• Smart Media Journal
• /
• v.5 no.4
• /
• pp.116-123
• /
• 2016

Recently, important information related with smart work such as office and video conference are handled in smart device quite a lot compare with before. Also, execution environment of smart devices is getting developed as open software environment. It brought convenience to download and use any kind of application software. By that, security side of smart devices became vulnerable. This paper will discuss characteristics of smart device security technology based on virtualization that is a mobile device platform with isolated secure execution area based on TEE (Trusted Execution Environment). Also, this paper will suggest an implementation method about safe smart device security platform based on domain separation for application software which can be executed in smart devices.

• Journal of Internet Computing and Services
• /
• v.7 no.5
• /
• pp.109-121
• /
• 2006

In this paper, we suggest lattice based role graph security management model which changes security level in mandatory access control model as well as constraint and role hierarchy systematically in role base access control model. In this model, we solved privilege abuse of senior role that is role graph model's problem, and when produce conflict between privileges, we can keep integrity of information by reseting grade of subject through constraint. Also, we offer strong security function by doing to be controlled by subject's security level as well as privilege inheritance by role hierarchy, Finally, we present the role graph algorithms with logic to disallow roles that contain conflicting privileges.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.49-57
• /
• 2015

Changes in the national intelligence security industry is becoming increasingly rapidly changing due to the development of the network and the use of the Internet. Information also can be called by critical information assets, as well as social infrastructure of the country's reality is that individuals at risk. These professionals make to prevent terrorists to destroy national defense system and network was absolutely necessary. But, Cyber Terror Response NCOs to be responsible for cyber terrorism requires a professional NCOs with advanced knowledge. National Competency Standards(NCS) using a national information security field tutors to conduct training courses teaching - learning model to develop and to apply.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.929-936
• /
• 2003

We Propose the Suity Cryptography File System to encrypt or decrypt a plaintext or an encrypted tort by using the dynamic linking mechanism In the Linux kernel. The dynamic linking mechanism gives the flexibility of the kernel without changing the kernel. The Sorority Cryptography File System uses the blowfish algorithm to encrypt or decrypt a data. To overcome the overhead of the key server, I use key generating algorithm which is installed in the same Security Cryptography File System. The Security Cryptography file System is fitted into the Linux system.

• Journal of Digital Convergence
• /
• v.9 no.4
• /
• pp.29-40
• /
• 2011

This research suggests the effective countermeasures for the security threats on 'Smart Work 2.0'. It is important to discuss the Smart Work 2.0 security issues and threats at the point of evolving form Smart Work 1.0 into 2.0. In this research, first, the security issues, threats and countermeasures of telecommunication working, mobile office and smart work center are discussed. Second, we explore the security issues derived from co-working or creativity as major concepts of Smart Work 2.0.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.16 no.5
• /
• pp.19-25
• /
• 1998

본 고에서는 전자상거래에서의 지불 방법과 전자상거래에서 사용되는 거래정보의 보안기법에 대해 살펴보았다. 전자지불의 유형으로는 전자 대금 이체, 디지털 캐시 및 이의 현실적인 형태인 E-cash등이 있다. 이러한 거래 방법과 더불어 전자상거래 시스템의 보안은 비즈니스 측면에서 매우 중요하다. 이를 보장하기 위해 non-SET 기반으로 대칭적 암호화 기법, 비대칭적 암호화 기법 및 SET을 이용한 암호화 거래 방법을 살펴보았다. 전자상거래 시스템의 구성요소는 구매자, 판매자 및 중개인으로 이루어진다[8]. 전자상거래의 보안에 관한 요소는 다른 학문적인 요소와는 달리 그 실용적인 성격과 파급효과로 인하여 세계 각국의 정부 기관이나 연구소에서 주도권 쟁탈을 위한 노력을 기울이고 있다. 이러한 전자상거래의 요소는 전자상거래의 기술을 연구하고 제시하는 쪽 보다는 현실적인 필요성에 의해 금융기관이나 판매자들에 의해 주도적으로 개발되는 경우가 많다. 컴퓨터와 네트워크의 급속한 발전 속도와 영역의 확장은 앞으로의 전자상거래가 국가나 사회에 어떤 영향을 미칠지를 예측하기 어렵게 한다. 다시 말하면 앞으로 전자상거래가 사회, 경제적 또는 외교적으로 미칠 영향은 매우 크리라 예상된다. 이러한 전자상거래 분야에서 주도권을 유지하기 위해서는 이와 관련된 정부부처, 연구소, 각급 기관 및 업체들이 서로 협력하고 조율하여 국제적인 표준과 보조를 맞추고, 국내 기술과의 접목을 가능하도록 협조와 자원이 필요하다. 전자상거래 관련 보안 및 지불 기술의 확보는 국가 경쟁력 확보 및 차세대 거래 수단으로서의 전자상거래 시장에서 기회를 확보할 수 있는 초석이 될 것이다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.947-950
• /
• 2014

The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. This implies that essentially, advanced security management is required, from the perspective of 5A. The changes of IT environment are represented by Mobile, Cloud and BYOD. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. This study suggested an application method of the risk-based Airport model to the cyber security environment.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.15-26
• /
• 2023

Due to the global COVID-19 pandemic, which has led to a shift towards remote work, the frequency of external access to important internal resources by companies has increased exponentially, exposing them to various security threats. In order to address these access security issues, ZTA (Zero Trust Architecture) has gained attention. ZTA operates on the principle of not trusting external or internal users, and manages access authentication and authorization strictly according to pre-established policies. This paper analyzes the definition of ZTA and key research trends, and summarizes different ZTA solutions for each company.

• The Journal of the Korea Contents Association
• /
• v.8 no.2
• /
• pp.195-204
• /
• 2008

With the growth of airline management, as well as computer and IT security, the international trade in this modern society has been rapidly increasing, Along with the advancing, airplanes have become a universal means of communication. However, the complications associated with airplane safety have also been brought up as a result, the most concerning of which is terrorism. One of the main counterplans for preventing terrorism is Ground security activities the core of Ground security activities is absolute safety for passengers in both passenger terminal and freight terminal. Subastral security refers to physical protection, proximity control and 100% security search and freight guarding of the passengers' possessions, and the personnel's duties to perform such jobs are be! coming more crucial. On the other hand, Airport security check has bee n gradually developing since the 1960's, when hijacking began to take place. Although the airports have been providing more safe and comfortable services to their customers, terrorism is still happening today. When Ground security activities is minute, the users feel displeasure and discomfort, yet considering solely their convenience can brings problems in achieving safety. Since the 9.11 terror in 2001, the idea of improving and strengthening airport security was reinforced and a considerable amount of estate is being spent today for invention and application of new technology. Various nations, including the United States, have been improving their systems of security through public services; public police department is actively carrying out their duties in airports as well. In San Francisco International Airport, private police department is in charge of collection of data, national events, VIP protection, law enforcement, cooperation within facilities, daily-based patrol and traffic control. Under guidance and supervision of national organizations, such as TSA, general police department interprets X-Rays, operates metal detectors, checks passports or IDs and observes reactions to explosives. Under these circumstances, studies about advancement of cooperation and duties of general police department and private police department necessitated: especially about private police department and their training for searching equipments, decrease in number of turn over rate, invention of technology and prior settlement in estate for security. The privacy of the public, who make up the major population of airport passengers, must also be minimized. In the following research, the activities of police departments in San Francisco International Airport will be analyzed in order to understand recent actions of the United States on airport security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.