 2008
  • In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.