• Journal of Digital Convergence
• /
• v.19 no.11
• /
• pp.327-339
• /
• 2021

The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.141-146
• /
• 2022

The iris, a biometric information, is safe, unique, and reliable, such as fingerprints, and is personal information that can significantly lower the misrecognition rate than other biometric authentication. However, due to the nature of biometric authentication, it is impossible to replace it if it is stolen. There is a case in which an actual iris photo is taken and 3d printed so that the eyes work as if they were in front of the camera. As such, there is a possibility of iris leakage through high-definition images and photos. In this paper, we propose to improve iris masking performance by supplementing iris region masking research based on existing blurring techniques. Based on the results derived in this study, it is expected that it can be used for the security of video conference programs and electronic devices.

• The Journal of the Korea Contents Association
• /
• v.22 no.2
• /
• pp.71-79
• /
• 2022

Currently, even if control and mock hacking are performed for the security of web servers, vulnerabilities continue to occur and be hacked. To solve this problem, we have developed a secure web server that can control all web communication using sockets between L4 and L5. And when giving HTTP responses, we proposed a method of combining files and headers in advance. As a result, both security and speed could be improved. Therefore, in this paper, we proposed the reason why vulnerabilities occur even if control and mock hacking occur, a solution to it, and a security web server development method that can maintain security up to DB.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.216-217
• /
• 2024

최근 클라우드 컴퓨팅 인프라 및 소프트웨어의 지속적인 발전으로 인한 복잡성 증가로 인해 신속한 확장성과 유연성에 대한 요구가 증가하고 있다. 이에 클라우드 네이티브 환경과의 호환성뿐만 아니라 개발과 운영의 효율성을 높이고자 코드로 인프라를 정의하여 자동화된 환경을 구축해 주는 코드형 인프라(Infrastructure as Code, IaC) 기술이 주목받고 있으며, AWS CloudFormation 은 대표적인 솔루션 중 하나이다. 그러나 IaC 형태로 배포되는 템플릿에 취약성이 존재할 경우, 인스턴스가 실행되기 전까지 보안 취약점을 미리 발견하기 어려워 DevOps 사이클에서의 보안 이슈를 야기할 수 있다. 이에 본 논문은 CloudFormation 템플릿의 보안 취약성 스캔이 가능하다고 알려진 오픈 소스 도구의 효율성을 평가하기 위한 사례 연구를 수행한다. 분석 결과를 바탕으로, DevSecOps 달성을 위한 IaC 기반 환경에서 취약성 사전 탐지의 필요성과 세분화된 접근 방식을 제시하고자 한다.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.3-10
• /
• 2013

In this paper, reliability software model considering fault detection rate based on observations from the process of software product testing was studied. Adding new fault probability using the S-shaped distribution model that is widely used in the field of reliability problems presented. When correcting or modifying the software, finite failure non-homogeneous Poisson process model was used. In a software failure data analysis considering the time-dependent fault detection rate, the parameters estimation using maximum likelihood estimation of failure time data and reliability make out.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.181-188
• /
• 2023

Block cipher is not expected to be safe for quantum computer, as Grover's algorithm reduces the security strength by accelerating brute-force attacks on symmetric key ciphers. So it is necessary to check the post-quantum security strength by implementing quantum circuit for the target cipher. In this paper, we propose the optimal quantum circuit implementation result designed as a technique to minimize the use of quantum resources (qubits, quantum gates) for SIMECK lightweight cryptography, and explain the operation of each quantum circuit. The implemented SIMECK quantum circuit is used to check the estimation result of quantum resources and calculate the Grover attack cost. Finally, the post-quantum strength of SIMECK lightweight cryptography is evaluated. As a result of post-quantum security strength evaluation, all SIMECK family cipher failed to reach NIST security strength. Therefore, it is expected that the safety of SIMECK cipher is unclear when large-scale quantum computers appear. About this, it is judged that it would be appropriate to increase the block size, the number of rounds, and the key length to increase the security strength.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.4
• /
• pp.93-99
• /
• 2011

Recently, the development of internet technology makes user's personal data used by being saved in USB. But there is a critical issue that personal data can be exposed with malicious purpose because that personal data doesn't need to be certificate to use. This paper proposes USB security framework to prevent a duplicate use of personal data for protecting the data which in USB. The proposed USB security framework performs certification process of user with additional 4bite of user's identification data and usage choice of USB security token before certification data when the framework uses USB security product in different network. It makes communication overhead and service delay increased. As a result of the experiment, packet certification delay time is more increased by average 7.6% in the proposed USB security framework than simple USB driver and USB Token, and procedure rate of certification server on the number of USB is also increased by average 9.8%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.13-26
• /
• 2001

This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• The Journal of Society for e-Business Studies
• /
• v.15 no.4
• /
• pp.143-163
• /
• 2010

The purpose of this study is to investigate the user's perception of security risk and examine its impact on the usage of Knowledge Management Systems(KMS). The findings of this study are three-fold. First, the overall user's perception of security risk is not high. However, there is a considerably big difference in the perception of security risk among users. This finding means that user's perception of a security risk is not based on the actual security effects but one's individual perception. Another finding is that user's perception of a security risk has a negative impact on the usage of KMS through "trust", which is a mediating variable in our study. This finding corresponds with the existing theory that security risk is oneof the critical sources of trust, and trust is a critical factor of user's acceptance of KMS. Finally, the result of this study reveals that activities devoted to security do not decrease the effectiveness and productivity of KMS. Our long-held cognition that security activity hinders the effectiveness and productivity of an information system is not particularly applied to the KMS.