• The Korean Journal of Air & Space Law and Policy
• /
• v.30 no.1
• /
• pp.207-244
• /
• 2015

Aviation safety is the stage in which the risk of harm to persons or of property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and risk management. Many accidents and incidents have been taking place since 2014, while there had been relatively safer skies before 2014. International civil aviation community has been exerting great efforts to deal with these emerging issues, thus enhancing and ensuring safety throughout the world over the years. The Preamble of the Chicago Convention emphasizes safety and order of international air transport, and so many Articles in the Convention are related to the safety. Furthermore, most of the Annexes to the Convention are International Standards and Recommended Practices pertaining to the safety. In particular, Annex 19, which was promulgated in Nov. 2013, dealing with safety management system. ICAO, as law-making body, has Air Navigation Commission, Council, Assembly to deliberate and make decisions regarding safety issues. It is also implementing USOAP and USAP to supervise safety functions of member States. After MH 370 disappeared in 2014, ICAO is developing Global Tracking System whereby there should be no loophole in tracking the location of aircraft anywhere in world with the information provided by many stakeholders concerned. MH 17 accident drove ICAO to install web-based repository where information relating to the operation in conflict zones is provided and shared. In addition, ICAO has been initiating various solutions to emerging issues such as ebola outbreak and operation under extreme meteorological conditions. Considering the necessity of protection and sharing of safety data and information to enhance safety level, ICAO is now suggesting enhanced provisions to do so, and getting feedback from member States. It has been observed that ICAO has been approaching issues towards problem-solving from four different dimensions. First regarding time, it analyses past experiences and best practices, and make solutions in short, mid and long terms. Second, from space perspective, ICAO covers States, region and the world as a whole. Third, regarding stakeholders it consults with and hear from as many entities as it could, including airlines, airports, community, consumers, manufacturers, air traffic control centers, air navigation service providers, industry and insurers. Last not but least, in terms of regulatory changes, it identifies best practices, guidance materials and provisions which could become standards and recommended practices.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.8
• /
• pp.524-535
• /
• 2006

With rapid development of Internet technology, business management in an organization or an enterprise depends on Internet-based technology for the most part. Furthermore, as dependency and cohesiveness of network in the communication facilities are increasing, cyber attacks have been increased against vulnerable resource in the information system. Hence, to protect private information and computer resource, research for damage propagation is required in this situation. However the proposed traditional models present just mechanism for risk management, or are able to be applied to the specified threats such as virus or worm. Therefore, we propose the probabilistic model of damage propagation based on the Markov process, which can be applied to diverse threats in the information systems. Using the proposed model in this paper, we can predict the occurrence probability and occurrence frequency for each threats in the entire system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of Digital Convergence
• /
• v.17 no.9
• /
• pp.1-12
• /
• 2019

This study explored the factors affecting the acceptance of public recording in SNS post. Using SPSS 21.0 program and AMOS 21.0 program, major results were derived through exploratory factor analysis, confirmatory factor analysis, correlation analysis, and path analysis. The results are as follows: First, the risk of personal information leakage on SNS posting has a significant negative impact on the attitude toward SNS posting. Second, the security of the SNS posting has a significant effect on the attitude toward the SNS posting. Third, the concern about privacy of SNS posting has a significant negative impact on the attitude toward SNS posting. Fourth, the attitude toward SNS posting has a significant effect on the intention to accept the SNS posting. The above results suggest that the SNS post recording should be able to collect opinions of SNS users from a long-term viewpoint.

• The KIPS Transactions:PartC
• /
• v.16C no.6
• /
• pp.669-680
• /
• 2009

By identifying the unique information of the objects using the RF, the RFID technique which will be able to manage the object is spot-lighted as the main technology in Ubiquitous era. On RFID systems, since the information of RFID may easily be unveiled in air, the secure and privacy problems always exist. In this paper, we propose mutual authentication protocol based on symmetric key. Proposed protocol has been able to minimize the tag's H/W resource by using symmetric key. And we use tag ID which is encrypted with hash function and a shared symmetric key by Challenge-Response pair of PUF(Physically Unclonable Function), thus there is no key disclosure problem in our protocol.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.4
• /
• pp.121-125
• /
• 2014

Recently, many of people concentrates on the importance of elevator safety system for the elevator accident of traction machine malfunction. Also, IT convergence has enlarged various field for the effort of enhanced traditional industry. In this paper, we define that the safety is to minimize the dangerous factor, then explain the rules of elevator installation. Through the expert's decision we could find out the dangerous factors are poor check, malfunction of amalgamative and user's mistake. We propose the IT convergence managing system for the effective alternative method of elevator safety system.

• Journal of Advanced Navigation Technology
• /
• v.13 no.2
• /
• pp.272-279
• /
• 2009

A location information used in LBS provides convenience to the user, but service provider can be exploited depending on how much risk you have. Location information can be exploited to track the location of the personal privacy of individuals because of the misuse of location information may violate the user can import a lot of damage. In this paper, we classify the life cycle of location information as collection, use, delivery, storage and destroy and analyze the factors the privacy is violated. Furthermore, we analyze information security mechanism is classified as operation mechanism and policy/management mechanism and propose a security solutions of all phase in life cycle.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.279-285
• /
• 2012

Most national critical key infrastructure, such like electricity, nuclear power plant, and petroleum is run on SCADA (Supervisory Control And Data Acquisition) system as the closed network type. These systems have treated the open protocols like TCP/IP, and the commercial operating system, which due to gradually increasing dependence on IT(Information Technology) is a trend. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. In this paper, the method to minimize threats and vulnerabilities is proposed, with the virtual honeynet system architecture and the attack detection algorithm, which can detect the unknown attack patterns of Zero-Day Attack are reviewed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1001-1020
• /
• 2023

As massive increase in remote work since COVID-19, the boundaries between the inside and outside of corporate networks have become blurred. As a result, traditional perimeter security has stagnated business productivity and made it difficult to manage risks such as information leakage. The zero trust architecture model has emerged, but it is difficult to apply to IT environments composed of various companies. Therefore, using the remote work system configuration as an example, we presented a configuration and methodology that can apply zero trust models even in various network environments such as on-premise, cloud, and network separation. Through this, we aim to contribute to the creation of a safe and convenient cyber environment by providing guidance to companies that want to apply zero trust architecture, an intelligent system that actively responds to cyber threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.