SeungYong Lee

Spatial applications using 4S technology for mobile environment

The provision of spatial data is a key infrastructural requirement for the promotion of economic growth, environmental quality, social progress, etc. 4S technology integrates 4 kinds of systems that process spatial Information: GIS, GNSS, ITS, and SIIS. We use 4S technology for mobile environment and develop spatial applications. Spatial applications can be classified to 3 phases: construction, exchange, and usage. Standard specifications from OpenGIS are used to provide interoperabillty. We implement location-based services such as, fire report application for disaster management on Java phone, mobile event application, parking management system, and car navigation system.

Design and Implementation of Context-Awareness Simulation Toolkit for Context learning

The study deals with the most important elements of ubiquitous computing, that is, the toolkit to acquire, express and safely use the context information. To do so, we introduce CAST (context-awareness simulation toolkit) and show how it works. CAST generates users and devices in a virtual home domain, designates their relation and creates virtual context information. The created context information is reused by the request of application and put into use for context learning. Particularly, we have given a consideration to security in the process of context creation and its consumption. That is, we applied SPKI/SDSI to test if the created context information was valid information and if the application that called for the context had legitimate authority to do so. CAST not only captures virtual context information, but it also guarantees the safe sharing of the context information requested by the application

The design and implementation of secure event manager using SPKI/SDSI certificate

In the ubiquitous computing environment new service components should be able to connect to networks at any time, and clients also should be able to use them immediately even without extra settings. Jini is one of the widely used middlewares today. Although event management is an essential component of ubiquitous middlewares, Jini is distributed without event management service. Accordingly, we design and implement the event manager based on Jini and suggest three methods in which only right event consumer can listen to the event using Access-Control Lists and SPKI/SDSI certificates. In the proposed method, our event manager controls the access of events by putting trust checking engine on Jini.

Jini-Based ubiquitous computing middleware supporting event and context management services

The key feature of ubiquitous computing services or applications is that they should be highly adaptive to events and context information. These factors are essential in ubiquitous computing environments. The services and applications must communicate with each other through fixed or ad-hoc networks. In ubiquitous computing, the event and context managers must be provided at the middleware level, for convenient development of associated applications. In this paper, ubiquitous computing middleware supporting event and context management services are proposed. The JavaSpaces service in Jini network technology is proposed to modify and develop the event manager, because JavaSpaces contains various interfaces that can be used to implement event management services, such as write, read and notify. Due to excellent GUI support, Macromedia Flash was used to represent the virtual ubiquitous computing environment, with communications through XMLSocket. It is demonstrated that the developed event and context managers can make it straightforward to efficiently develop ubiquitous computing applications.

Development of event manager and its application in jini environment

Ubiquitous computing services have to adapt to the context information. These services have to communicate with each other through fixed network or ad-hoc, it is the ubiquitous middleware to be able to help those services. With regard to the adaptation of middleware’s components, context manager and event manager are required. Recently there is a widely used middleware, Jini, but it is distributed without the event manager services. Therefore we implement the event manages which can manage events in Jini environments, and describe ubiquitous computing applications running environment using our event management system. Our event manager is implemented by modifying Javaspaces.

Design and implementation of a policy-based privacy authorization system

In the Internet era, enterprises want to use personal information of their own or other enterprises’ subscribers, and even provide it to other enterprises for their profit. On the other hand, subscribers to Internet enterprises expect their privacy to be securely protected. Therefore, a conflict between enterprises and subscribers can arise in using personal information for the enterprises’ benefits. In this paper, we introduce a privacy policy model and propose a policy-based privacy authorization system. The privacy policy model is used for authoring privacy policies and the privacy authorization system renders the authorization decision based on the privacy policies. In the proposed system, policies for enterprises and subscribers are described in XACML, an XML-based OASIS standard language for access control policies. In addition, we show the details of how the procedure of the privacy authorization and conflict resolution is processed in the proposed system.

A New Role-Based Authorization Model in a Corporate Workflow Systems*

The Role Based Access Control (RBAC) model contains a structural representation of the enterprise organization, facilities for the administration of access control, and is extremely flexible. The traditional RBAC model can be applied to WorkFlow Management System (WFMS) well, but applying it causes some issues. Since the senior roles inherit all the permissions of the junior roles and all the permissions are accumulated for the top senior role, applying the traditional RBAC to WFMS does not meet the access control requirements: least privilege principle, Separation of Duty (SoD). This can cause problems with the misuse of rights and the opportunity to commit fraud. It can make it difficult to guarantee the integrity of the system. In order to solve these problems, we propose applying Restricted Permission Inheritance RBAC, called RPI-RBAC, to WFMS authorization. We evaluate the advantages and benefits of applying the RPI-RBAC model to WFMS authorization in design time and runtime.

Development of Secure Event Service for Ubiquitous Computing

In ubiquitous computing, application should adapt itself to the environment in accordance with context information. Context manager is able to transfer context information to application by using event service. Existing event services are mainly implemented by using RPC or CORBA. However, since conventional distributed systems concentrate on transparency hiding network intricacies from programmers — treating them as hidden implementation details that the programmer must implicitly be aware of and deal with, it is not easy to develop reliable distributed services. Jini provides some novel solutions to many of the problems that classical systems have focused on, and makes some of the problems that those systems have addressed simply vanish. But there is no event servicein Jini. In this paper, we design and implement a secure event service, SeJES, based on Jini in order to provide reliable ubiquitous environment. By using the proposed event service, event consumers are able to retrieve events based on the content. In addition, it enables only authorized suppliers and consumers to exchange event each other. We use SPKI/SDSI certificates in order to provide authentication and authorization and extend JavaSpaces package in order to provide a content-based event retrieval service.

A security architecture for adapting multiple access control models to operating systems

In this paper, we propose a new security architecture for adapting multiple access control models to operating systems. As adding a virtual access control system to a proposed security architecture, various access control models such as MAC, DAC, and RBAC are applied to secure operating systems easily. Also, the proposed was designed to overcome the deficiencies of access control in standard operating systems, makes secure OS more available by combining access control models, and apply them to secure OS in runtime.

A New Authorization Model for Workflow Management System Using the RPI-RBAC Model

The traditional Role Based Access Control (RBAC) model can be applied to WorkFlow Management System (WFMS) well, but there are some issues. Since the senior roles inherit all the permissions of the junior roles and all the permissions are accumulated for the top senior role, applying the traditional RBAC to WFMS does not meet the access control requirements: least privilege principle, Separation of Duty (SoD). To tackle these, we propose applying Restricted Permission Inheritance RBAC to WFMS authorization and evaluate the advantages and benefits of them in design time and runtime.