• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.155-162
• /
• 2003

Today's network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. In this paper we build a foundation of policy-based network modeling and simulation environment. The procedure and structure for the induction of policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are developed. The structure also transforms the policy rules into PCIM (Policy Core Information Model). The effect on a particular policy can be tested and analyzed through the simulation with the PCIMs and SVDB.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.31-38
• /
• 2023

In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, required functions in the PBNM Scheme for multiple domains as cyber physical system that utilizes data science and AI is examined.

• Journal of Communications and Networks
• /
• v.11 no.3
• /
• pp.211-228
• /
• 2009

After clarifying the underlying problems in a secure network storage, we introduce two important requirements, leakageresilience and availability in higher levels respectively, for data keys that are used to protect remotely-stored data. As a main contribution of this paper, we give a new security layer for overlay networks by proposing a leakage-resilient authentication and data management system. In this system, we specifically propose a single mode and a cluster mode where the latter provides a higher level of both leakage-resilience and availability for the data key.

• Journal of Industrial Convergence
• /
• v.16 no.4
• /
• pp.47-52
• /
• 2018

WebShell is a web script file created by a hacker to remotely commands to a web server. The hacker can bypass the security system using the web shell, access the system, control the system such as file modification, copying and deletion, install malicious code in the web source code, attack the user's PC, And so on. There are many types of WebShell attack, but we study about attacks on PHP and JSP based web server which are used as representative ones. And we propose the method of web page management, method of development, and several other methods. By using these countermeasures, it is possible to effectively prevent damage caused by WebShell attacks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.10
• /
• pp.6310-6316
• /
• 2014

The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).

• Journal of Digital Convergence
• /
• v.15 no.10
• /
• pp.253-260
• /
• 2017

Authenticated key agreement in multi-server environments is one of very important security issues because only authorized user needs to access their data and services. To support this issue, numerous schemes have been proposed over recent years. Recently, Shin showed the security weaknesses in the previous scheme and proposed an improved scheme called SIAKAS to solve them. Unfortunately, this paper shows that SIAKAS is still weak against application server impersonation attack and could be traceable to attackers. To solve the problems in SIAKAS, we propose an untraceable authenticated key agreement scheme, denoted by UAKAS. UAKAS efficiently solves security and privacy issues in SIAKAS and the related schemes and could reduce the operation overhead at least 12% compared to them.

• Journal of Industrial Convergence
• /
• v.22 no.4
• /
• pp.1-9
• /
• 2024

Smart factories represent production facilities where cutting-edge information and communication technologies are fused with manufacturing processes, reflecting rapid advancements and changes in the global manufacturing sector. They capitalize on the integration of robotics and automation, the Internet of Things (IoT), and the convergence of artificial intelligence technologies to maximize production efficiency in various manufacturing environments. However, the smart factory environment is prone to security threats and vulnerabilities due to various attack techniques. When security threats occur in smart factories, they can lead to financial losses, damage to corporate reputation, and even human casualties, necessitating an appropriate security response. Therefore, this paper proposes a security authentication mechanism for safe communication in the smart factory environment. The components of the proposed authentication mechanism include smart devices, an internal operation management system, an authentication system, and a cloud storage server. The smart device registration process, authentication procedure, and the detailed design of anomaly detection and update procedures were meticulously developed. And the safety of the proposed authentication mechanism was analyzed, and through performance analysis with existing authentication mechanisms, we confirmed an efficiency improvement of approximately 8%. Additionally, this paper presents directions for future research on lightweight protocols and security strategies for the application of the proposed technology, aiming to enhance security.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.37 no.2
• /
• pp.77-84
• /
• 2014

The purpose of this research is to identify and develop technology protection plans for small and medium-sized enterprises (SMEs) by analyzing past technology leakage patterns which were experienced by SMEs. We identified factors which affect the technology leakage, and analyzed patterns of the influences using a data mining algorithms. A decision tree analysis showed several significant factors which lead to technology leakage, so we conclude that preemptive actions must be put in place for prevention. We expect that this research will contribute to determining the priority of activities necessary to prevent technology leakage accidents in Korean SMEs. We expect that this research will help SMEs to determine the priority of preemptive actions necessary to prevent technology leakage accidents within their respective companies.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.586-596
• /
• 2021

Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level. The risks can be divided into three categories, including (i) development risks, (ii) organisations risks, and (iii) people-oriented risks. This paper deals with Development risks specifically. Several risks related to development are faced by people working in the industry while dealing with agile development. Their management among the industry is a big issue, so this paper emphasises ARMF based on development-related risks by following agile development. This research work will help software organisations to prevent different project-related risks during agile development. The risks are elicited at two-level, (i) literature-based and (ii) IT industry based. A systematic literature review was performed for eliciting the agile risks from the literature. Detailed case studies and survey research methods were applied for eliciting risks from IT industry. Finally, we merged the agile development risks from literature with standard industrial risks. Hence, we established an agile risk mitigation framework ARMF based on agile development and present a groundwork established in light of empirical examination for extending it in future research.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.295-298
• /
• 2017

최근 국가연구개발사업은 개방형 연구환경으로 변화되어지고 있다. 이러한 변화는 연구개발 자원 및 시간 절감, R&D 투자효과 증대 등 긍정적인 효과를 동반하지만 연구 수행 과정, 연구성과물 유출과 같은 역기능이 발생하고 있다. 따라서 본 연구에서는 연구환경 변화에 따른 연구성과물 유출 가능성을 줄이기 위해서 자체적으로 보안관리 및 평가를 할 수 있는 연구보안 수준측정 모형을 설계하고자 한다. 이는 연구기관의 보안 수준 파악과 향상을 위해 유용하게 활용될 것으로 기대된다.