• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.595-598
• /
• 2014

The cyber attacks of recent attacks that target zero-day exploit security vulnerabilities before the security patch is released (Zero Day) attack, the web site is without the Lord. These attacks, those that use the vulnerability of security that is built into the software itself is in most cases, cyber attacks that use the vulnerability of the security of the source code, in particular, has a characteristic response that are difficult to security equipment. Therefore, it is necessary to eliminate the security vulnerability from step to implement the software to prevent these attacks. In this paper, we try to design a Secure Coding Guide support tool to eliminate the threat of security from the stage of implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.23-30
• /
• 2008

Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.425-433
• /
• 2016

In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.66-71
• /
• 2016

Smart building gate security control system using smartphone integrated with near field communication (NFC) has become part of daily life usage these days. The technology change in replacing RF NFC device using visible light communication technology based approach growing faster in recent days. This paper propose a design and development of gate security control system using color code based user authentication ID generation as part of an intelligent access control system to control automatic door open and close. In this approach gate security access control use the recent visible light communication technology trends to transfer the user specific authentication code to door access control system using color code on smartphone screen. Using a camera in the door access control system (ACS), color codes on smartphone screens are detected and matched to the database of authenticated user to open the door automatically in gate security system. We measure the visual light communication technology efficiency as a part of the research and the experiments have revealed that more than 95% users authenticated correctly at the suggested experiment environment on gate security control system.

• Journal of Digital Convergence
• /
• v.19 no.7
• /
• pp.313-318
• /
• 2021

The purpose is to measure user experience in security-related services, focusing on Danggeun Market and Bungae Jangter, which are representative services in Korea among online trading of used goods. Using mobile applications, qualitative and quantitative research by conducting task experiments and surveys and in-depth interviews. As a result of the study, active interfaces are needed to make it easier for users to recognize safety and security services within current used trading platforms, a secure settlement method that benefits sellers, and services being provided to enhance security also need to consider graphical elements. This study is expected to help the continued development of safe used trading platforms considering security aspects on C2C-type platforms where buyers become sellers.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2006.05a
• /
• pp.417-418
• /
• 2006

CATIA V5 is one of the most preferred softwares in product design for domestic and industrial use. But with the development of the IT industry, design data by CATIA V5 can easily be hacked and stolen especially via the internet and through assistance storage medium. The design data could be protected through executive, physical and technical security system. The best way to maintain confidentiality of data from unauthorized access is to have a cryptosystem of the technical security. In this paper, a cryptosystem for the protection of design data was being proposed. The memory contains the file information made by the New and Open function of CATIA V5. No error can be expected even if the file changed before of after the application of Save and Open function, A cryptosystem was constructed in CATIA V5 by inserting crypto algorithm before and after the I/O process. The encryption/decryption algorithm of each function was based on the complex cipher, which applied permutation cipher and transpose cipher. The file security system was programmed in CAA V5 and Visual C++.

• Journal of the Korean Society for Precision Engineering
• /
• v.24 no.5
• /
• pp.77-81
• /
• 2007

CATIA V5 is one of the most preferred softwares in product design for domestic and industrial use. But with the development of the IT industry, design data by CATIA V5 can easily be hacked and stolen especially via the internet and through assistance storage medium. The design data could be protected through executive, physical and technical security system. the best way to maintain confidentiality of data from unauthorized access is to have a cryptosystem of the technical security. In this paper, a cryptosystem for the protection of design data was being proposed. The memory contains the file information made by the New and Open function of CATIA V5. No error can be expected even if the file changed before of after the application of Save and Open function. A cryptosystem was constructed in CATIA V5 by inserting crypto algorithm before and after the I/O process. The encryption/decryption algorithm of each function was based on the complex cipher, which applied permutation cipher and transpose cipher. The file security system was programmed in CAA V5 and Visual C++.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.203-211
• /
• 1994

본 논문에서는 다중 등급의 기밀성을 갖는 메세지의 보호를 위한 보안 특성 함수와 보안 오퍼레이션을 제시하였으며, 이를 구현하기 위한 네트워크 보안 커널의 구조를 설계하였다. 제안한 네트워크 보안 커널은 분산 네트워크상에서 다중등급보안 메세지를 안전하게 보호할 수 있도록 하는 분리된 (Isolated) 보호 기능을 제공한다.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.101-106
• /
• 2021

To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

• Nuclear Engineering and Technology
• /
• v.46 no.1
• /
• pp.47-54
• /
• 2014

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.