Korean Journal of Computational Design and Engineering (한국CDE학회논문집)

Society for Computational Design and Engineering (한국CDE학회)
권호 표지

Design and Implementation of Information Security System to Prevent Leakage of Drawing Information

설계정보 유출방지를 위한 정보보안시스템 설계 및 구현

  • 장항배 (소프트캠프(주) 정보보안기술연구소) ;
  • 이호신 (아이오와 주립대학교)
  • Published : 2006.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

Keywords

References

  1. 염근철, 이세정, '다양한 소프트웨어 개발환경에서의 최적설계 프레임 웍', CAD/CAM학회논문지, 제10권, 제5호, 2005
  2. 이기동, 김준우, '디지털 콘텐츠 정보보호를 위한 저작권 관리시스템 설계 및 구현', 경영정보학연구, 제13권, 제4호, 2003
  3. 정연찬, 박준철, 'CAD/CAM 응용 소프트웨어 개발을 위한 형상 커널 개발', 제6권, 제4호, 2001
  4. Marianthi Theoharidou, Spyros Kokolakis Maria Karyda, Evangelos Kiountouzis, 'The Insider Threat to Information Systems and the Effectiveness of ISO17799', Computer & Security, Vol. 24, 2005
  5. Green, R., 'CAD Manager: Drawing Security', Cadalyst, 2005
  6. Basie Von Solms, 'Information Security Governance: COBIT or ISO 17799 or Both?', Computer & Security, Vol. 24, 2005
  7. Edward N. Deker and Joseph M. Newcomer, 'Developing Windows NT Device Drivers: A Programmer's Handbook', Addison-Wesley, 1999
  8. Rajeev Nagar, 'Windows NT File System Internals : A Developer's Guide' O'Reilly & Associates, 1997
  9. Chechanowicz, Z., 'Risk Analysis: Requirements, Conflicts and Problems', Computer & Security, Vol. 16, 1997
  10. Eloff, J. and M. Eloff, 'Information Security Management - A New Paradigm', Proceedings of SAIC-SIT, 2003
  11. Lee, Y. H. and Hwang, D. J., 'Design and Implementation of Agent Based Dynamic Digital Rights Management', Journal of Information Processing Association, D. Vol. 8D, No.5, October 2001, pp. 613-622
  12. Otwell, K. and B. Aldridge, 'The Role of Vulnerability in Risk Management', IEEE Proceedings of the 5th Annual Computer Security Applicant Conference, pp. 32-38, 1989