• 디지털융복합연구
• /
• 제11권10호
• /
• pp.445-451
• /
• 2013

최근 국내 주요 금융권 및 방송사를 타깃으로 사이버 테러가 발생하여 많은 수의 PC가 감염되어 정상적인 서비스 제공이 어려워졌으며 이로 인한 금전적 피해도 매우 큰 것으로 보고되었다. 빅 데이터의 중요성 인식과 이를 마케팅에 이용하려는 노력은 매우 활발한데 비해 빅 데이터의 보안 및 개인정보보호에 대한 노력은 상대적으로 낮은 수준을 보이고 있다. 이에 본 연구에서는 빅 데이터 산업의 실태분석과 지능화되고 있는 빅 데이터 보안 위협과 방어 기술의 변화에 대해 알아보고, 빅 데이터 보안에 대한 향후 대응방안을 제시한다.

• Journal of Information Processing Systems
• /
• 제14권1호
• /
• pp.239-251
• /
• 2018

In existing cloud services, information security and privacy concerns have been worried, and have become one of the major factors that hinder the popularization and promotion of cloud computing. As the cloud computing infrastructure, the security of virtual machine systems is very important. This paper presents an immune-inspired intrusion detection model in virtual machines of cloud computing environment, denoted I-VMIDS, to ensure the safety of user-level applications in client virtual machines. The model extracts system call sequences of programs, abstracts them into antigens, fuses environmental information of client virtual machines into danger signals, and implements intrusion detection by immune mechanisms. The model is capable of detecting attacks on processes which are statically tampered, and is able to detect attacks on processes which are dynamically running. Therefore, the model supports high real time. During the detection process, the model introduces information monitoring mechanism to supervise intrusion detection program, which ensures the authenticity of the test data. Experimental results show that the model does not bring much spending to the virtual machine system, and achieves good detection performance. It is feasible to apply I-VMIDS to the cloud computing platform.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2014년도 추계학술발표대회
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• International Journal of Internet, Broadcasting and Communication
• /
• 제11권2호
• /
• pp.59-66
• /
• 2019

The emergence of new IT technologies and convergence industries, such as artificial intelligence, bigdata and the Internet of Things, is another chance for South Korea, which has established itself as one of the world's top IT powerhouses. On the other hand, however, privacy concerns that may arise in the process of using such technologies raise the task of harmonizing the development of new industries and the protection of personal information at the same time. In response, the government clearly presented the criteria for deidentifiable measures of personal information and the scope of use of deidentifiable information needed to ensure that bigdata can be safely utilized within the framework of the current Personal Information Protection Act. It strives to promote corporate investment and industrial development by removing them and to ensure that the protection of the people's personal information and human rights is not neglected. This study discusses the strategy of deidentifying personal information protection based on the analysis of fake news. Using the strategies derived from this study, it is assumed that deidentification information that is appropriate for deidentification measures is not personal information and can therefore be used for analysis of big data. By doing so, deidentification information can be safely utilized and managed through administrative and technical safeguards to prevent re-identification, considering the possibility of re-identification due to technology development and data growth.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2013년도 춘계학술발표대회
• /
• pp.157-158
• /
• 2013

Data privacy and access control policies in computer clouds are a prime concerns while talking about the sensitive data. Authorized access is ensured with the help of secret keys given to a range of valid users. Granting the role access is a trivial matter but revoking user access is tricky and compute intensive. To revoke a user and making his data access ineffective the data owner has to compute new set of keys for the rest of effective users. This situation is inappropriate where user revocation is a frequent phenomenon. Time based revocation is another way to deal this issue where key for data access expires automatically. This solution rests in a very strong assumption of time determination in advance. In this paper we have proposed a mutable encryption for oblivious data access in cloud storage where the access key becomes ineffective after defined number of threshold by the data owner. The proposed solution adds to its novelty by introducing mutable encryption while accessing the data obliviously.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2013년도 춘계학술발표대회
• /
• pp.507-510
• /
• 2013

Cloud computing is an emerging technology, which allows the user to fulfill his needs by outsourcing the resources. With the passage of time, cloud computing has become an essential part of our lives. But it still requires some sort of standardization, specially in terms of user's trust, privacy, and security related things. This study presents different types of cloud computing services and their working domains along with some key virtualization related issues that are encountered by the cloud service provider as well as the user. Those key issues, related with virtual network are discussed in this paper. This study provides a basis to work further on those issues, so that the key concerns are addressed as soon as possible and cloud computing could become standardized and more prevalent.

• Journal of Contemporary Eastern Asia
• /
• 제20권1호
• /
• pp.102-119
• /
• 2021

Social credit rating in China (SCRC) has been criticized as "dystopian" and "Orwellian," an attempt by the Communist Party to hold onto power by exerting ever greater control over its citizens. To explain such measures, value differences are often invoked, that Chinese value stability and cooperation over privacy and freedom. However, these explanations are oversimplifications that result in ethical impasses. This article argues social credit rating should be understood in terms of the commonly human problem of large-scale cooperation. To do so, this paper relies on a cultural evolutionary framework and is an exercise in interpretive pros hen ethical pluralism, attempting to understand how apparently irresolvable cultural differences stem from common human concerns. Wholesale condemnation of SCRC fails to acknowledge the serious, intractable nature of problems resulting from a lack of trust in China. They take for granted the existence of institutions ensuring largescale, anonymous cooperation characteristic of - but somewhat unique to - Western Educated Industrialized Rich and Democratic (WEIRD) cultures. Because of its history and rapid development, China lacks the institutions necessary to ensure such cooperation, and because of anti-social punishment, social credit rating might be one of the few ways to ensure cooperation at this scale. The point is not to defend social credit rating in general, but to raise the possibility of its defense in China and show one way this would be done.

• Physical Therapy Rehabilitation Science
• /
• 제11권1호
• /
• pp.49-57
• /
• 2022

Objective: This study aims to conduct a comprehensive review of monitoring systems to monitor and manage physical function of community-dwelling elderly living alone and suggest future directions of unobtrusive monitoring. Design: Literature review Methods: The importance of health-related monitoring has been emphasized due to the aging population and novel corona virus (COVID-19) outbreak.As the population gets old and because of changes in culture, the number of single-person households among the elderly is expected to continue to increase. Elders are staying home longer and their physical function may decline rapidly,which can be a disturbing factorto successful aging.Therefore, systematic elderly management must be considered. Results: Frequently used technologies to monitor elders at home included red, green, blue (RGB) camera, accelerometer, passive infrared (PIR) sensor, wearable devices, and depth camera. Of them all, considering privacy concerns and easy-to-use features for elders, depth camera possibly can be a technology to be adapted at homes to unobtrusively monitor physical function of elderly living alone.The depth camera has been used to evaluate physical functions during rehabilitation and proven its efficiency. Conclusions: Therefore, physical monitoring system that is unobtrusive should be studied and developed in the future to monitor physical function of community-dwelling elderly living alone for the aging population.

• 시스템엔지니어링학술지
• /
• 제18권2호
• /
• pp.11-23
• /
• 2022

Although artificial intelligence(AI) is a key technology in the digital transformation among the emerging technologies, there are concerns about the use of AI, so many countries have been trying to set up a proper regulation system. This study analyzes the cases of the regulation policies on AI in USA, EU and Korea with the aim to set up and improve proper AI policies and strategies in Korea. In USA, the establishment of the code of ethics for the use of AI is led by private sector. On the other side, Europe is strengthening competitiveness in the AI industry by consolidating regulations that are dispersed by EU members. Korea has also prepared and promoted policies for AI ethics, copyright and privacy protection at the national level and trying to change to a negative regulation system and improve regulations to close the gap between the leading countries and Korea in AI. Moreover, this study analyzed the course of policy changes of AI regulation policy centered on ACF(Advocacy Coalition Framework) model of Sabatier. Through this study, it proposes hyper-scale AI regulation policy recommendations for improving competitiveness and commercialization in Korea. This study is significant in that it can contribute to increasing the predictability of policy makers who have difficulties due to uncertainty and ambiguity in establishing regulatory policies caused by the emergence of hyper-scale artificial intelligence.

• International Journal of Computer Science & Network Security
• /
• 제22권6호
• /
• pp.212-222
• /
• 2022

There has been a rapid increase in the use of cloud email services. As a result, email encryption has become more commonplace as concerns about cloud privacy and security grow. Nevertheless, this increase in usage is creating the challenge of how to effectively be searching and filtering the encrypted emails. They are popular technologies of solving the issue of the encrypted emails searching through searchable public key encryption. However, the problem of encrypted email filtering remains to be solved. As a new approach to finding and filtering encrypted emails in the cloud, we propose a ciphertext-based encrypted policy attribute-based encryption scheme and keyword search procedure based on hidden policy ciphertext. This feature allows the user of searching using some encrypted emails keywords in the cloud as well as allowing the emails filter-based server toward filter the content of the encrypted emails, similar to the traditional email keyword filtering service. By utilizing composite order bilinear groups, a hidden policy system has been successfully demonstrated to be secure by our dual system encryption process. Proposed system can be used with other scenarios such as searching and filtering files as an applicable method.