• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.632-634
• /
• 2021

In proportion to the development of the Internet and the increase in users, the rate of cyber-incident using it is increasing. As a countermeasure, there is a network separation method that separates the system accessible to users and the system containing key information from each other. However, in the case of tasks that require the use of the Internet network, it is exposed to cyber attacks, and there are many loopholes in the method of data transmission between networks and the management and operation of the system, resulting in infection of the closed network. In this paper, we aim to enhance the safety of the networking system by investigating the types and cases of infringement accidents in these network separation environments.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.12 no.5
• /
• pp.609-614
• /
• 2009

In this paper, we have proposed a design for security network system passing through the non-security network which is commonly used for various networking services. Based on the security requirements which are assumed that the large classified data are bi-transmitted between a server and several terminals remotely located, some application methods of security techniques are suggested such as the network separation technique, the scale-down application technique of certification management system based on the PKI(Public Key Infrastructure), the double encryption application using the crypto-equipment and the asymmetric keys encryption algorithm, unrecoverable data deleting technique and system access control using USB device. It is expected that the application of this design technique for the security network causes to increase the efficiency of the existing network facilities and reduce the cost for developing and maintaining of new and traditional network security systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.471-474
• /
• 2012

The administration of government agencies and Law enforcement agencies is utilize. that network separation and Establish CERT for network security. However, the legislature has a basic security system. so a lot of relative vulnerability. In this paper, study for security National Assembly and the National Assembly Secretariat, at Library of National Assembly on legislative National Assembly for information security and network configuration, network and external Internet networks is to divide the internal affairs. Network separation in accordance with the movement of materials to use secure USB memory, the user has the uncomfortable issues. Problem analysis and security vulnerabilities on the use of USB memory is study the problem. User efficiency and enhance security.

• KIISE Transactions on Computing Practices
• /
• v.21 no.7
• /
• pp.506-511
• /
• 2015

IOV is a technology that supports one or more virtual desktops, and can share a single physical device. In general, the virtual desktop uses the virtual IO devices which are provided by virtualization SW, using SW emulation technology. Virtual desktops that use the IO devices based on SW emulation have a problem in which service quality and performance are declining. Also, they cannot support the high-end application operations such as 3D-based CAD and game applications. In this paper, we propose a physical network separation system using Virtual Desktop Service based on HW direct assignments to overcome these problems. The proposed system provides independent desktops that are used to access the intranet or internet using server virtualization technology in a physical desktop computer for the user. In addition, this system can also support a network separation without network performance degradation caused by inspection of the network packet for logical network separations and additional installations of the desktop for physical network separations.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.27-32
• /
• 2019

Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

• The Journal of the Acoustical Society of Korea
• /
• v.18 no.6
• /
• pp.3-8
• /
• 1999

In this paper, we propose a new active noise control system that cancels the only noise signal from the mixture selectively. A blind source separation realized by a dynamic recurrent neural network is used as a preprocessor of the active noise control system and separates the desired signal and the noise signal. The active noise control system adaptively generates an anti-noise signal to remove the only noise signal separated by the blind source separation. Computer simulation results show that the proposed scheme is effective to construct a selective attention system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.10
• /
• pp.1101-1108
• /
• 2015

In this paper, to provide a method and system for providing a network separation virtual machine environment. How to provide this virtual machine environment include phase generating necessary virtual resource requirement for the perform of virtual function and transfer to network changing protocol about request of registration virtual resource. For this reason, Registration procedure is to use a virtual machine for a virtual computing resource allocation and separation combined network any time, it became possible between servers and clients, or mobile phone. At any time, it is possible to process the work in the same environment as in a computer to access the Internet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.181-195
• /
• 2015

Financial industries have operated internal and external network with an unified system for continual business process of customers and other organizations in the past. The financial supervising authority requires more technical and managerial protecting policy to financial industries related to the exposure as danger of external attacks or information leakage. Financial industries performed network separation into internal business and external internet networks for protecting IT assets from malware infection accessing internet or hacking attacks and prohibiting leakage of customers' personal and financial information following financial supervising authority and redefine security policy to fit on network separated-condition. In this study, effectiveness for network separation policy was examined on malware inflow and verified that malware inflow in all routes can be blocked by the policy with analyzing operration data of a financial company, estimating network separation. Result of this study proves that malware infection route by portable storages was not completely blocked even on adapting network-separated condition. As a solution for this, efficient security policy would be suggested in this paper as controlling portable storages for maximizing effectiveness of network separation.

• Journal of the Korean Society of Manufacturing Process Engineers
• /
• v.14 no.2
• /
• pp.31-37
• /
• 2015

Recently, mobile phones have become necessary tools for everyday life. In this study, a device that can serve as a separation between a touch panel and an LCD module in a mobile phone was devised for mass repair processes at a smaill business. We used a wire cutting method to separate the bonding plate area between the modules. The device is composed of DC motors and stepping motors that can deliver a precise cutting motion. The motor control system is connected by individual control modules to a CAN network. The developed device showed excellent performance at high temperature conditions.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.4
• /
• pp.187-194
• /
• 2018

The operating system for IoT should have a small memory footprint and provide low power state, real-time, multitasking, various network protocols, and security. Although the Zephyr kernel, an operating system for IoT, released by the Linux Foundation in February 2016, has these features but errors generated by the user code can generate fatal problems in the system because the Zephyr kernel adopts a single-space method that both the user code and kernel code execute in the same space. In this research, we propose a space separation method, which separates kernel space and user space, to solve this problem. The space separation that we propose consists of three modifications in Zephyr kernel. The first is the code separation that kernel code and user code execute in each space while using different stacks. The second is the kernel space protection that generates an exception by using the MPU (Memory Protection Unit) when the user code accesses the kernel space. The third is the SVC based system call that executes the system call using the SVC instruction that generates the exception. In this research, we implemented the space separation in Zephyr v1.8.0 and evaluated safety through abnormal execution of the user code. As the result, the kernel was not crashed by the errors generated by the user code and was normally executed.