Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
The KIPS Transactions:PartC
Journal Basic Information
Journal DOI :
Korea Information Processing Society
Editor in Chief :
Volume & Issues
Volume 10C, Issue 7 - Dec 2003
Volume 10C, Issue 6 - Oct 2003
Volume 10C, Issue 5 - Oct 2003
Volume 10C, Issue 4 - Aug 2003
Volume 10C, Issue 3 - Jun 2003
Volume 10C, Issue 2 - Apr 2003
Volume 10C, Issue 1 - Feb 2003
Volume 10, Issue 7 - 00 2003
Volume 10, Issue 5 - 00 2003
Volume 10, Issue 4 - 00 2003
Volume 10, Issue 3 - 00 2003
Volume 10, Issue 2 - 00 2003
Volume 10, Issue 1 - 00 2003
Selecting the target year
Automatic Encryption Method within Kernel Level using Various Access Control Policy in UNIX system
임재덕 ; 유준석 ; 김정녀 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 387~387
Many studies have been done on secure kernel and encryption filesystem for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policy like ACL, MAC, RBAC and so on, but cannot protect user or system data from stealing backup media or disk itself. In addition to access control policy, there are many studies on encryption filesystem that encrypt file data within system level. However few studies have been done on combining access control policy and encryption filesystem. In this paper we proposed a new encryption filesystem that provides a transparency to the user by integrating encryption service into virtual filesystem layer within secure kernel that has various access control policies. Proposed encryption filesystem can provide a simple encryption key management architecture by using encryption keys based on classes of MAC policy and overcome a limit of physical data security of access control policy for stealing.
Profiling Program Behavior with X² distance-based Multivariate Analysis for Intrusion Detection
김정일 ; 김용민 ; 서재현 ; 노봉남 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 397~397
Intrusion detection techniques based on program behavior can detect potential intrusions against systems by analyzing system calls made by demon programs or root-privileged programs and building program profiles. But there is a drawback : large profiles must be built for each program. In this paper, we apply X² distance-based multivariate analysis to profiling program behavior and detecting abnormal behavior in order to reduce profiles. Experiment results show that profiles are relatively small and the detection rate is significant.
Design and Implementation of a new XML-Signcryption scheme to protect the XML document
한명진 ; 이영경 ; 신정화 ; 이경현 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 405~405
As the XML is approved standard language by the UN, the progress which complemented the XML security has being processed rapidly. In this paper, we design and implement the ″XML-Signcryption″ as a security mechanism to protect the XML document that can operate between other platforms. The signature and encryption which is the standard specification in W3C needs to be able to proceed them separately. Generally the signature and encryption require four times modular exponential operation, however the signcryption only needed three times modular exponential operation. This will benefit overall system effectiveness in terms of cost. And this scheme offers to convenient the user, because the signature and encryption implement as a single XML format. This tool can save the parsing time as a number of tags is few within a document. And also, in this paper, based on a research of Web Services security, we can apply XML-Signcryption to the SOAP message to provide the security services. Based on the XML-Signcryption scheme which provides confidentiality, integrity, authentication and non-repudiation to the XML document and Web Service security simultaneously.
Implementation of Security Enforcement Engine for Active Nodes in Active Networks
김옥경 ; 임지영 ; 나현정 ; 나가진 ; 김여진 ; 채기준 ; 김동영 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 413~413
An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.
A Study on Business Process Based Asset Evaluation Model and Methodology for Efficient Security Management over Telecommunication Networks
우병구 ; 이강수 ; 정태명 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 423~423
It is essential security management and standardized asset analysis for telecommunication networks, however existing risk analysis methods and tools are not enough to give shape of the method to evaluate value and asset. they only support asset classification schemes. Moreover, since the existing asset classification schemes are to evaluate comprehensive general risk, they are not appropriate for being applied telecommunication networks and they can´t offer any solutions to an evaluator´s subjectivity problem. In this paper, to solve these problems, we introduce the standardized definition of asset evaluation model new asset classification scheme, two-dimensional asset process classification scheme to consider business process and asset, various evaluation standards for quantitative value and qualitative evaluation. To settle an evaluator´s subjectivity problem, we proposed β-distribution Delphi method.
Improvement of Performance for Online Certificate Status Validation
정재동 ; 오해석 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 433~433
According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.
A New Dynamic Bandwidth Assigmnent Algorithm for Ethernet-PON
장성호 ; 장종욱 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 441~441
Earlier efforts on optical access concentrated on the design of PONs for the collection and distribution portion of the access network. The PON architecture is very simple but it requires a MAC protocol for control of upstream traffic. The MAC protocol must support QoS (Quality of Service) administration function by various traffic class, efficient dynamic bandwidth assignment function, CDV (Cell Delay Variation) minimization function etc. This paper proposes a dynamic bandwidth assignment algorithm of the MAC protocol for a broadband access network using an Ethernet Passive Optical Network supporting various traffic class. We compare our proposed with MDRR algorithm using simulation, and confirmed that our proposed Request-Counter algorithm produces shorter average cell delay.
QoS Gurantieeing Scheme based on Deflection Routing in the Optical Burst Switching Networks
김종원 ; 김정엽 ; 최영복 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 447~447
Optical burst switching (OBS) has been proposed to reduce the use of fiber delay lines (FDLs) and to realize the optical switching paradigm of the next-generation all optical networks. The OBS can provide improvements over wavelength routing in terms of bandwidth efficiency and core network scalability via statistical multiplexing of bursts. Recently, another challenging issue is how to upport quality of service (QoS) in the optical burst switching networks. In this paper, we propose a deflection routing scheme to guarantee the QoS for the OBS networks to detour lower priority burst forward to the deflection routing path when congested. A big advantage of the proposed scheme is the simplicity of QoS provision, that comes from the simple QoS provisioning algorithm. Also, the QoS provisioning scheme be able to make efficient networks by fairly traffic distributing with the reduce of the use of FDLs at core routers. The QoS provisioning scheme has been verified to reliably guarantee the QoS of priority 0, 1, 2 burst and to efficiently utilize network resources by computer simulations using OPNET. As results, the end-to-end delay of high priority burst is improved, and the network efficiency is also improved.
A Study on Techniques for the Reduction of SRTS Jitter and Pointer Adjustment Jitter
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 455~455
Techniques for the reduction of SRTS jitter and pointer adjustment jitter are studied. To reduce the stuffing jitter several methods have been proposed, such as bit leaking, stuff threshold modulation and sigma delta modulation. The characteristics of jitter generated in SRTS and pointer adjustment systen implementing these reduction techniques is analyzed with computer simulation. The results show that ms jitter value decreases to less than 50% as compared to a conventional pointer adjustment system. The amplitude of SRTS jitter using new techniques decreases or Increases dependent on system parameter.
An Input-Buffered Dual-Banyan Switch with Multiple Switching Fabrics Based on Multistage Interconnection Networks
박성원 ; 이창범 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 463~463
Many types of switching fabrics have been proposed for use in ATM networks. Multistage Interconnection Networks (MINs) constitute a large class of ATM switching systems that are widely used in today´s internetworking. One of the most veil-known types of multistage networks is the banyan network. The banyan network is attractive for its simple routing scheme and low hardware complexity, but its throughput is very limited due to internal blocking and output contention. In this paper, we propose an input-buffered dual-banyan switch model with multiple switching fabric between switch input and output to avoid internal and Head-of Line blocking. By performance analysis and simulation, we show that our model has a lower ceil delay and 96% throughput which is much better than other banyan-type switch architecture.
Analysis of Network Traffic with Urban Area Characteristics for Mobile Network Traffic Model
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 471~471
Traditionally, analysis, simulation and measurement have all been used to evaluate the performance of network protocols and functional entities that support mobile wireless service. Simulation methods are useful for testing the complex systems which have the very complicate interactions between components. To develop a mobile call simulator which is used to examine, validate, and predict the performance of mobile wireless call procedures must have the teletraffic model, which is to describe the mobile communication environments. Mobile teletraffic model is consists of 2 sub-models, traffic source and network traffic model. In this paper, we analyzed the network traffic data which are gathered from selected Base Stations (BSs) to define the mobile teletraffic model. We defined 4 types of cell location-Residential, Commercial, Industrial, and Afforest zone. We selected some Base Stations (BSs) which are represented cell location types in Seoul city, and gathered real data from them And then, we present the call rate per hour, call distribution pattern per day, busy hours, loose hours, the maximum number of call, and the minimum number of calls based on defined cell location types. Those parameters are very important to test the mobile communication system´s performance and reliability and are very useful for defining the mobile network traffic model or for working the existed mobile simulation programs as input parameters.
Implementation of Internet Video Phone Supporting Adaptive QoS
최태욱 ; 김영주 ; 정기동 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 479~479
In the current Internet, it is difficult for an Internet Phone to guarantee the QoS due to variable network conditions such as packet loss rate, delay and bandwidth. In addition, the QoS of an Internet Video Phone is more hard to guarantee because of video data. In this paper, we investigate application-level QoS control schemes that can adapt to variable network conditions, and describe an error control scheme and a congestion control scheme. Based on these QoS control schemes, we have designed and implemented an Internet Video Phone System that supports adaptive audio and video delivery. Through experiments, we found that the Internet Video Phone can reduce the packet loss rate considerably as well as adjust the transmission rate considering other TCP flows.
A Grouped Input Buffered ATM switch for the HOL Blocking
김충헌 ; 손유익 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 485~485
This paper presents a new modified input buffered switch, which called a grouped input buffered (GIB) switch, to eliminate the influence of HOL blocking when using multiple input buffers in ATM switches. The GIB switch consists of grouped sub switches per a network stage. The switch gives extra paths and buffered switching elements between groups for transferring the blocked cells. As the result, the proposed model can reduce the effect by the HOL blocking and thereafter it enhances the performance of the switch. The simulation results show that the proposed scheme has good performance in comparison with previous works by using the parameters such as throughput, cell loss, delay and system power.
A Study on the Development of Agent Interface and Agent Application Service
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 493~493
In this paper, we defined agent interface standard and messages for the control and management of agent. Agent interface is defined by messages exchanged between each component of the agent system environment, such as agent, agent system that creates and controls the agent, client that requests the service, agent master that mediates the service, agent manager that performs management functions of the agent. Agent interface is defined after the MAF of the OMG and the agent standard of the FIPA. Experiments are done for the application using agent interface and messages of this paper. The test network was the content distribution network using agent service, and we controled and managed the test network through the agent interface.
Design and Implementation of CPL Client for VoIP
정옥조 ; 이일진 ; 강신각 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 501~501
VoIP that conveys voice in internet is getting into the spotlight as means to alternate existing PSTN in corporation as well as users. Current VoIP is furnishing voice efficiently, but it needs to support various services for VoIP acceleration. IETF is developing CPL standard which is call processing language for supporting various services. User has to store script to specific server for the use of CPL, therefore it is required client to support CPL. This paper describes about design and implementation of SP-based CPL client for various services. The CPL client was implemented using LINUX 2.4.x, C, and GTK1.2
Implementation of a Web Robot and Statistics on the Korean Web
김성진 ; 이상호 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 509~509
A web robot is a program that downloads and stores web pages. Implementation issues for developing web robots have been studied widely and various web statistics are reported in the literature. First, this paper describes the overall architecture of our robot and implementation decisions on several important issues. Second, we show empirical statistics on approximately 74 million Korean web pages. Third, we monitored 1,424 Korean web sites to observe the changes of web pages. We identify what factors of web pages could affect the changes. The factors may be used for the selection of web pages to be updated incrementally.
IPv6 over IPv4 tunneling compatible with IPv4 Firewalls
이정남 ; 이정남 ; 장주욱 ;
The KIPS Transactions:PartC, volume 10, issue 4, 2003, Pages 519~519
During the period of co-existence of IPv4 and IPv6, Ipv6 over IPv4 tunneling technique is intended as a start-up transition mechanism. However, most of IPv4 firewalls do not support the IPv6 over IPv4 tunneling packet filtering. Finally, it is impossible that a user inside IPv4 firewall connects with an IPv6 host across IPv4 network. Without any additional hardware or changing the policy of IPv4 firewall, we solve this problem using proposed Double-encapsulation and applied-HTTP tunneling technique that are end-to-end solutions. This enables cheaper IPv6 migration solutions.