• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.1
• /
• pp.8-11
• /
• 2008

There are multiple reasons that caused the present serious status of network security, including Internet itself having a weak basis. However security is usually discarded when it contends with performance. As the world becomes more tightly interconnected, security technology continues to mature, organizations are feeling a greater need to rediscover network security. Network security technology generally concentrates on protection of the network infrastructure and, by implication, the protection of the user. This is a paper, describe current problems of network security and propose solutions.

• Korean Security Journal
• /
• no.51
• /
• pp.11-35
• /
• 2017

The third industrial revolution, characterized by factory automation and informatization, are moving toward the fourth industrial revolution which is the era of superintelligence and supernetworking through rapid technology innovation. The most important resources in the fourth industrial revolution are information or data since the most of industrial and economic activities will be affected by information in the fourth industrial revolution. Therefore we can expect that more information will be utilized, shared and transfered through the networks or systems in real time than before so the significance of information management and security will also increase. As the importance of information resource management and security which is the core of the fourth industrial revolution increases, the threats on information security are also growing so security incidents such as data breeches and accidents take place more often. Various and thorough solutions are highly needed to protect information resources from security risks because information accidents or breaches seriously damage brand image and cause huge financial damage to organization. The purpose of this study is to research general trends on data breaches and accident that can be serious threat of information security. Also, we will provide resonable solutions to protect data from nine attack patterns or other risk factors after figuring out each characteristic of nin attack patterns in data breaches and accidents.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.492-501
• /
• 2019

To use the system safely in cyberspace, you need to use a security solution that is appropriate for your situation. In order to strengthen cyber security, it is necessary to accurately understand the flow of security from past to present and to prepare for various future threats. In this study, information security words of security/hacking news of Naver News which is reliable by using text mining were collected and analyzed. First, we checked the number of security news articles for the past seven years and analyzed the trends. Second, after confirming the security/hacking word rankings, we identified major concerns each year. Third, we analyzed the word of each security solution to see which security group is interested. Fourth, after separating the title and the body of the security news, security related words were extracted and analyzed. The fifth confirms trends and trends by detailed security solutions. Lastly, annual revenue and security word frequencies were analyzed. Through this big data news analysis, we will conduct an overall awareness survey on security solutions and analyze many unstructured data to analyze current market trends and provide information that can predict the future.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.636-642
• /
• 2021

Vehicular Ad hoc Networks (VANET's) are gaining popularity in research community with every passing year due to the key role they play in Intelligent Transportation System. Their primary objective is to provide safety, but their potential to offer a variety of user-oriented services makes them more attractive. The biggest challenge in providing all these services is the inherent characteristics of VANET itself such as highly dynamic topology due to which maintaining continuous communication among vehicles is extremely difficult. Here comes the importance of routing solutions which traditionally are designed using strict layered architecture but fail to address stringent QoS requirements. The paradigm of cross-layer design for routing has shown remarkable performance improvements. This paper aims to highlight routing challenges in VANET, limitations of single-layer solutions and presents a survey of cross-layer routing solutions that utilize the information from the MAC layer to improve routing performance in VANET.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2151-2154
• /
• 2003

Internet is deeply rooted in everyday life and many things are performed using internet in real-world, therefore internet users increased because of convenience. Also internet accident is on the increase rapidly. The security vendor developed security system to protect network and system from intruder. Many hackings can be prevented and detected by using these security solutions. However, the new hacking methods and tools that can detour or defeat these solutions have been emerging and even script kids using these methods and tools can easily hack the systems. In consequence, system has gone through various difficulties. So, Necessity of intruder trace-back technology is increased gradually. Trace-back technology is tracing back a malicious hacker to his real location. trace-back technology is largely divided into TCP connection trace-back and IP packet trace-back to trace spoofed IP of form denial-of-service attacks. TCP connection trace-back technology that autonomously traces back the real location of hacker who attacks system using stepping stone at real time. In this paper, We will describe watermark trace-back system using TCP hijacking technique to supplement difficult problem of connection maintenance happened at watermark insertion. Through proposed result, we may search attacker's real location which attempt attack through multiple connection by real time.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.107-113
• /
• 2017

Open platform technology in the banking industry is anticipated to impact the market very positively together with the activation of Fin Tech services. The domestic environment of payment services has been rapidly changing into the mobiles and multiple new payment services have been introduced from a variety of vendors. However, the convenience of payment always causes worsening the security, and the accidents on the security have been continued to occur such as leakage of personal information, hacking and so on upon the expansion of the industry and the market size. This study aims to analyze the status of Fin Tech open platforms and various problems of the related standard technologies, and to suggest the possible solutions. Upon the analysis results, it was confirmed that multiple solutions were required to improve the main security protocols of open platforms and to process the security functions diversely. In conclusion, the results of this study will be helpful to determine the direction of the solution on the security issues in the open platform environment of the current industry.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.951-958
• /
• 2007

Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID may be viewed as a means of explicitly labeling objects to facilitate their "perception" by computing devices. RFlD systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFlD systems which could threat the technology s future. To successfully adopt RFID technology in various applications. we need to develop the solutions to protect the RFID system s data information. This study investigates important issues related to privacy and security of RF1D based on the recent literature and suggests solutions to cope with the problem.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.286-308
• /
• 2018

The availability of powerful and sensor-enabled mobile and Internet-connected devices have enabled the advent of the ubiquitous sensor network (USN) paradigm. USN provides various types of solutions to the general public in multiple sectors, including environmental monitoring, entertainment, transportation, security, and healthcare. Here, we explore and compare the features of wireless sensor networks and USN. Based on our extensive study, we classify the security- and privacy-related challenges of USNs. We identify and discuss solutions available to address these challenges. Finally, we briefly discuss open challenges for designing more secure and privacy-preserving approaches in next-generation USNs.

• Proceedings of the IEEK Conference
• /
• 2000.11c
• /
• pp.55-58
• /
• 2000

EC, which is done the virtual space through Web, has weakly like security problem because anybody can easily access to the system due to open network attribute of Web. Therefore, we need the solutions that protect the Web security for safe and useful EC. One of these solutions is the implementation of a strong cipher system. NC(Nonpolynomial Complete) cipher system proposed in this paper is advantage for the Web security and it overcomes the limit of the 64 bits cipher system using 128 bits key length for input, output, encryption key and 16 rounds. Moreover, it is designed for the increase of time complexity by adapted more complex design for key scheduling regarded as one of the important element effected to encryption.