• 한국멀티미디어학회논문지
• /
• 제19권1호
• /
• pp.51-59
• /
• 2016

Physical security protecting people from physical threats, such as a person or vehicle, has received a great attention. However, it has many risks of hacking and other security threats because it is highly dependent on automated management systems. In addition, a representative system of physical security, a CCTV control system has a high risk of hacking, such as video interceptions or video modulation. So physical security needs urgent security measures in accordance with these threats. In this paper, we examine the case of security threats that have occurred in the past, prevent those from threatening the physical security, and analyze the security problem with the threats. Then we study the countermeasures to prevent these security threats based on the problems found in each case. Finally we study for the method to apply these countermeasures.

• 한국항행학회논문지
• /
• 제12권1호
• /
• pp.61-67
• /
• 2008

특정 목적을 달성하기 위해서 멀티미디어 시스템을 구축하고 운영하는 조직은, 보안수준을 결정하고, 보안대책을 구현하며, 보안대책의 효과를 유지하기 위해 관리를 하여야 한다. 멀티미디어 시스템이 보안수준을 결정하고 관리하기 위해서, 첫째, 조직은 보안 수준을 결정할 수 있어야 하고, 둘째, 보안 수준에 따라 보안대책을 수립하는 절차를 확립하여야 하며, 셋째, 보안대책이 적용되어야 하는 영역을 결정할 수 있어야 하고, 마지막으로 조직은 보안대책의 효과를 평가하고 개선할 수 있어야 한다. 본 논문에서는 멀티미디어 시스템에 대한 위협의 분석, 멀티미디어 자산의 중요도 분석에 기반하여 멀티미디어 시스템의 보안수준을 결정하는 방법을 제안하였다.

• 한국IT서비스학회지
• /
• 제14권4호
• /
• pp.81-104
• /
• 2015

Intentional information systems (IS) misuse is a serious problem in many organizations. This study aims at developing the theoretical framework of deterring IS misuse on the basis of Nagin's General Deterrence Theory (GDT) which is very famous in the area of socio-criminology. Applying GDT to the IS misuse situation could be reasoned that the perceived certainty and the perceived severity of sanctions associated with committing IS misuse have positive impact on deterring the deviant behaviors. Also, these two constructs (certainty of sanctions and severity of sanctions) could be inferred to be influenced by the four types of IS security countermeasures (security policies, security awareness program, monitoring practices and preventive security software) derived through critically reviewing IS security-relevant literature. The proposed research model and ten hypotheses were empirically analysed using structural equation modelling with the data collected by conducting a questionnaire survey of staff members in business organizations in Korea. As a result, it was found that five ones of ten hypotheses were supported. It is thought that this study makes theoretical contribution to expanding research area of IS security and also has strong implications for IS security management practices within organizations.

• 대한안전경영과학회지
• /
• 제11권2호
• /
• pp.235-240
• /
• 2009

Approximately 95% of the world's trade moves by containers, primarily on large ships, but also on trains, trucks, and barges. The system is efficient and economical, but vulnerable. However, the rise of terrorism and the possibility that a container could be used to transport or actually be the delivery vehicle for weapons of mass destruction or high explosives have made it imperative that the security of shipping container system be greatly improved. This study proposed a trend of container security and its Countermeasures.

• 정보보호학회논문지
• /
• 제27권5호
• /
• pp.1201-1216
• /
• 2017

최근 한국을 비롯한 전 세계적으로 많은 국가들이 분산 원장 기술(예: 블록체인)을 활용한 온라인 투표를 적극적으로 도입하여 이용하고 있으나, 현재 널리 보급된 정보통신 인프라 기반의 분산 원장 기술을 활용한 온라인 투표 시스템에 대한 잠재적인 보안 위협 분석이 미흡한 실정이다. 본 논문에서는 분산 원장 기술을 활용한 온라인 투표 시스템에 대한 모델을 제시하고 온라인 투표 과정에서 발생할 수 있는 보안 위협을 정보보호 측면에서 분석함으로서 그에 따른 대응 방안을 제시하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권5호
• /
• pp.2084-2100
• /
• 2020

Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2013년도 춘계학술대회
• /
• pp.256-259
• /
• 2013

Data and network security for e-Healthcare Systems are a primary concern due to the easiest deployment area accessibility of the sensor devices. Furthermore, they are often interacting closely in cooperation with the physical environment and the surrounding people, where such exposure increases security vulnerabilities in cases of improperly managed security of the information sharing among different healthcare organizations. Hence, healthcare-specific security standards such as authentication, data integrity, system security and internet security are used to ensure security and privacy of patients' information. This paper discusses security threats on e-Healthcare Systems where an attacker can access both data and network using masquerade attack. Moreover, an efficient and cost effective approach for countermeasures is discussed for the delivery of secure services.

• 경영정보학연구
• /
• 제22권2호
• /
• pp.201-217
• /
• 2020

정보보호는 기업의 운영과 고객의 신뢰를 보장하는 필수요소이며 침해사고 예방을 통해 불확실한 피해를 완화시킬 수 있기 때문에 적절한 정보보호 대책의 선택과 적정투자 수준을 결정하는 것이 중요하다. 본 연구는 다양한 산업군에 속해있는 기업에서 정보보호 대책 투자에 활용할 수 있는 예산 범위에서 구성할 수 있는 최적의 정보보호 대책 포트폴리오 구성뿐만 아니라, 각 대책의 적절한 투자 수준에 대한 의사결정 지원 모델을 제시한다. 이를 위하여 산업군별 침해사고 유형 통계를 분석하고 유전자 알고리즘을 활용하여 최적 정보보호 대책 투자 포트폴리오를 도출한다. 도출된 모델을 기존 유전자 알고리즘을 이용한 정보보호 대책 투자 최적화 모델과 비교하고 기업 대상 설문 조사를 통하여 실제 사례를 분석한다.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 1995년도 종합학술발표회논문집
• /
• pp.51-58
• /
• 1995

The importance of the risk analysis tool has been recognized and its use also has been emphasized by a number of researchers recently The methodology were examined but neither algorithms nor practical applications have been implemented or practiced in Korea. In this paper, the architecture of the Buddy System, one of the automated risk assessment tools. is analyzed in depth to provide the algorithmic understanding and to promote the development of the risk analysis methodology. The Buddy System mainly uses three main factors of vulnerability, threat and countermeasures as a nucleus of the qualatative analysis with the modified loss expectancy value. These factors are identified and assessed by the separation of duties between the end user and security analyst. The Buddy System uses five axioms as its bases of assessment algorithm and the assessed vulnerability level is strictly within these axioms. Since the In-place countermeasures reduce the vulnerability level up to a certain level. the security analyst may use "what if " model to examine the impact of additional countermeasures by proposing each to reduce the vulnerability level further to within the acceptable range. The emphasis on the qualitative approach on vulnerability leveling is very well balanced with the quantitative analysis that the system performance is prominent.prominent.

• 디지털융복합연구
• /
• 제9권4호
• /
• pp.29-40
• /
• 2011

본 연구는 국가 어젠다로 추진되고 있는 스마트휘크 환경에서의 정보보호 관련 주요 이슈와 문제점들을 살펴보고 해결방안을 제시하고자 한다. 특히 최근 스마트워크 1.0에서 스마트워크 2.0으로 진화되고 있는 시점에서 보안 문제에 대한 논의는 매우 중요하다. 본 논문에서는 재택근무, 모바일 오피스, 스마트워크센터 등 대표적 스마트워크 1.0 환경에서 발생하는 보안문제와 이에 대한 대응 방안을 살펴보며, 또한 협력성의 확대 및 창의성의 증가 등 스마트워크 2.0에서 새로이 부각되는 주요 개념들로부터 파생되는 보안이슈와 대응방안을 고찰한다.