• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1167-1177
• /
• 2019

In this paper, the improved security operation model based on the vulnerability database is studied. The proposed model consists of information protection equipment, vulnerability database, and a dashboard that visualizes and provides the results of interworking with detected logs. The evaluation of the model is analyzed by setting up a simulated attack scenario in a virtual infrastructure. In contrast to the traditional method, it is possible to respond quickly to threats of attacks specific to the security vulnerabilities that the asset has, and to find redundancy between detection rules with a secure agent, thereby creating an optimal detection rule.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.45-52
• /
• 2012

CC does not Contain detailed instructions about evaluation document. So, we must develop document schema to make CC-based evaluation system. In this report, we developed document schema that can be used in CC-based evaluation system. We devloped document schema and DTD that applying Weakest precondition function, reduction rules about amount of document and dependancy analysis document from assurance class within CC. Approach of this study can be applied to develop document and DTD that can be used in evaluation system of software quality.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.79-87
• /
• 2017

The U.S. security regulation is under the influence of each state's law; however, they are mostly similar. Among many states which has the longest history of security regulation in the U.S., state of New York has been shown security regulation for a long time. The state of New York has been emphasized the importance of security significantly because it is economically, culturally, and internationally important place at the same time. New York's state law of security business includes: 1. private investigators and bail enforcement agents and watch, guard or patrol agencies license law. 2. Security guard act of 1992~,3. Title 19 New York State's code of rules and regulation (NYCRR). The law of New York City's private security could inspire Korean private security law in many ways. First, administration of professional law and variety of licensure could be an inspiration to the Korean security services. Second, there are intimate partnership between police and private security in the U.S. New York police's private security partnership has been started since 1986 by Area Police/Private Security Liaison (APPL program) and there are about 1,300 of security companies participating. This program provides not only the simple partnership but also giving essential information for promoting public safety.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2013

New information technologies make it easy to access and acquire information in various ways. However, It also enable powerful and various threat to system security. To challenge these threats, various extended access control methods are being studied. We suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules via their semantic relationship. New our approach derives semantic implications using tree hierarchy structure and coordinates the exceed privileges using semantic gap factor calculating the degree of the discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.57-70
• /
• 1999

Since a hybrid firewall filters packets at a network layer along with providing gateway functionalities at an application layer, it has a better performance than an If filtering firewall. In addition, it provides both the various kinds of access control mechanisms and transparent services to users. However, the security policies of a network layer are different from those of an application layer. Thus, the user interfaces for managing a hybrid firewalls in a consistent manner are needed. In this paper, we implement a graphical user interface to provide access control mechanisms and management facilities for a hybrid firewall such as log analysis, a real-time monitor for network traffics, and the statisics on traffics. And we also propose a new rule script language for specifying access control rules. By using the script language, users can generate the various forma of access control rules which are adapted by the existing firewalls.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.28 no.2
• /
• pp.18-28
• /
• 2020

This paper has studied the effect of airline staff's perception on both aviation safety and aviation security to their organizational effectiveness. Airline staff's perception on aviation safety is different from that on aviation security due to organizational difference in an airline. Through an empirical analysis, it was analyzed the effect of such perceptional difference on airline's organizational effectiveness. According to the analysis, it was found the perception of aviation safety has a significant positive effect on organizational effectiveness. Airline staff believed the safety is a core value of an airline and emphasizing the safety never impeded the airline's operation including service quality. Secondly, it was proven the perception on abiding by aviation security rules had a significant negative effect on organizational effectiveness. However, emphasizing aviation security had a very significant positive contribution on airline's philosophy of aviation safety. Following the research results, it was suggested an airline look for improving the process and regulations to deal with aviation security in the organization.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.685-703
• /
• 2024

Cloud computing provides each consumer with a large-scale computing tool. Different Cyber Attacks can potentially target cloud computing systems, as most cloud computing systems offer services to many people who are not known to be trustworthy. Therefore, to protect that Virtual Machine from threats, a cloud computing system must incorporate some security monitoring framework. There is a tradeoff between the security level of the security system and the performance of the system in this scenario. If strong security is needed, then the service of stronger security using more rules or patterns is provided, since it needs much more computing resources. A new way of security system is introduced in this work in cloud environments to the VM on account of resources allocated to customers are ease. The main spike of Fog computing is part of the cloud server's work in the ongoing study tells the step-by-step cloud server to change the tremendous measurement of information because the endeavor apps are relocated to the cloud to keep the framework cost. The cloud server is devouring and changing a huge measure of information step by step to reduce complications. The Medical Data Health-Care (MDHC) records are stored in Cloud datacenters and Fog layer based on the guard intensity and the key is provoked for ingress the file. The monitoring center sustains the Activity Log, Risk Table, and Health Records. Cloud computing and Fog computing were combined in this paper to review data movement and safe information about MDHC.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.32
• /
• pp.59-91
• /
• 2006

The Arbitration Act of Korea was promulgated in 1966. Since the promulgation of Arbitration Act of Korea, consecutive amendments took place in 1973, 1993, 1997, 1999, 2001 and 2002. Among the various set of amendments, those of 1999 were designed to accommodate the UNCITRAL Model Law on international Commercial Arbitration of 1985. Korea has acceded to special international conventions on dispute settlement such as the New York Convention of 1958 and the Washington Convention of 1965. The Korean Commercial Arbitration Board(KCAB) administers the arbitration proceedings in accordance with its Arbitration Rules approved by the Korean Supreme Court. Since the establishment of the first Arbitration Rules in 1966. consecutive amendments took place in 1973, 1981, 1989, 1993, 1996, 2000 and 2004. The KCAB plans to enact the International Arbitration Rules, which will be available to disputing parties in addition to the KCAB Arbitration Rules. In 2005, arbitration applications received at KCAB recorded a historic high at 213 cases, an increase of 22% from 175 cases in 2000. But in 2005, the total amount involved in the arbitration cases decreases to US$ 129 million, a decline of 63% from US$ 346 million in 2000. The KCAB should take the following measures for activating the commercial arbitration system: the globalization of KCAB, the advertisement of arbitration system, the security of qualified arbitrators, and the enhancement of the secretariat service. In conclusion, the KCAB should make efforts for the development of the arbitration system and for the upgrade of customer satisfaction. Moreover the KCAB should make further efforts to grow into a global arbitration institution as well as strengthening relations with international arbitration institutions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.8
• /
• pp.651-662
• /
• 2013

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

• Journal of Arbitration Studies
• /
• v.11 no.1
• /
• pp.247-286
• /
• 2001

This study is to analyze e-commerce issues and how to settle arbitration dispute resolution. Considering internet related business spread out worldwide, the dispute is incurred in variety areas. To resolve the dispute of e-commerce, government has been released several laws for protecting legal transaction, information exposure, and internet security, etc. However, internet related technology is changing rapidly and dispute issues are coming out at many different models. Upon that environments, law and rules could not be followed to meet the technology change. That issues are made for this study. In this study, outlook of e-commerce, status of domestic and overseas of internet business, e-commerce and security issues were analyzed, and empirically comparative analysis was driven out and variety dispute cases were studied. Upon that study the resolution methods were suggested and arbitration settlement was proposed prior to legal sue. This study results are how to minimize the disputes and the method of dispute settlement. Therefore, a role of arbitration proposed and emphasized. To protect the dispute in advance, it's suggested to revise rules timely following on technical changes, and emphasized that the dispute has to lead to arbitration settlement not for consuming unnecessary time and finance for enterprises and consumers.