• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1149-1154
• /
• 2003

Due to various requirements for the user access control to large databases in the hospitals and the banks, database security has been emphasized. There are many security models for database systems using wide variety of policy-based access control methods. However, they are not functionally enough to meet the requirements for the complicated and various types of access control. In this paper, we propose a database security system that can individually control user access to data groups of various sites and is suitable for the situation where the user's access privilege to arbitrary data is changed frequently. Data group(s) in different sixes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices. The proposed system operates in two phases. The first phase is composed of a modified MAC (Mandatory Access Control) model and RBAC (Role-Based Access Control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC(Discretionary Access Control) model is applied to re-control the 'read' mode by filtering out the non-accessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s, d, r) were also defined and used to control access to any data or data group(s) that is not permitted in 'read ' mode. With this proposed security system, more complicated 'read' access to various data sizes for individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.

• Proceedings of the CALSEC Conference
• /
• 2001.08a
• /
• pp.165-176
• /
• 2001

* Extension of EC(Electronic Commerce) * Standard of Message -EDI : UN/EDIFACT, ANSI X12, etc -XML : ebXML, CML, MathML, WIDL, etc * Various of Information -Business Transaction Data -Private Data : ID, Password, Personal Information -Charge Data : Accounts, Card, etc * Message Level Security(omitted)

• Review of KIISC
• /
• v.6 no.1
• /
• pp.103-116
• /
• 1996

재난에 관한 내용적 연구로서 실시간 재난복구를 위한 의사결정지원시스템과, 과정적 연구로서 재난복구를 위한 위기관리모형을 설명한다. 또한, 정보시스템의 재난복구전략을 구체적으로 기술하고, 특히 Comdisco사의 실시간 재난복구서비스 사례를 제시하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.10
• /
• pp.3256-3274
• /
• 2022

With the rapid development of information and communications technology, the construction of efficient, reliable, and safe Internet of Things (IoT) is an inevitable trend in order to meet high-quality demands for the forthcoming 6G communications. In this paper, we study a secure intelligent reflecting surface (IRS)-assisted IoT system where malicious eavesdropper trying to sniff out the desired information from the transmission links between the IRS and legitimate IoT devices. We discuss the system overall performance and propose a hybrid resource allocation scheme for maximizing the secrecy capacity and secrecy energy efficiency. In order to achieve the trade-off between transmission reliability, communication security, and energy efficiency, we develop a quantum-inspired marine predator algorithm (QMPA) for realizing rational configuration of system resources and prevent from eavesdropping. Simulation results demonstrate the superiority of the QMPA over other strategies. It is also indicated that proper IRS deployment and power allocation are beneficial for the enhancement of system overall capacity.

• Journal of the Semiconductor & Display Technology
• /
• v.22 no.3
• /
• pp.125-129
• /
• 2023

In this paper, we propose a method to design and implement a smart pipeline information management system that can provide visualization information linked to GIS and roadmap based on the construction of precise pipeline buried information. The smart pipeline information management system consists of a positioning device for high-precision pipeline location measurement and surround view image data recording, a database for data storage and management, and a mobile app for remote monitoring and management. It connects surrounding image data and location data with GIS and roadmap. Convenience and accessibility of management can be improved.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.11 s.353
• /
• pp.54-67
• /
• 2006

Low Rate WPAN (Wireless Personal Area Network) designed for low power and low cost wireless communication is an important technology to realize ubiquitous environment. IEEE 802.15.4 and ZigBee Alliance recommend the SKKE (Symmetric-Key Key Establishment) protocol for key establishment and management. The SKKE algorithm has security weakness such as the absence of authentication process or electric signature in key generation and exchange when devices join the role of coordinators. In this paper, we propose new key establishment and security algorithm based on public key encryption to solve low rate WPAN security problems. Also, to improve PLC AMR system's weaknesses in communication reliability and security, we propose a new AMR system model based on IEEE 802.15.4 and we apply our security algorithm to AMR profile for security enhancement.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.2
• /
• pp.251-258
• /
• 2012

The conventional network security solutions for manufacturing or factory automation devices are concentrated on protecting the internal networks from the attacks of external networks. Recently, however, so called Day-zero attacks are increased; the threat from internal devices such as notebooks, USB devices are as critical as attacks from external networks. Thus a new security solution is needed to protect manufacturing devices from both external and internal threat. To this purpose, we propose an edge-security system to provide cost effective, integrated, and simple end-point security solution specialized for automated manufacturing devices, which may avoid the shortcomings of NAC.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.61-67
• /
• 2012

Accordingly the number of smart-phone-based malicious codes is also increasing and their techniques for malicio us purpose are getting more clever and evolved. Among them, the malicious codes related to Android take the major portion and it can be estimated that they are based on open source so that the access to the system is easy. Intent is a technique to support the communication between application's components by transmitting message subjects in Android. Intent provides convenience to developers, but it can be utilized as security vulnerability that allows the developer with a malicious purpose to control the system as intended. The vulnerability of intent security is that personal information can be accessed using discretionally its proper function given to application and smart phone's functions can be maliciously controlled. This paper improves with the Intent security vulnerability caused by the smart phone users' discretional use of custom kernel. Lastly, it verifies the malicious behaviors in the process of installing an application and suggests a technique to watch the Intent security vulnerability in realtime after its installation.

• Korean Security Journal
• /
• no.20
• /
• pp.199-228
• /
• 2009

National security of post cold-war since 1990's shift that conception of the national security transfer traditional military strength to economic strength. Accordingly, the national interest about how to protect the of the high-technology industry enterprises has become contentious social issue. The U.S. and advanced countries promote the policy to protect The United State's Economic Espionage Act(EEA). The Korea reaching to high level a field at IT, Shipbuilding, Steel, Automobile Industry and huge capital investment to high-technology & development. But, systematic industry security activity not an unfold. So private investigator collect the evidence and information of business case for prevent danger is efficient. The private investigator system, deal with the matter efficiently, will good system to prevent economic loss of business, state and nation through make a good use in business crime that machinery of law difficult to intervene. This article countermeasure about industry spy through make a good use of private investigator.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1997.03a
• /
• pp.163-181
• /
• 1997

This dissertation provides a theroetic study on the network security in general , the firewall in particular . In fact, the firewall has been recognized as a very promising option to obtain the security in the real world network environment . The dissertation provides a thorough theoretic investigation on the various problems raised in the computer network, and also explores a methodology of the security against IP spoofing. Moreover, it investigates a systematic procedure to make analysis plans of the firewall configuration. Based on the above investigation and analysis , this dissertation provides two approaches to network security, which address a number of issues both at the network and at application level. At the network level. a new methdo is proposed which uses packet filtering based on the analysis of the counter plot about the screen router. On the other hand at the application level, a novel method is exlored which employs security software , Firewall-1, on Bastion host. To demonstrate the feasibility and the effectiveness of the proposed methodologes, a prototype implementation is made. The experiment result shows that the screen router employing the proposesed anti-IP spoofing method at the network level is effective enough for the system to remain secure without being invaded by any illegarl packets entering from external hackers. Meanwhile , at the application level. the proposed software approach employing Firewall -1 is proved to be robust enough to provent hackings from the outer point to point protocol connection. Theoretically, it is not possible to provide complete secuirty to the network system, because the network security involove a number of issues raised from low level network equipments form high level network protocol. The result in this dissertation provides a very promising solution to network security due to its high efficiency of the implementation and superb protectiveness from a variety of hacking.