• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.1
• /
• pp.39-52
• /
• 2000

컴퓨터망의 확대 및 컴퓨터 이용의 급격한 증가에 따른 부작용으로 컴퓨터 보안 문제가 중요하게 대두되고 있다. 이에 따라 침입자들로부터 침입을 줄이기 위한 침입탐지시스템에 관한 연구가 활발하다. 본 논문에서는 컴퓨터 면역 시스템을 바탕으로 한 새로운 IDS 모델을 제안하고, 이를 설계하고 프로토타입을 구현하는 그 타당성을 보인다. 제안한 모델에서 IDS들은 여러 컴퓨터에 분산되고, 분산된 IDS들 중 어느 하나가 특권 프로세스(Privilege process)에 의해 발생된 시스템 호출 순서 중 비정상적인 시스템 호출을 탐지한 경우 이를 다른 IDS들과 서로 동적으로 공유하여 새로운 침입에 대한 면역력을 향상시킨다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.455-472
• /
• 2020

As a user in modern societies with the rapid growth of Internet environment and more complicated business flow processes in order to be effective at work and accomplish things on time when the manager of the company went for a business trip, he/she need to delegate his/her signing authorities to someone such that, the delegatee can act as a manager and sign a message on his/her behalf. In order to make the delegation process more secure and authentic, we proposed a secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS), which provides a secure privilege delegation mechanism for a person to delegate his/her signcryption privilege to his/her proxy agent. Our scheme allows the manager of the company to delegate his/her signcryption privilege to his/her proxy agent and the proxy agent can act as a manager and generate signcrypted messages on his/her behalf using special information called "proxy key". Then, the proxy agent uploads the signcrypted ciphertext to a cloud service provider (CSP) which can only be downloaded, decrypted and verified by an authorized user at any time from any place through the Internet. Finally, the security analysis and experiment result determine that the proposed scheme outperforms previous works in terms of functionalities and computational time.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.1015-1024
• /
• 2005

A delegation of privileges is one of important processes that empower authority to relevant node to process job that user wants in large-stale distributed environment such as Grid Computing. However, existing delegation methods do not give suitable privilege about Job, and do not atomize range of delegation and exists delegation of access privilege for only resources itself that is not delegation about executing process of job itself. Also, they do not apply about process that needs delegation before and after. execution of job such as reservation of system resources or host access before and after execution. Therefore, this paper proposes a method and specification for restricted delegation in distributed environment. Proposed method separates delegation for job side and privilege side, and express specification and procedure of delegation using XML schema and UML and present restricted delegation scenario in distributed computing environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.3
• /
• pp.235-241
• /
• 2017

With the coming of the digital era, encryption has become common in everyday life. Almost anyone can easily acquire encryption software and use it to prevent unwanted third parties from accessing one's private information. However, the spread of encryption has also seriously hindered law enforcement during the investigation of cybercrimes, which hides incriminating digital evidence in encrypted hard drives and files. Therefore, many countries have attempted to compel criminals to decrypt encrypted evidence and it has been inevitable to examine privilege against self-incrimination as basic right on the side of constitution. This study analyzed the past court decisions on the issue of compelled decryption in the US and whether the Government can compel a defendant to disclose his password in Korean legal system on the constitutional side. Finally, this study suggests an approach to create a legal procedure to make it a crime for a suspect or defendant to refuse to disclose his password to law enforcement for criminal cases in Korea.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.5
• /
• pp.247-254
• /
• 2017

In a Linux system, a user with malicious intent can acquire administrator privileges through attack types that execute shells, and can leak important user information and install backdoor program. In order to solve this problem, the existing method is to analyze the causes of the elevation of privilege, fix the problems, and then patch the system. Recently, a method of detecting an illegal elevated tasks in which information inconsistency occurs through user credentials in real time has been studied. However, since this credential method uses uid and gid, illegal elevated tasks having the root credentials may not be detected. In this paper, we propose a security module that stores shell commands and paths executed with regular privileges in a table and compares them with every file accesses (open, close, read, write) that are executed to solve the case which cannot detect illegal elevated tasks have same credential.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.37-45
• /
• 2003

Role-based Access Control(RBAC) model has advantage of easy management of access control with constraints such as permission inheritance and separation of duty in role hierarchy. However, previous RBAC studies could not properly reflect the real-world organization structure with its role hierarchy. User who is a member of senior role can perform all permissions because senior role inherits all permissions of junior roles in the role hierarchy. Therefore there is a possibility for senior role members to abuse permissions due to violation of the least privilege principle. In this paper, we present a new model of role hierarchy, which restricts the unconditional permission inheritance. In the proposed model, a role is divided into sub roles(unconditional inheritance. restricted inheritance, private role), keeping organization structure in corporate environment. With restricted inheritance, the proposed model prevents permission abuse by specifying the degree of inheritance in role hierarchy.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.26-33
• /
• 2017

Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

• Journal of Life Science
• /
• v.26 no.11
• /
• pp.1345-1354
• /
• 2016

Alopecia areata (AA) is a common and tissue-specific autoimmune disease of hair follicle resulting in the loss of hair on the scalp and elsewhere on the body. Hair follicles is a unique organ because it has its own immune system and hormonal milieu and has a different immune state at each hair cycle stage. The collapses of anagen-dependent hair follicle immune privilege arise autoimmune attack, inducing ectopic MHC class I expression in the hair follicle epithelium and autoantigen presentation to autoreactive CD8+T cells, which results in AA. Clinical and experimental studies have pointed that psychological stress may also influence the hair follicle immune/hormone systems and contribute to the induction of AA. The key pathogenesis of AA is associated with immune privilege guardians (including ACTH, ${\alpha}-MSH$, and $TGF-{\beta}$), natural killer group 2D-positive (NKG2D+) cells (including NK and CD8+T cells), and stress hormones (including CRH and substance P). Effective treatments for AA are still demanded. One of the future targets of treatment will be the modification of hair follicle immune privilege including stress. Recent studies have reported that JAK inhibitors and immunomodulators used in other autoimmune disease, such as psoriasis, atopic dermatitis, and rheumatoid arthritis, Tregs, platelet-rich plasma therapy, statins, and prostaglandin anaolgues are effective for AA. Here the article reviews the recent understanding in the pathogenesis associated with perifollicular endocrine/immunology and new treatments of AA.

• Journal of Fashion Business
• /
• v.18 no.6
• /
• pp.1-18
• /
• 2014

The purpose of this study is to examine the influence of sociocultural attitudes toward appearance and narcissism on body stress. Questionnaires are being administered to 206 women in their 20's-50's living in Deagu and Kyunbook province. The Frequency, factor analysis, reliability analysis, correlation analysis, regression analysis, ANOVA, and Duncan-test are used for data analysis. Sociocultural attitudes toward appearance are categorized into media appearance internalization and social recognition of appearance. Narcissism factors are found to be leadership/privilege, ostentation, and superiority. Body stress is categorized into 4 factors: weight stress, skin aging stress, body dissatisfaction, and hair stress. Sociocultural attitudes toward appearance was related to the sub-variables of narcissism, and body stress. Media appearance internalization is the sun-variable of sociocultural attitudes toward appearance and has significant effects on weight stress, skin aging stress, and body dissatisfaction sub-variables for body stress. Ostentation, and superiority being the sub-variables of narcissism, have significant effects on weight stress, skin aging stress, body dissatisfaction, and hair stress, the sub-variables for body stress. Ages of women display distinctions between the sub-variables in sociocultural attitudes toward appearance such media appearance internalization, and in narcissism such leadership/privilege, ostentation, superiority, and body stress such weight stress, skin aging stress, body dissatisfaction, and hair stress. This result can be a necessary base line data for adult women's appearance management by examining the influence of the attitude toward the appearance developed from the relationship with people around body stress.