• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.199-201
• /
• 2005

유비쿼터스 컴퓨팅 환경에서는 정보에 대한 접근이 시간과 공간의 제약 없이 이루어지므로 기존의 접근제어기법을 그대로 적용하는 것은 보안상의 취약점이 노출되어 중요한 정보자원의 유출의 위험을 가진다. 따라서 유비쿼터스 컴퓨팅 환경의 특성을 고려한 보안사항을 만족시키기 위해서는 단순한 신원확인 뿐만 아니라 사용자 속성 정보를 이용한 인증이 필요하다. 그리고 XML자원에 대한 상세한 접근제어 및 유비쿼터스 컴퓨팅의 다양한 환경정보와 복잡한 접근 제어정책을 효율적으로 관리할 수 있는 접근제어모델이 필요하다. 이를 위하여 본 연구에서는 PMI의 속성인증서와 표준XML접근제어 기술인 XACML을 적용한 접근제어 모델을 제시한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.735-737
• /
• 2015

In this paper, SaaS (Software as a Service) based transport and construction process safety management systems by utilizing the construction work process management and safety management and schedule, and results for various types of construction process, achieved through high-speed wireless Internet access by applying to ensure a systematic means for safety and can quickly and accurately manage all made within the process control system. The operator should be indicated by using a smart phone to work as a supervisor report the current status and results of the operation. Also be reported to the supervisor immediately in an emergency situation and there is no vibration occurs over a period of time the smartphone is to check the danger to the operator. If the commissioner is directed to specific business processes that establish and verify the results obtained and the result is satisfied by presenting the part down the measures insufficient command of the field workers risk situations. In the case of software (server) to store all the data relating to the operation member in charge of management and security.

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.1
• /
• pp.44-56
• /
• 2002

For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1489-1492
• /
• 2005

유비쿼터스 환경을 위한 차세대 IP(IP Next Generation) 기술로 확장 주소 체계 수용, 멀티미디어 실시간 처리 및 보안 대처 능력을 기술적으로 개선한 IPv6(Internet Protocol version 6)의 주소 지정 방식을 고찰하고 기존 IPv4에서 IPv6 전환으로 인해 발생할 수 있는 새로운 비용 부담 위험성 분석을 통해 복수 주소 관리 방안을 모색하고 이를 해결하기 위한 새로운 프로토콜을 요구한다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.199-208
• /
• 2004

In this paper, we propose and implement SIA System for filtering redundant alert messages and dividing them into four statuses. Also, we confirm that our system can find and analyze vulnerability types of network intrusion by attackers in a managed network, so that it provides very effective means for security managers to cope with security threats in real time.

• Journal of the Institute of Convergence Signal Processing
• /
• v.23 no.4
• /
• pp.209-215
• /
• 2022

The International Maritime Organization, which is in charge of the international maritime environment and ship safety, has rapidly promoted cyber systems for international dimension agreement and efficiency improvement and improved nautical efficiency. Nevertheless, maritime cyber system attacks still occur every year, and in particular, the number of international maritime cyber security incidents in 2021 appeared to increase sharply compared to 2020. This paper discusses the areas that should be taken into account in order to reduce the increasing sophistication of maritime cyber security. To this end, we will look at typical cases of cyber attacks that have increased sharply in 2021 and analyze the causes of the continuous occurrence of maritime cyber security incidents. In addition, we present several cyber system proposals regarding the current state of maritime cyber systems and the solutions to the problems they face, as well as the matters to be addressed for future maritime cyber systems that will be advanced.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.139-146
• /
• 2015

WSN has been utilized in various directions from basic infrastructure of environment composition to business models including corporate inventory, production and distribution management. However, as energy organizations' private information, which should be protected safely, has been integrated with ICT such as WSN to be informatization, it is placed at potential risk of leaking out with ease. Accordingly, it is time to need secure sensor node deployment strategies for stable enterprise business. Establishment of fragmentary security enhancement strategies without considering energy organizations' security status has a great effect on energy organizations' business sustainability in the event of a security accident. However, most of the existing security level evaluation models for diagnosing energy organizations' security use technology-centered measurement methods, and there are very insufficient studies on managerial and environmental factors. Therefore, this study would like to diagnose energy organizations' security and to look into how to accordingly establish strategies for planning secure sensor node deployment strategies.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.161-168
• /
• 2022

After the corona virus, as non-face-to-face services are activated, domain services that guarantee integrity by embedding sensing information of the Internet of Things (IoT) with block chain technology are expanding. For example, in areas such as safety and security using CCTV, a process is required to safely update firmware in real time and to confirm that there is no malicious intrusion. In the existing safe security processing procedures, in many cases, the person in charge performing official duties carried a USB device and directly updated the firmware. However, when private blockchain technology such as Hyperledger is used, the convenience and work efficiency of the Internet of Things environment can be expected to increase. This article describes scenarios in how to prevent vulnerabilities in the operating environment of various customers such as firmware updates and device changes in a non-face-to-face environment. In particular, we introduced the optimal blockchain technique for the Internet of Things (IoT), which is easily exposed to malicious security risks such as hacking and information leakage. In this article, we tried to present the necessity and implications of security management that guarantees integrity through operation applying block chain technology in the increasingly expanding Internet of Things environment. If this is used, it is expected to gain insight into how to apply the blockchain technique to guidelines for strengthening the security of the IoT environment in the future.

• KIISE Transactions on Computing Practices
• /
• v.23 no.3
• /
• pp.177-182
• /
• 2017

To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.817-839
• /
• 2021

To manage software safely, the military acquires and manages products in accordance with the RMF A&A. RMF A&A is standard for acquiring IT products used in the military. And it covers the requirements, acquisition through evaluation and maintenance of products. According to the RMF A&A, product development activities should reflect the risks of the military. In other words, developers have mitigated the risks through security by design and supply chain security. And they submit evidence proving that they have properly comply with RMF A&A's security requirements, and the military will evaluate the evidence to determine whether to acquire IT product. Previously, case study of RMF A&A have been already conducted. But it is difficult to apply in real-world, because it only address part of RMF A&A and detailed information is confidential. In this paper, we propose the evidence fulfilling method that can satisfy the requirements of the RMF A&A. Furthermore, we apply the proposed method to real-world drone system for verifying our method meets the RMF A&A.