• Journal of KIISE:Databases
• /
• v.32 no.5
• /
• pp.473-486
• /
• 2005

The Hippocratic database model recently proposed by Agrawal et at. incorporates privacy protection capabilities into relational databases. The authors have subsequenty proposed the Hippocratic XML daかabase model[4], an extension of the Hippocratic database model for XML databases. In this paper, we propose a new concept that we cail the dynamic predicate(DP) for effective access control in the Hippocratic XML database model. A DP is a novel concept that represents a dynamically constructed rendition that tan be adapted for determining the accessibility of elements during query execution. DPs allow us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 219 times over the top-down access control strategy and by up to 499 times over the bottom-up access control strategy. The major contribution of our, paper is enabling effective integration of access control mechanisms with the query plan using the DP under the Hippocratic XML database model.

• Convergence Security Journal
• /
• v.10 no.1
• /
• pp.49-53
• /
• 2010

Recently multimedia has been formed, provided, and shared enough not to compare with the past, due to the proliferation of Internet and the development of hardware relating to multimedia. Accordingly to internationally give a proper expression to metadata of multimedia, the standard of MPEG-7 has been established, and researches for image search among various data of multimedia using MPEG-7 are going on. Thus there are meaning-based search. In the former there is a merit that search speed is fast, but technology and accuracy by technical knowledge on the image. In the latter the accuracy of search is decreasing because of not understanding the meaning about image and the internet of users. In this study to solve these problems a search system has been designed by combining the two methods. Also the search and manage image data by handheld devices such as portable PDA or smart phone, a system. Once this is used, multimedia data can be efficiently searched and utilized by handheld devices.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1480-1484
• /
• 2003

This paper presents the design and development of network for housing estate security system. The system can cover up to 961 houses which can be up to 1,200 meters long transfer rate of 9,600 bps. This system uses checking and warning the abnormal situation. More over this system has ability to control switch on/off the electrical equipment in the house via AC line control system. The system consists of 4 parts. The first part is a security system of each house using MCS-51 microcontroller as a central processing unit scan 32 sensors and control 8 appliances and send alarm. The MCS-51 microcontroller received control signal via telephone used DTMF circuit. The second part is distributed two levels master/slave network implementing after RS-485 serial communication standard. The protocol its base on the OSI (Open Systems Interconnection) 7 layers protocol model design focus on speed, reliability and security of data that is transferred. The network security using encrypt by DES algorithm, message sequence, time stamp checking and authentication system when user to access and when connect new device to this system. Flow control in system is Poll/Select and Stop-and-Wait method. The third part is central server that using microcomputer which its main function are storing event data into database and can check history event. The final part is internet system which users can access their own homes via the Internet. This web service is based on a combination of SOAP, HTTP and TCP/IP protocols. Messages are exchanged using XML format [6]. In order to save the number of IP address, the system uses 1 IP address for the whole village in which all homes and appliance in this village are addressed using internal identification numbers. This proposed system gives the data transfer accuracy over 99.8% and maximum polling time is 1,120 ms.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.382-394
• /
• 2010

Cross-domain event information sharing is a topic of great interest in the area of event based network management. In this work we use data sets which represent actual attacks in the operational Internet. We analyze the data sets to understand the dynamics of the attacks and then go onto show the effectiveness of sharing incident related information to contain these attacks. We describe universal data acquisition system for event based management (UniDAS), a novel system for secure and automated cross-domain event information sharing. The system uses a generic, structured data format based on a standardized incident object description and exchange format (IODEF). IODEF is an XML-based extensible data format for security incident information exchange. We propose a simple and effective security model for IODEF and apply it to the secure and automated generic event information sharing system UniDAS. We present the system we have developed and evaluate its effectiveness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.49-63
• /
• 2008

RDF is the base ontology model which is used in Semantic Web defined by W3C. OWL expands the RDF base model by providing various vocabularies for defining much more ontology relationships. Recently Jain and Farkas have suggested an RDF access control model based on RDF triple. Their research point is to introduce an authorization conflict problem by RDF inference which must be considered in RDF ontology data. Due to the problem, we cannot adopt XML access control model for RDF, although RDF is represented by XML. However, Jain and Farkas did not define the authorization propagation over the RDF upper/lower ontology concepts when an RDF authorization is specified. The reason why the authorization specification should be defined clearly is that finally, the authorizatin conflict is the problem between the authorization propagation in specifying an authorization and the authorization propagation in inferencing authorizations. In this article, first we define an RDF access authorization specification based on RDF triple in detail. Next, based on the definition, we analyze the authoriztion conflict problem by RDF inference in detail. Next, we briefly introduce a method which can quickly find an authorization conflict by using graph labeling techniques. This method is especially related with the subsumption relationship based inference. Finally, we present a comparison analysis with Jain and Farkas' study, and some experimental results showing the efficiency of the suggested conflict detection method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.845-853
• /
• 2022

As the memory capacity of smartphone increases, the type and amount of privacy stored in the smartphone is also increasing. but recently there is an increasing possibility that various personal information such as photos and videos of smartphones may be leaked due to malicious apps by malicious attackers or other people such as repair technicians. This paper analyzed and studied the security and vulnerability of these vault apps by analyzing the cryptography algorithm and data protection function. We analyzed 5.3.7(June 13, 2022) and 3.3.2(December 30, 2020) versions of AppLock, the most downloaded information-hidding apps registered with Google Play, and found various vulnerabilities. In the case of access control, there was a vulnerability in that values for encrypting patterns entered by users were hardcoded into plain text in the source code, and encrypted pattern values were stored in xml files. In addition, in the case of the vault function, there was a vulnerability in that the files and log files for storing in the vault were not encrypted.

• Journal of the Institute of Convergence Signal Processing
• /
• v.10 no.4
• /
• pp.256-261
• /
• 2009

While .NET and J2EE bisects recent distributed environment, .NET displays "Remoting" as a technology to call remote object. Remoting is frequently used as a protocol in OLTP's WEB program development in form of RPC that exchange data in XML form under HTTP environment. Purpose of this research is to draw problems when applying security to .NET remoting technology that is recently used in web programming, and to find effective application plan by implementing. The main discussion is following. First, network layer security should be replaced to application layer security for better performance and flexibility. Second, the serialization procedure that is repeated in both remoting and encryption module should take place once. Lastly, implementation of "Surrogate" and "Compress" will be discussed that enables to eliminate unnecessary data(table relations, keys, etc) that is used in dataset object of .NET in order to reduce the size of data. It is possible to achieve improvement in speed by two times through immediate implementation in these cases. In order for easier use, component based framework should be supplied hereafter.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.407-416
• /
• 2018

Instagram is a Social Network Service(SNS) that has recently become popular among people of all ages and it makes people to construct social relations and share hobbies, daily routines, and useful information. However, since the uploaded information can be accessed by arbitrary users and it is easily shared with others, frauds, stalking, misrepresentation, impersonation, an infringement of copyright and malware distribution are reported. For this reason, it is necessary to analyze Instagram from a view of digital forensics but the research involved is very insufficient. So in this paper, We performed reverse engineering and dynamic analysis of Instagram from a view of digital forensics in the Android environment. As a result, we checked three database files that contain user behavior analysis data such as chat content, chat targets, posted photos, and cookie information. And we found the path to save 4 files and the xml file to save various data. Also we propose ways to use the above results in digital forensics.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.956-959
• /
• 2011

When SOAP message in Web Services has sensitive and important data, it is necessary to protect the message from XML rewriting attacks. These attacks create a foundation for typical faults in SOAP message and make it vulnerable to use in Web Service environment. Currently, Web Services middleware offers limited functions to detect these faults and possibly fix them. In this paper, we propose a Security Description Assistance which identifies and fixes typical faults in SOAP messages. Our system adapts simulation-based approach, which allows system to self-optimize its performance in different conditions and thus improve the reliability of Web Services.

• Proceedings of the CALSEC Conference
• /
• 2005.03a
• /
• pp.62-67
• /
• 2005

In traditional approach, enterprise-wide consistent security policy enforcement for applications is very difficult task. Therefore, industry is now moving towards new unified enterprise application security concept that consist of centralized authentication and authorization mechanism. The eXtensible Access Control Markup Language (XACML); an XML-based standard defined by OASIS, is most suitable choice which can support centralized, role based, context aware access control mechanism. It is designed to provide universal standard for writing authorization policies and access control request/response language for managing access to the resources. This paper includes a brief overview on XACML and discusses its benefits, limitations and a data flow process. We propose a new generic access control architecture that supports enterprise wide centralized application level access control mechanism using XACML. The other benefits which can be achieved through this architecture are, reduce adnministration cost and complexity, support of heterogeneous computing platforms, centralized monitoring system, automatic fail over, scalability and availability, open standard based solution and secure communication.