• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.33-40
• /
• 2012

Existing comparative studies on legal system of cyber security just listed and introduced several laws of Korea and other countries and presented comprehensive comparison. These studies makes it difficult to know that which part of the cyber security activities has insufficient legal system from a practical standpoint because it is not easy to figure out. So cybersecurity stages are chosen as comparison criteria. And the legal system of United States are chosen as the target comparing one of South Korea. Then the legal system on cybersecurity stages in South Korea is compared with one of United States. Therethrough many problems of the legal system of South Korea is identified, for example, the absence of regulations, the lack of clarity, lack of effectiveness, and overlapping regulations, in prevention, detection, response, the recovery in cyber security. And many ways are suggested to improve the legal system for the resolution of such problems.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.113-120
• /
• 2006

C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.919-928
• /
• 2018

Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

• Journal of National Security and Military Science
• /
• s.15
• /
• pp.1-30
• /
• 2018

This study focused on how to supplement and develop military spiritual education in response to promotion of peace and prosperity and Change of Security Environment on the Korean Peninsula. In order to succeed in the peace and prosperity on the Korean Peninsula policy, Strengthening the military spiritual education is necessary. This study was analyzed through the survey and the results are as follows: First, the awareness level of military spiritual education is more than 68%. Second, the satisfaction level of education has been quit motivated, but, the respondents demands various methods of eduction. Third, the current mental power scores showed no significant difference for environmental change. In addition, based on the results of the research, the problem of military spiritual education is as follows. It is not enough to secure the identity that can firmly support the era of peace and prosperity on the Korean peninsula. Poor budget support might hinder improving poor education facilities and outdated equipment. Furthermore, there is a lack of research on future-oriented educational system in support of traditional education methods of repetition-type repeated education and unification. Therefore, we deducted the following development strategies for the military spiritual education in this paper. First, it is necessary to strengthen the military spiritual education to support the era of peace and prosperity on the Korean Peninsula. Second, for enhancing educational environments, the educational facilities and equipments should be improved by understanding the characteristics of the education target. Third, the integrated management of military research institutes specialized in military spiritual education should be pursued as a system development for ensuring the continuous effect of education. In conclusion, continuous attention and research are needed to establish national perspective and national security perspective, raise the military spirit and utilize various education development programs in order to develop efficient military spiritual education in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.89-98
• /
• 2010

Wireless LAN (WLAN) is type of wireless service that has higher data transmission than current cellular networks. The usage is continually increasing. There are a lot of vulnerabilities in wireless network, due to the properties of the wireless environment, regardless of its popularity. IEEE announced the 802.11i security standard to solve these problems. The vulnerable point of messages used in the process of key distribution for 802.11i makes the target node attacked lose memory through continuous messages and blocks the legitimate WLAN service. In this paper, we proposed new schemes to solve this problem and compared our proposals with the current process. The proposed protocol eliminates the memory exhaustion problem on the client side by using methods for reduction of memory usage.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.173-182
• /
• 2023

The UAE government has set its sights on creating a smart, electronic-based government system that utilizes AI. The country's collaboration with India aims to bring substantial returns through AI innovation, with a target of over $20 billion in the coming years. To achieve this goal, the UAE launched its AI strategy in 2017, focused on improving performance in key sectors and becoming a leader in AI investment. To ensure public safety as the role of AI in government grows, the country is working on developing integrated cyber security solutions for SCADA systems. A questionnaire-based study was conducted, using the AI IQ Threat Scale to measure the variables in the research model. The sample consisted of 200 individuals from the UAE government, private sector, and academia, and data was collected through online surveys and analyzed using descriptive statistics and structural equation modeling. The results indicate that the AI IQ Threat Scale was effective in measuring the four main attacks and defense applications of AI. Additionally, the study reveals that AI governance and cyber defense have a positive impact on the resilience of AI systems. This study makes a valuable contribution to the UAE government's efforts to remain at the forefront of AI and technology exploitation. The results emphasize the need for appropriate evaluation models to ensure a resilient economy and improved public safety in the face of automation. The findings can inform future AI governance and cyber defense strategies for the UAE and other countries.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Smart Media Journal
• /
• v.6 no.1
• /
• pp.61-67
• /
• 2017

A large number of people living in modern times prefer remaining unmarried or living alone independently for the reason of their own will or another person's will. This is because they dislike being interfered with by other persons or because there is a financial problem. This behavior has become mainstream in persons working for professional jobs, persons having a strong disposition toward individual activity or college students. In particular, career women pursuing their own comfortable life have the tendency to prefer single life. However, sometimes, they become a target of crime that targets and makes bad use of this point. For these reasons. Consequently, sometimes, they additionally install and use a security system such as door security guard at front door and so on. It is not so difficult to lock the door security guard at the front door. However, it is apt to be forgotten. And when they are on the bedspread before falling asleep, in case they should check whether the door security guard is locked or in case they should lock it, they should get up, go to the entrance, and check and lock the door security guard. They often don't lock the door security guard due to their feeling that it is all right because of annoyance and inconvenience. This paper is intended to work for safety from crime such as illegal housebreaking by more conveniently using the door security guard after designing and implementing a system that can remotely control the door security guard, using a smartphone as a method of resolving this annoyance and keeping life more safe.