기업환경의 접근제어를 위한 확장된 GTRBAC 위임 모델

황유동 ( Hwang Yu-dong ),박동규 ( Park Dong-gue ) 한국인터넷정보학회 2006 인터넷정보학회논문지 Vol.7 No.1

인터넷과 웹이 활성화됨으로써 사용자는 문서, 디렉토리, 데이터베이스, 웹 페이지 등과 같은 자원들을 액세스하는 것이 훨씬 더 쉬워졌다. 그러나 이로 인하여 네트워크의 인증, 자원들을 액세스하기 위한 권한의 허가, 데이터의 정책과 보안 그리고 보안 시스템의 무결성과 같은 중대한 보안 문제들이 생기게 되었다. 본 논문에서는 기업 환경의 접근제어를 위하여 시간(기간과 주기)에 따른 제약으로 자원의 사용을 제한할 수 있는 GTRBAC(Generalized Temporal Role Based Access Control) 모델에 부역할(sub-role) 개념과 PBDM(Permission Based Delegation Model) 개념을 적용한 확장된 GTRBAC 위임(Ex-GTRBAC Delegation)모델을 제안한다.제안 모델은 부역할을 사용하여 하위 역할에 할당된 권한을 상위 역할에 할당된 사용자가 모두 상속하여 실행할 수 없도록 하여 권한의 남용을 방지하여 최소권한의 원칙을 지킬 수 있도록 하고, 기업 환경에서 빈번히 발생하는 권한의 위임에 대해서 사용자 대 사용자 위임, 역할 대 역할 위임, 다단계 위임, 다중 위임과 같은 기능을 제공하여 기업 환경의 특성에 따라 다양하고 정교한 접근제어 정책을 적용할 수 있도록 한다. With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model, sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model, called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model, supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.

가상대학 시스템의 협업을 위한 접근제어 모델

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2011 한국정보기술학회논문지 Vol.9 No.5

The virtual university system requires collaboration having detailed and automated access control management capabilities for students, professors and faculties of several universities to offer various services and to get services. In this paper, we propose access control model for various collaborations in Virtual University System environment. The proposed model applies the GTRBAC (Generalized Temporal Role Based AccessControl) model restricting use of resources by time-restriction to role-based collaboration model providing revocation and group delegation function for user and specified user group in order to provide detailed collaboration restricting use of resources with time-restriction and having specification of application level restriction and dynamic activation of the access privilege by using the role activation / deactivation and event restriction and trigger.

바이오 인증을 사용한 원격의료시스템의 취약성 분석 및 대응방안

황유동(Yu-dong Hwang),이유리(You-ri Lee),박동규(Dong-gue Park),신용녀(Yong-Nyuo Shin) 한국통신학회 2008 韓國通信學會論文誌 Vol.33 No.2D

안드로이드 NVR을 위한 대용량 멀티미디어 데이터 저장 시스템의 설계 방안

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2016 한국정보기술학회논문지 Vol.14 No.1

Recently, IP cameras and NVR, having high-definition, large capacity, need more efficient storage system for large-capacity multimedia data in order to reflect the different needs of users. However, the research of the storage system of high-capacity multimedia data, which is simple and quickly implemented and conveniently maintained, is still trivial. In this paper, we propose the high-capacity multimedia data storage system which has short disk initialization time required by the NVR, a short disk inspection time recovery, easy and fast implementation, convenient maintenance, fast time reference data retrieval, continuous storage and search of a various media sources, recording of event/schedule and the Pre/Post recording function. The design of proposed data storage system is based on the file system Ext4 and the database system of the Android operating system.

안드로이드 기반 NVR 시스템 설계 및 구현

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2016 한국정보기술학회논문지 Vol.14 No.4

In this paper, without using the CPU for video security systems, Android-based NVR using the CPU for mobile devices such as tablets and smart phones, is designed and implemented. Also, we confirmed the possibility of the NVR using the CPU for mobile device. by comparing the performance of the image decoding of the CPU for mobile device and it of the CPU for video security system The Android-based NVR system consists of 6 run-time software(RTSP Client/Server, Web Server, DIO Manager, Recording Control Manager, Playback Manager) and 4 service(Event Service, Web Service, Scheduling Service, Device Management Service), it send and receive the video stream via OnVIF protocol.

멀티 플랫폼 멀티 브라우저를 위한 RTSP 플레이어 설계 및 구현

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2016 한국정보기술학회논문지 Vol.14 No.10

In this paper, the RTSP player for the video service of IP camera is designed and implemented. The RTSP player proposed in this paper applies a OnVIF for interface with IP cameras, implements an RTSP client by using the TCP socket and reproduces the video received from the RTSP client. As it is implemented in Flex(Action Script), it can be used in all sorts of AVM(Adobe Air Virtual Machine) installed operating systems. Also it can be used in all web browsers, to which flash Player plug-in is installed. In addition, it has the advantage that it is not necessary to modify the source code when it is applied to them. However, if used in Web browsers, because it runs in the Flash Player, it has a disadvantage that there is a security vulnerability.

IP기반 영상 보안 시스템을 위한 보안 요구사항 및 프레임워크

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2017 한국정보기술학회논문지 Vol.15 No.5

In this paper, we define the security requirements for IP based video surveillance system and propose the security framework in order to countermeasure attacks of it. The proposed security requirements consist of 9 items: authentication, confidentiality, integrity, nowness, availability, privacy protection, device infringement prevention, access control and audit records. It also has the advantage of being applicable to both stand-alone systems and integrated control centers. The system with the security framework proposed in this paper can prevent the data leakage and the threat of the data modification and protect the privacy of the individual and misuse of data. In addition, the security requirements and framework proposed in this paper can be applied to the study of IoT security framework considering image sensor.

통합 영상 관제 시스템의 접근제어를 위한 확장된 GTRBAC 모델

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국정보기술학회 2017 한국정보기술학회논문지 Vol.15 No.7

In this paper, we proposed an access control model for integrated video surveillance system. The access control model proposed in this paper is the extended GTRBAC (Generalized Temporal Role Based Access Control) model to restrict the use of resources by applying fine-grained constraints additionally to the GTRBAC model. The added constraint conditions are the users location information, the location information of the video surveillance system installed, the device information of the video surveillance system, the network information of the the device connected, the network information, and the date and time of the saved video data. The proposed model can restrict the number of users by using role activation and event trigger and has an advantage to handle workflow. Also, it has an advantage to implement sophisticated access control model compared with conventional model by using added constraint.

기업환경의 접근제어를 위한 확장된 GTRBAC 모델

황유동(Yu-Dong Hwang),박동규(Dong-Gue Park) 한국멀티미디어학회 2005 멀티미디어학회논문지 Vol.8 No.2

자기 복제 성질을 이용한 웜 탐지 기법에 대한 연구

황유동(Yu-dong Hwang),박동규(Dong-Gue Park),유승엽(Seung-Yeop Yoo),임황빈(Hwang-Bin Yim),장종수(Jong-Soo Jang),오진태(Jin-Tae Oh) 한국통신학회 2009 韓國通信學會論文誌 Vol.34 No.6D

본 논문에서는 웜의 변종과 Polymorphic Worm, 그리고 알려지지 않은 공격이 보안 패치나 시그니처가 생성되기 전에 발생하는 Zero-Day 공격에 실시간으로 대응하기 위하여 Polymorphic 웜의 자기복제 성질을 이용한 탐지기법에 대하여 연구하였고, 이를 기반으로 SSDT (System Service Dispatch Table)를 이용한 웜 탐지 시스템을 설계 및 구현하였다. 구현된 시스템은 SSDT를 커널 모드에서 액세스하여 시스템 콜을 모니터링 하는 가상의 디바이스 드라이버와 모니터링 된 데이터를 저장하고 분석하는 분석 시스템으로 구성된다. 모니터링 된 데이터는 GSR구조에 따라 분석하였으며, 자기 복제 성질을 갖는 웜의 GSR을 이용하여 시스템의 웜 탐지 여부를 시뮬레이션하였다. In this paper, we studied about detection technique by self-replication nature of Polymorphic worm to real time cope with Zero-Day attack such as worm variant and Polymorphic Worm, and unknown attack of worm those happen before security patch or signature is created. Also we designed and implemented worm detection system that use SSDT(System Service Dispatch Table). The implemented system is consist of virtual device driver that monitor system calls by access to SSDT in kernel mode and analyze system that store and analyze the monitored data. We analyzed the monitored data considering GSR(Gene of Self Replication) structure and simulate the worm detection system whether worm is detected or not.