• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5062-5079
• /
• 2017

Malicious insider threats have increased recently, and methods of the threats are diversifying every day. These insider threats are becoming a significant problem in corporations and governments today. From a technology standpoint, detecting potential insider threats is difficult in early stage because it is unpredictable. In order to prevent insider threats in early stage, it is necessary to collect all of insiders' data which flow in network systems, and then analyze whether the data are potential threat or not. However, analyzing all of data makes us spend too much time and cost. In addition, we need a large repository in order to collect and manage these data. To resolve this problem, we develop an indicator-based behavior ontology (IB2O) that allows us to understand and interpret insiders' data packets, and then to detect potential threats in early stage in network systems including social networks and company networks. To show feasibility of the behavior ontology, we developed a prototype platform called Insider Threat Detecting Extractor (ITDE) for detecting potential insider threats in early stage based on the behavior ontology. Finally, we showed how the behavior ontology would help detect potential inside threats in network system. We expect that the behavior ontology will be able to contribute to detecting malicious insider threats in early stage.

• Journal of Intelligence and Information Systems
• /
• v.19 no.2
• /
• pp.141-156
• /
• 2013

Researchers in welfare services of local government in Korea have rather been on isolated issues as disables, childcare, aging phenomenon, etc. (Kang, 2004; Jung et al., 2009). Lately, local officials, yet, realize that they need more comprehensive welfare services for all residents, not just for above-mentioned focused groups. Still cases dealt with focused group approach have been a main research stream due to various reason(Jung et al., 2009; Lee, 2009; Jang, 2011). Social Security Information System is an information system that comprehensively manages 292 welfare benefits provided by 17 ministries and 40 thousand welfare services provided by 230 local authorities in Korea. The purpose of the system is to improve efficiency of social welfare delivery process. The study of local government expenditure has been on the rise over the last few decades after the restarting the local autonomy, but these studies have limitations on data collection. Measurement of a local government's welfare efforts(spending) has been primarily on expenditures or budget for an individual, set aside for welfare. This practice of using monetary value for an individual as a "proxy value" for welfare effort(spending) is based on the assumption that expenditure is directly linked to welfare efforts(Lee et al., 2007). This expenditure/budget approach commonly uses total welfare amount or percentage figure as dependent variables (Wildavsky, 1985; Lee et al., 2007; Kang, 2000). However, current practice of using actual amount being used or percentage figure as a dependent variable may have some limitation; since budget or expenditure is greatly influenced by the total budget of a local government, relying on such monetary value may create inflate or deflate the true "welfare effort" (Jang, 2012). In addition, government budget usually contain a large amount of administrative cost, i.e., salary, for local officials, which is highly unrelated to the actual welfare expenditure (Jang, 2011). This paper used local government welfare service data from the detailed data sets linked to the Social Security Information System. The purpose of this paper is to analyze the factors that affect social welfare spending of 230 local authorities in 2012. The paper applied multiple regression based model to analyze the pooled financial data from the system. Based on the regression analysis, the following factors affecting self-funded welfare spending were identified. In our research model, we use the welfare budget/total budget(%) of a local government as a true measurement for a local government's welfare effort(spending). Doing so, we exclude central government subsidies or support being used for local welfare service. It is because central government welfare support does not truly reflect the welfare efforts(spending) of a local. The dependent variable of this paper is the volume of the welfare spending and the independent variables of the model are comprised of three categories, in terms of socio-demographic perspectives, the local economy and the financial capacity of local government. This paper categorized local authorities into 3 groups, districts, and cities and suburb areas. The model used a dummy variable as the control variable (local political factor). This paper demonstrated that the volume of the welfare spending for the welfare services is commonly influenced by the ratio of welfare budget to total local budget, the population of infants, self-reliance ratio and the level of unemployment factor. Interestingly, the influential factors are different by the size of local government. Analysis of determinants of local government self-welfare spending, we found a significant effect of local Gov. Finance characteristic in degree of the local government's financial independence, financial independence rate, rate of social welfare budget, and regional economic in opening-to-application ratio, and sociology of population in rate of infants. The result means that local authorities should have differentiated welfare strategies according to their conditions and circumstances. There is a meaning that this paper has successfully proven the significant factors influencing welfare spending of local government in Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.643-653
• /
• 2018

Xamarin is a representative cross-platform development framework that allows developers to write mobile apps in C# for multiple mobile platforms, such as Android, iOS, or Windows Phone. Using Xamarin, mobile app developers can reuse existing C# code and share significant code across multiple platforms, reducing development time and maintenance costs. Meanwhile, malware authors can also use Xamarin to spread malicious apps on more platforms, minimizing the time and cost of malicious app creation. In order to cope with this problem, it is necessary to analyze and detect malware written with Xamarin. However, little studies have been conducted on static analysis methods of the apps written in Xamarin. In this paper, we examine the structure of Android apps written with Xamarin and propose a static analysis technique for the apps. We also demonstrate how to statically reverse-engineer apps that have been transformed using code obfuscation. Because the Android apps written with Xamarin consists of Java bytecode, C# based DLL libraries, and C/C++ based native libraries, we have studied static reverse engineering techniques for these different types of code.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.83-92
• /
• 2005

D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number or OCSP Responder's certificate but also criers the certificate status validation about OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one day), she can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on I-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of an OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.305-318
• /
• 2023

The complexity of software products led many manufacturers to stitch open-source software for composing a product. Using open-source help reduce the development cost, but the difference in the different development life cycles makes it difficult to keep the product up-to-date. For this reason, even the patches for known vulnerabilities are not adopted quickly enough, leaving the entire product under threat. Existing studies propose to use binary differentiation techniques to determine if a product is left vulnerable against a particular vulnerability. Despite their effectiveness in finding real-world vulnerabilities, they often fail to locate the evidence of a vulnerability if it is a small function that usually is inlined at compile time. This work presents our tool FunRank which is designed to identify the short functions. Our experiments using synthesized and real-world software products show that FunRank can identify the short, inlined functions that suggest that the program is left vulnerable to a particular vulnerability.

• Journal of Intelligence and Information Systems
• /
• v.20 no.1
• /
• pp.195-211
• /
• 2014

Cloud computing services provide IT resources as services on demand. This is considered a key concept, which will lead a shift from an ownership-based paradigm to a new pay-for-use paradigm, which can reduce the fixed cost for IT resources, and improve flexibility and scalability. As IT services, cloud services have evolved from early similar computing concepts such as network computing, utility computing, server-based computing, and grid computing. So research into cloud computing is highly related to and combined with various relevant computing research areas. To seek promising research issues and topics in cloud computing, it is necessary to understand the research trends in cloud computing more comprehensively. In this study, we collect bibliographic information and citation information for cloud computing related research papers published in major international journals from 1994 to 2012, and analyzes macroscopic trends and network changes to citation relationships among papers and the co-occurrence relationships of key words by utilizing social network analysis measures. Through the analysis, we can identify the relationships and connections among research topics in cloud computing related areas, and highlight new potential research topics. In addition, we visualize dynamic changes of research topics relating to cloud computing using a proposed cloud computing "research trend map." A research trend map visualizes positions of research topics in two-dimensional space. Frequencies of key words (X-axis) and the rates of increase in the degree centrality of key words (Y-axis) are used as the two dimensions of the research trend map. Based on the values of the two dimensions, the two dimensional space of a research map is divided into four areas: maturation, growth, promising, and decline. An area with high keyword frequency, but low rates of increase of degree centrality is defined as a mature technology area; the area where both keyword frequency and the increase rate of degree centrality are high is defined as a growth technology area; the area where the keyword frequency is low, but the rate of increase in the degree centrality is high is defined as a promising technology area; and the area where both keyword frequency and the rate of degree centrality are low is defined as a declining technology area. Based on this method, cloud computing research trend maps make it possible to easily grasp the main research trends in cloud computing, and to explain the evolution of research topics. According to the results of an analysis of citation relationships, research papers on security, distributed processing, and optical networking for cloud computing are on the top based on the page-rank measure. From the analysis of key words in research papers, cloud computing and grid computing showed high centrality in 2009, and key words dealing with main elemental technologies such as data outsourcing, error detection methods, and infrastructure construction showed high centrality in 2010~2011. In 2012, security, virtualization, and resource management showed high centrality. Moreover, it was found that the interest in the technical issues of cloud computing increases gradually. From annual cloud computing research trend maps, it was verified that security is located in the promising area, virtualization has moved from the promising area to the growth area, and grid computing and distributed system has moved to the declining area. The study results indicate that distributed systems and grid computing received a lot of attention as similar computing paradigms in the early stage of cloud computing research. The early stage of cloud computing was a period focused on understanding and investigating cloud computing as an emergent technology, linking to relevant established computing concepts. After the early stage, security and virtualization technologies became main issues in cloud computing, which is reflected in the movement of security and virtualization technologies from the promising area to the growth area in the cloud computing research trend maps. Moreover, this study revealed that current research in cloud computing has rapidly transferred from a focus on technical issues to for a focus on application issues, such as SLAs (Service Level Agreements).

• Journal of Distribution Science
• /
• v.13 no.10
• /
• pp.123-133
• /
• 2015

Purpose - The Korean government has devised intermodal transportation policies and granted subsidies to shippers and logistics companies that made a conversion of transportation means through the policies. This provides support by expanding the complex uniform railroad transportation and overhauling the deteriorated railroad facilities. As for 2013, however, the freight transportation percentage of railroad was 4.5% in tons and 8.5% in ton kilometers. Meanwhile, since the 1990s, developed countries such as the U.S. and Europe have been trying to expand intermodal freight transport with a legal and institutional support to build a logistics system corresponding with social and economic environmental changes. In this study, I set out to examine the effects of the intermodal freight transport policies in the EU and the U.S., and to explore the direction of setting up a rail intermodal transport system in South Korea. Research design, data, and methodology - The paper used a qualitative research methodology through the literature review. First, was an overview of Intermodal transportation in the EU, U.S. and UN. Second, it describes the development of transport in Europe and the U.S. with particular emphasis on intermodal freight transport. Third, it explores the direction of setting up a intermodal freight transport in South Korea. The last section contains concluding remarks. Results - As for the EU, it has been promoting integration between transport and intermodal logistics network designs while utilizing ITS or ICT and supports for rail freight intermodal by giving reduction to a facilities fee or subsidizing for rail freight in order to minimize the cost of external due to freight transport. On the other hand, as for the U.S., it has been made up of an industrial-led operating project and has been promoting it to improve accessibility between intermodal hubs and cargo terminals through intermodal corridor program, and an intermodal cargo hub access corridor projects, etc. Moreover, it has tried to construct intermodal transport system using ITS or ICT and to remove Barrier. As a result, in these countries, the proportion of intermodal freight transport is going to be the second significant transport compared with rail and maritime transport. An Effective rail intermodal transport system is needed in South Korea, as seen in the case of these countries. In order to achieve this object, the following points are required to establish radical infrastructure policy; diversify investment financing measures taken under public-private partnerships, legal responsibilities, improvement of utilization of existing facilities to connect the railway terminal and truck terminal, and enhancement service competitiveness through providing cargo tracking and security information that combines the ITS and ICT. Conclusions - This study will be used as a basis for policy and support for intermodal freight transport in South Korea. In the future, it is also necessary to examine from the perspective of the shipper companies using the rail intermodal transport, ie, recognition of shipper, needed institutional supports, and transportation demand forecasting and cost-effective analysis of the railway infrastructure systems improvement.

• Journal of the Society of Disaster Information
• /
• v.19 no.1
• /
• pp.1-9
• /
• 2023

In order to carry out construction work, it is urgent to introduce a proper wage system so that the cost burden of projects that have been won due to bleeding competition among original government buildings based on low-priced bids can be transferred to subcontractors. Purpose: Construction with illegal multi-level industrial structure needs to improve the wage reduction environment leading to order (100%) → original contractor (80%) → subcontractor (65%) → load contractor (65%) and aims to ensure wages for end workers. Method: Investigate the current status of labor cost appropriate payment plan in the construction industry, and investigate the case of the appropriate wage system (P.W) in the United States. In addition, the effect and direction of the appropriate wage system are presented. Result: Individual minimum wage security was also mentioned in the Constitution, and many researchers suggested that only the introduction of an appropriate wage system could solve the problem of reducing worker labor and ensure quality and safety. Conclusion: The proper wage system in the construction industry will block illegal multi-level and illegal foreign work, improve the labor environment in the construction market, create an influx of young workers, and have a significant impact on the construction industry's competitive structure, safety, and quality.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1350-1359
• /
• 2010

Recently many researchers have been proved that general RFID system for proximity authentication is vulnerable to various location-based relay attacks such as distance fraud, mafia fraud and terrorist fraud attacks. The distance-bounding protocol is used to prevent the relay attacks by measuring the round trip time of single challenge-response bit. In 2008, Munilla and Peinado proposed an improved distance-bounding protocol applying void-challenge technique based on Hancke-Kuhn's protocol. Compare with Hancke-Kuhn's protocol, Munilla and Peinado's protocol is more secure because the success probability of an adversary has (5/8)n. However, Munilla and Peinado's protocol is inefficient for low-cost passive RFID tags because it requires large storage space and many hash function computations. Thus, this paper proposes a new RFID distance-bounding protocol for low-cost passive RFID tags that can be reduced the storage space and hash function computations. As a result, the proposed distance-bounding protocol not only can provide both storage space efficiency and computational efficiency, but also can provide strong security against the relay attacks because the adversary's success probability can be reduced by $(5/8)^n$.