• Journal of Industrial Technology
• /
• v.21 no.A
• /
• pp.181-188
• /
• 2001

An XML is an markup language which has been focused on the next generation Web programming language. It easily represents the complex structure of a document, and it is possible to provide the access control over each component of an XML document. An implicit authorization technique means that granting an authorization to a node has effect on granting the same implicit authorization to its all descendants. Therefore, it enhances the time for the authorization grant and reduces the memory required for the authorization information. An authorization technique using an intention type and a authorization replacement solves a redundancy problem and decides whether the access is possible or the authorization conflict occurs at the first attempt.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of Information Technology and Architecture
• /
• v.11 no.3
• /
• pp.321-332
• /
• 2014

In this paper we propose a new notion of predictable flags type of authorization for controlling access to XML documents. By using predictable flags, we are able to efficiently detect conflicts between existing authorizations and new authorizations to be added. XML documents have an element-composition hierarchical structure in that a higher level element consists of multiple lower level sub-elements. Many XML documents systems have used the notion of implicit authorization that grants authorizations to an element and the all descendants to avoid the overhead caused by explicitly storing all authorization for each element. When we grant an authorization on an element in the XML documents, the implicit authorization method is inefficient in determining the conflicts since it needs to examine all authorizations on the descendants of that element. In contrast, our mechanism using predictable flags has the advantage of detecting the conflicts immediately at the element where an explicit authorization is to be granted.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10b
• /
• pp.45-47
• /
• 1998

객체지향 데이터베이스 시스템에서 많이 연구되고 있는 묵시적 권한부여(implicit authorization) 방법은 모든 객체에 대하여 일일이 권한을 부여하는 오버헤드를 줄이기 위한 방법이다. 묵시적 권한부여 방법에서는 기존의 권한과 새로이 추가될 권한간의 충돌(conflict) 여부의 효율적인 검사가 중요하다. 기존의 데이터베이스 단위 계층 구조( database granularity hierarchy)에서의 의도형 권한부여(intention type authorization) 기법은 자신의 자손 노드에 대한 권한을 쉽게 판정할 수는 있지만, 클래스 복합 계층 구조(class composition hierarchy)상에서의 임의의 한 노드 ni에 추가로 권한을 부여할 때 ni의 자손 노드와 복합 참조(composite reference)의 관계를 가지는 노드 nj들에 대한 권한과의 충돌 여부를 탐지하기 위하여 추가로 nj들에 대한 권한을 일일이 탐색해야 하는 어려움이 있었다. 본 논문에서는 클래스 복합 계층 구조에서의 묵시적 권한부여 하에서 발생할 수 있는 권한간의 충돌을 효율적으로 탐지하는 새로운 기법을 확장하여 제안한다. 제안된 복합 계층 의도형 권한부여(intention type authorization for composition hierarchy)기법은 계층 구조에서 복합 참조의 관계를 따라 nj를 일일이 탐색할 필요 없이 노드 ni에서 바로 충돌 여부를 판정할 수 있는 장점을 가진다.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.5
• /
• pp.1246-1256
• /
• 1998

MIB(Management Information Base), one of the key components of network management system, is a conceptual repository for the information of the various managed objects. MIB stores and manages all the structural and operational data of each managed resources. Therefore, MIB should be protected properly from inadvertant user access or malicious attacks. International standard ISO/IEC 10164-9 describes several managed object classes for the enforcement of MIB security. Those managed object classes described access control rules for security policy. But the exact authorization procedures using those newly added managed object classes are not presented. In this paper, we divide managed object classes into two groups, explicit and implicit ones, and describe the access authorization procedure in Z specification language. Using Z as a description method for both authorization procedure and GDMO's action part, the behaviour of each managed object class and access authorization procedure is more precisely and formally defined than those of natural language form.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.10
• /
• pp.3935-3941
• /
• 2010

With the advent of high-speed communications networks, many authentication and access control systems are being introduced to combat network security issues like system hacking. But the fact is that the security systems for protecting information used in these networks are themselves weak. In response to the mounting demands of existing users, there is a clear need for a new authentication system that provides both safety and reliability. This research presents an authentication method with excellent access authorization (explicit and implicit authentication) and safety performance, demonstrated through its use in online networks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.700-702
• /
• 2001

XML은 인터넷 상에서 복잡한 문서의 원활한 처리와 신속한 탐색 및 항해가 가능한 차세대 웹 언어로 각광받고 있다. XML로 표현된 문서들은 세분화된 계층구조(granularity hierarchy)로 나타낼 수 있으므로 필요한 구성 요소에만 엑세스 제어가 가능하다는 장점이 있다. 묵시적 권한 부여 기법은 명시적으로 저장된 권한으로부터 유도되는 권한기법으로 모든 구성 요소들에 대해 규칙들을 명시적으로 저장해야 하는 비효율적인 명시적 권한부여 기법보다 상위 구성 요소에 대한 한번의 권한 부여로 하위 구성 요소들에 동일한 권한부여 효과를 얻을 수 있다. 본 논문은 XML 문서를 위한 묵시적 권한 부여 기법을 제시하여 XML 문서의 엑세스 제어 시 권한 부여 시간 및 메모리의 효율성을 높인다.