• The KIPS Transactions:PartD
• /
• 제11D권4호
• /
• pp.855-864
• /
• 2004

Programmers can be got the test-related information for implementation without interference of source code complexity by use of the formal specification. Especially the external inputs and system responses can be represented precisely by formal specification in testing phase of web-based software systems. This paper suggests a method of extracting test cases by use of formal specification. Object-Z formal specification represents various test-related information for complex functions of web-based applications. State Transition Models could be built from the formal specification so that test scenarios were extracted from STDs from the highest level to detail levels. The target system for verification of this method is a web-based banking system which is necessary to be secured and critical on errors. This method would be an important factor in automatizing test procedure for web-based application software systems combining the user-base test technique.

• Korean Security Journal
• /
• 제56호
• /
• pp.125-144
• /
• 2018

Despite anti-corruption has been one of the major governmental tasks in Korea, anti-corruption policies have been focused largely on government officials in public sectors, and most of the prior studies have examined government employees not public citizens. In order to fill the vacuum in the literature, this study aims to develop evidence-based anti-corruption policies via a survey of people in various job categories for the relationship between their experiences of any corruption and related factors. Researchers analyzed a secondary data gathered by the Korean Institute of Public Administration, which included a sample of 1,000 adults aged over 19. The results showed that indirect experiences of corruption and interaction with the corrupted were positively related to individuals' corruption behaviors. In addition, their perception towards low- and mid-ranking officials were statistically signifiant in explaining the corruption behavior. Thus, policy-makers should consider focusing on indirect experiences of corruption, interaction with the corrupted, and perception towards low- and mid-ranking officials. This study contributed as an attempt to suggest policy implications and further research ideas by examining factors related to individuals' corruption behaviors.

• Korean Security Journal
• /
• 제57호
• /
• pp.277-301
• /
• 2018

Korean society is a mixed risk society in terms of risk and distrust. This is because the risks and disasters of the farming and industrial societies, the modern and the information society, exist simultaneously in the present time. Ulrich Beck's point that the endless development of science and technology to acquire economic wealth is simultaneously entering a risk society is providing us with many implications. In this paper, we reviewed the Ulrich Beck's "reflexive modernization" theory in the late 20th century, pointing to the rise of a risk society as a result of the evolution of new modernization. This is because the "reflexive modernization" can be a direction in which we can reflect our wrong past from a human-centered perspective and design a desirable future. In this sense, it is important to present ways to overcome the dangerous society through the reinterpretation of Ulrich Beck, who advocated the modernization of reflectively. In order to overcome the future risks that the fourth industrial revolution will bring, we must provide direction for the government's security policies and public security consciousness.

• Journal of Advanced Navigation Technology
• /
• 제23권5호
• /
• pp.339-344
• /
• 2019

In order to prepare for the rise of data security threats caused by the information and communication technology, technology that can guarantee the stability of the data stored in the missile test set is important. For this purpose, encryption should be performed when data is stored so that it cannot be restored even if data is leaked, and integrity should be ensured even after decrypting the data. In this paper, we apply AES algorithm, which is a symmetric key cryptography system, to the missile test set, and Encrypt and decrypt according to the amount of data for each bit of each AES algorithm. We implemented the AES Rijndael algorithm in the existing inspection system to analyze the effect of encryption and apply the proposed encryption algorithm to the existing system. confirmation of suitability. analysis of capacity and Algorithm bits it is confirmed that the proposed algorithm will not affect the system operation and the optimal algorithm is derived. compared with the initial data, we can confirm that the algorithm can guarantee data undulation.

• Journal of the Korea Society of Computer and Information
• /
• 제15권1호
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

• Journal of the Korea Society of Computer and Information
• /
• 제25권4호
• /
• pp.87-95
• /
• 2020

In this paper, we examine the problems of the current Internet due to the development of network services and the expansion of network bandwidth. The current Internet has been used for a long time because it is composed of TCP / IP, but fundamental problems such as bandwidth, transmission rate, and security have not been solved. Therefore, the future network must be prepared through continuous investment and maintenance. In order to overcome this problem, we will propose a way to overcome the above problems and upgrade by converting the current Internet Protocol into the next generation network. Currently, many researches on next-generation networks have been conducted, but there are not many studies in Korea, and research on next-generation networks will be a very important task for the future development of the Internet service industry at the national level. In this paper, we propose an advanced internet environment through the advantages of various next generation protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제31권5호
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• The Journal of Korean Institute of Next Generation Computing
• /
• 제15권6호
• /
• pp.7-14
• /
• 2019

The automatic monitoring and detection of crowd behavior in the surveillance videos has obtained significant attention in the field of computer vision due to its vast applications such as security, safety and protection of assets etc. Also, the field of crowd analysis is growing upwards in the research community. For this purpose, it is very necessary to detect and analyze the crowd behavior. In this paper, we proposed a deep learning-based method which detects abnormal activities in surveillance cameras installed in a smart city. A fine-tuned VGG-16 model is trained on publicly available benchmark crowd dataset and is tested on real-time streaming. The CCTV camera captures the video stream, when abnormal activity is detected, an alert is generated and is sent to the nearest police station to take immediate action before further loss. We experimentally have proven that the proposed method outperforms over the existing state-of-the-art techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제28권6호
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제29권4호
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.