• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.776-786
• /
• 2003

Security Evaluation System is a system that evaluates the security of the entire enterprise network domain which consists of various components and that supports a security manager or a Security Management System in making decisions about security management of the enterprise network based on the evaluation. It helps the security manager or the security management system to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Security Evaluation System checks the “current status” of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Security Evaluation System that automates the security evaluation of the enterprise network which consists of various components and that supports decision-making about security management to prevent the intrusion, and we propose a design for it which satisfies the requirements.

• 월간 기계설비
• /
• s.287
• /
• pp.65-67
• /
• 2014

'하도급 거래 공정화에 관한 법률' 법률이 일부 개정되어 지난 5월 28일 공포되었다. 이 법령은 오는 11월 29일부터 본격 시행된다. 개정된 주요 내용은 ${\Delta}$계약체결일로부터 30일 이내에 원사업자는 수급사업자에게 공사대금지급 보증 ${\Delta}$공사대금 지급수단이 어음인 경우 만기일까지, 어음대체 결재수단인 경우 하도급대금 상환기일까지 대금지급 보증 ${\Delta}$공사이행 중 원사업자가 공사대금 지급보증 사유 소멸 시 소멸일로부터 30일 이내에 공사대금 지급보증(다만, 일정한 경우 보증 제외) ${\Delta}$원사업자가 수급사업자에게 공사대금 지급보증을 하지 않은 경우 수급사업자가 한 계약이행 보증을 청구할 수 없도록 했다. 이로써 그동안 어음 수령으로 보호받지 못했던 대금지급 보증을 받을 수 있게 되었고 원사업자의 대금지급보증 면제사유(신용등급 A 이상, 발주자 대금직접지급, 한 건의 공사금액이 천만원 이하)가 소멸된 경우에도 30일 이내에 대금지급 보증을 해주는 등 대금지급 보증 범위가 넓어져 보증금을 원활히 받을 수 있게 됐다. 또한 원사업자가 대금이행 보증을 하지 않을 경우 하수급인의 계약 불이행을 사유로 계약이행 보증을 청구할 수 없는 조항이 신설되어 앞으로 대금지급보증 교부율이 높아짐은 물론 하수급인에 대한 보증을 주로 하는 대한설비건설공제조합의 보증 리스크 감소 효과가 기대된다. 대한설비건설협회(회장 이상일)와 대한설비건설공제조합(이사장 김기석)은 그동안 대부분의 하도급업체인 회원 및 조합원사의 권리보호와 원도급자의 불법 불공정 하도급 거래행위를 개선하기 위해 국회, 국토교통부, 공정거래위원회 등 관련부처에 지속적으로 건의하며 제도개선을 추진해 왔다. 이같은 협회와 조합의 공동노력에 의해 이번에 공정거래위원회에서 일부 개정한 것이다. 개정된 하도급거래 공정화에 관한 법률은 다음과 같다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1950-1956
• /
• 2010

There are scattered various kinds of software and digital contents around modern peoples. Most of peoples do not realize the importance of the problem related with rights protections of software and digital contents that most of peoples are acting illegal use or illegal copy of software or digital contents without any sense of guilt. In this paper, we carry out a survey targeting IT department majors and non-IT department majors about their aware of rights of software and digital contents and then we suggest a problem from the results of a survey and study a solution for advancing problem of aware of rights. The most effective solution of aware improvement of rights is continuous and repetitive education concerning rights. Also, Reasonable prices that should makes for paying cost of copyrights by users.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.511-516
• /
• 2013

The cases of identification forgery and counterfeiting are increasing under the current identification system, which was established based on social conditions and administrative environments over 20 years ago. This leads to an increase of various criminal acts including illegal loan using fake ID and a number of damages caused out of good intentions that result in interference with the operations of public organizations. In addition, according to the advancement of information society, privacy protection has emerged as an important issue. However, ID card exposes individuals' personal information, such as names, resident registration numbers, photos, addresses and fingerprints, and thus the incidents associated with illegal use of personal information are increasing continuously. Accordingly, this study aimed at examining the issues of ID card forgery/counterfeiting and privacy protection and at proposing a next-generation identification system to supplement such weaknesses. The top priority has been set as prevention of forgery/counterfeiting and privacy protection in order to ensure the most important function of national identification system, which is user identification.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.10
• /
• pp.411-420
• /
• 2019

Camera model identification has been a subject of steady study in the field of digital forensics. Among the increasingly sophisticated crimes, crimes such as illegal filming are taking up a high number of crimes because they are hard to detect as cameras become smaller. Therefore, technology that can specify which camera a particular image was taken on could be used as evidence to prove a criminal's suspicion when a criminal denies his or her criminal behavior. This paper proposes a deep learning model to identify the camera model used to acquire the image. The proposed model consists of four convolution layers and two fully connection layers, and a high pass filter is used as a filter for data pre-processing. To verify the performance of the proposed model, Dresden Image Database was used and the dataset was generated by applying the sequential partition method. To show the performance of the proposed model, it is compared with existing studies using 3 layers model or model with GLCM. The proposed model achieves 98% accuracy which is similar to that of the latest technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.4
• /
• pp.85-97
• /
• 1999

A blind signature scheme is a protocol allowing verifier to obtain a valid signature for a message m from a signer without him seeing the message. This means that the bank in collaboration with the shop cannot trace the electronic cash to user. However anonymous electronic cash also facilitates fraud and criminal acts such as money laundering anonymous blackmailing and illegal purchaes. Therefore in this paper we propose fair blind signature scheme based on KCDSA which is a domestic digital signature scheme and it apply a electronic cash system. In particularly a proposed electronic cash system have an anonymity control ability which trace a user who make use a electronic cash illegally in association with a trusted center.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.49-58
• /
• 2022

As military service members are fully permitted to use mobile phones for sickness after work, it is time to minimize the direct collection of personal information from telecommunication companies when opening mobile phones to secure the safety of military service personnel's personal information. Prior to introducing the use of mobile phones by soldiers after work, the Ministry of National Defense established a security control system such as blocking the mobile phone shooting function to prevent security accidents and concerns about some adverse functions such as illegal cyber gambling, game addiction, and viewing pornography. come. Mobile telecommunications companies entrust personal information processing tasks, such as opening mobile phones, to telecommunications agencies and carry out management and supervision, such as checking the status of personal information protection measures. When a military service member opens a mobile phone, a personal information management agency is newly established using the right to portability of personal information, and a system for requesting the transmission of personal information from the military service member is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.609-619
• /
• 2023

Recently, crimes using drones, one of the IoT industries have been continuously reported. In particular, drones are characterized by easy access and free movement, so they are used for various crimes such as transporting explosives, transporting drugs, and illegal recording. In order to analyze and investigate these criminal acts, drone forensic research is highly emphasized. Media data, PII, and flight records are digital forensic artifacts that can be acquired from drones, in particluar flight records are important artifacts since they can be used to trace drone activities. Therefore, in this paper, the characteristics of the deleted flight record files of DJI drones are presented and verified using the Phantom3, Phantom4 andMini2 models, two drones with differences in characteristics. Additionally, the recovery level is analyzed using the flight record file characteristics, and lastly, drones with the capacity to recover flight records for each drone model and drone models without it are classified.