• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.92-94
• /
• 2012

안드로이드 운영체제는 애플리케이션들이 서로의 코드와 데이터를 공유할 수 있도록 애플리케이션 컴포넌트간의 통신을 지원한다. 또한 보안을 위해 컴포넌트간의 통신을 엄격하게 제어하기 위한 퍼미션을 제공한다. 하지만 개발자의 보안의식 부재에 따른 퍼미션의 잘못된 사용은 애플리케이션 컴포넌트를 노출시켜 검증되지 않은 애플리케이션이 코드와 데이터에 접근할 수 있게 만드는 문제를 야기할 수 있다. 특히, 노출된 컨텐트 프로바이더(content provider)는 악성 애플리케이션이 기존 탐지 툴을 회피하여 개인정보를 임시로 보관하는 저장소로 악용될 수 있다. 따라서 하나의 애플리케이션만을 분석하는 기존 탐지 툴로는 이와 같이 협력적으로 동작하는 악성 애플리케이션을 탐지 할 수 없다. 본 논문에서는 노출된 컨텐트 프로바이더를 이용한 협력적 개인정보 유출 공격 시나리오를 제시하고 이를 탐지하기 위한 기법을 제안한다. 제안한 기법을 토대로 만든 탐지 툴 사용해 총 189개의 안드로이드 애플리케이션을 분석하였고 그 결과로 컨텐트 프로바이더를 노출시킨 32개의 애플리케이션과 개인정보를 유출할 가능성이 있는 애플리케이션 4개를 탐지하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.510-512
• /
• 2015

Recently, people fear is growing because of the various crimes that may occur when you go out. The growing is interest in security systems for the protection of an individual's property. In this paper, to establish a single central server based on the home network when intruders access to city, such as image processing values obtained through the IP camera and distance values disciplined use an ultrasonic sensor the user for an attacker city that will connect to the server the surveillance system provides the information that is received and implemented.

• Journal of the military operations research society of Korea
• /
• v.35 no.3
• /
• pp.139-156
• /
• 2009

This study reviewed influential factors on knowledge sharing and examined to verify how attitude and recognition serve toward security in knowledge-related activities. This two-part study will dedicate to diffusion of knowledge sharing in the ROK Army. The findings indicate that trust and computer self-efficacy are influential factors which cause increase in knowledge sharing intention. Friendly attitude of the members result in strengthening the knowledge sharing in National Defense Intranet. As a result, it could be inferred that organizational and systematic efforts are required to foster the knowledge sharing in the army and policy to induce members' friendly attitude toward security is in need as well.

• The Journal of the Korea Contents Association
• /
• v.6 no.9
• /
• pp.85-97
• /
• 2006

Schemes to case analysis and cope with on-line game crimes net supervision system, a real name confirmation process, and a self-examination system to check by themselves if they are addicted to on-line games with a view to prevent the addiction. In addition, this study found that general precuations should comprise measures to change the awareness of the users of the internet and to establish their ethical senses because most on-line garners are not aware that their actions are a crime and believe their crimes are not disclosed to the outsiders.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.4
• /
• pp.582-590
• /
• 2022

As security threats caused by cyber attacks continue, security control is mainly operated in the form of a service business with expertise for rapid detection and response. Accordingly, a number of studies have been conducted on the operation of security control services. However, due to the research on the resulting management, indicators, and measurements, the work process has not been studied in detail, causing confusion in the field, making it difficult to respond to security accidents. This paper presents ISMS-P-based service management methods and proposes an easy outsourcing service management method for client by checklisting each item derived from the mapping of 64 items of ISMS-P protection requirements through business relevance analysis. In addition, it is expected to help implement periodic security compliance and acquire and renew ISMS-P in the mid- to long-term, and to contribute to enhancing security awareness of related personnel.

• Korean Security Journal
• /
• no.39
• /
• pp.269-294
• /
• 2014

Korea is concerned with information security industry due to recent leak-out private information of 3 card companies. Executives are aware of damage from breach of security such as personal data spill, is more dangerous than any other financial risks. The information security industry, which was limited in physical security and network security formerly, is evolving into convergence security of public and facility security industry. The field of interest has also been changed into security of smart phone and intelligence image recently, from firewall or Anti-virus. The convergence security is originally about access control of facility, but recently its demand has been increased mostly by public institutions and major companies. The scope of the industry also varies from finance, education, distribution, national defense, medical care to automobile industry. The market of convergence security has been expanded and new various products and services of security of intelligent vehicle, 'U' healthcare, finance, smart grid and key industries are also developed. It is required to create and enhance of new curriculum and cultivate human resources for the development of knowledge information security industry. Raising standard of education and security consciousness of the nation is also necessary to strengthen the global competitiveness.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1243-1250
• /
• 2016

The purpose of this study is to investigate how abusive supervision influences on security policy compliance in their work place and find moderation effects of organizational justice. The results is that abusive supervision decreases employees' affective commitment or social bond to their organizations. And it negatively affect employees' behavioral intent to comply with security policies. Organizational justice acts to attenuate the negative relationship between the stress from abusive supervision and willingness to comply with the security policy. Especially, distributive justice has a significant effect on decreasing the negative relationship.

• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.466-468
• /
• 2017

카 쉐어링 서비스는 경제위기 이후 실용적 소비패턴 의식의 확산과 환경의식의 고취, 스마트폰 확산을 통한 서비스 이용 편의성이 증가됨으로 인해 새로운 대중교통으로 자리매김을 하고 있다. 시장이 발전하고 많은 사람들이 이용하면서 다양한 카 쉐어링 업체들이 생겨나고 있다. 또한 각 업체들에서 사용하는 인증방식은 단순 ID/PW 로그인 방식이기 때문에 보안에 취약하다. 본 논문에서 제안하는 모델은 차량의 데이터가 등록되어 있는 다양한 업체들의 클라우드를 클라우드 서비스 브로커를 통해 사용자들에게 편리성을 제공하고 바이오정보를 이용하여 더욱 강력한 인증을 통해 안전한 서비스를 제공하고자 한다. 본 논문에서 제안한 모델을 통해 안전한 토인과 사용자의 편의성이 증대되기를 기대한다.