• Title/Summary/Keyword: Security design

Search Result 3,411, Processing Time 0.031 seconds

A Policy-based Secure Framework for Constructing Secure Networking (안전한 네트워크 구성을 위한 정책기반 보안 프레임워크)

  • 박상길;장종수;손승원;노봉남
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.27 no.8C
    • /
    • pp.748-757
    • /
    • 2002
  • Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

Design and Implementation of Security System for Wargame Simulation System (워게임 시뮬레이션 시스템을 위한 보안시스템 설계 및 구현)

  • Song Jong Seok;Kim Jin Soo;Shin Moon Sun;Ryu Keun Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.369-378
    • /
    • 2005
  • War simulation system is a virtual space that my tactical simulation exercise is held. The data used in this system are considered sensitive and needs to be protected. But suity vulnerabilities and possible security loopholes were not considered when designing the war game simulation system. So currently the systemis highly vulnerable against hackers and data leakages. This paper proposed a security system for war game simulation system based on considering the currently vulunerabilities and possible suity leakages. The proposed security system supports security patches. In this paper, we analyze vulunerabilities of the running environment of current system and we design and implement the security system that is consisted of three components : Authentication System, Encryption System and Network Security System. The security patches are safe and there are no negative effects on the system's performance. The patches are proved to be effective and very reliable towards solving the security vulnerabilities.

An Improvement of Security for the National Assembly (국회시설보안 향상방안)

  • Chung, Taehwang
    • Journal of the Society of Disaster Information
    • /
    • v.9 no.3
    • /
    • pp.290-299
    • /
    • 2013
  • This study is to present an improvement of security for the National Assembly by survey of persons who use the National Assembly facilities. Most of respondent said that their security consciousness level is above average, and they know National Assembly building is National Major Facility First class but they did not know well what the Major Facility First class is. Many of respondents thought security design of National Assembly building is inadequate, so reinforcement of access control management is necessary. For reinforcement of access control management, security gate and preparing of some obstacles are required. They said that they could put up with inconveniences incurred as a result of reinforcement of access control management, that could be affected positively for the reinforcement. The recognition on the necessity of security education is high, but there is no proper security education program. For practical security education, contents and different method followed by different facilities user should be considered.

A Study on DSMS Framework for Data Security Certification (데이터보안인증을 위한 DSMS 프레임워크 구축 연구)

  • Yoo, Seung Jae
    • Convergence Security Journal
    • /
    • v.19 no.4
    • /
    • pp.107-113
    • /
    • 2019
  • Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

A Design on the Information Security Auditing Framework of the Information System Audit (정보시스템 감리에서의 정보보호 감리모형 설계)

  • Lee, Ji Yong;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.233-245
    • /
    • 2010
  • This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

Deriving Usability Evaluation Criteria for Threat Modeling Tools (위협 모델링 도구의 사용성 평가기준 도출)

  • In-no Hwang;Young-seop Shin;Hyun-suk Cho;Seung-joo Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.763-780
    • /
    • 2024
  • As the domestic and international landscape undergoes rapid changes, the importance of implementing security measures in response to the growing threats that businesses face is increasing. In this context, the need for Security by Design (SbD), integrating security from the early design stages, is becoming more pronounced, with threat modeling recognized as a fundamental tool of SbD. Particularly, to save costs and time by detecting and resolving security issues early, the application of the Shift Left strategy requires the involvement of personnel with limited security expertise, such as software developers, in threat modeling. Although various automated threat modeling tools have been released, their lack of user-friendliness for personnel lacking security expertise poses challenges in conducting threat modeling effectively. To address this, we conducted an analysis of research related to threat modeling tools and derived usability evaluation criteria based on the GQM(Goal-Question-Metric) approach. An expert survey was conducted to validate both the validity and objectivity of the derived criteria. We performed usability evaluations of three threat modeling tools (MS TMT, SPARTA, PyTM), and the evaluation results led to the conclusion that MS TMT exhibited superior usability compared to other tools. This study aims to contribute to the creation of an environment where personnel with limited security expertise can effectively conduct threat modeling by proposing usability evaluation criteria.

The Effect of Organizational Information Security Environment on the Compliance Intention of Employee (조직의 정보보안 환경이 조직구성원의 보안 준수의도에 미치는 영향)

  • Hwang, Inho;Kim, Daejin
    • The Journal of Information Systems
    • /
    • v.25 no.2
    • /
    • pp.51-77
    • /
    • 2016
  • Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

A GOSST Heuristic Mechanism for the Design of a Physical Multiple Security Grade Network (물리적 다중 보안 등급 네트워크 설계를 위한 GOSST 휴리스틱 메커니즘)

  • Kim, In-Bum;Kim, Chae-Kak
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.12B
    • /
    • pp.728-734
    • /
    • 2007
  • In this paper, we propose a GOSST(Grade Of Services Steiner minimum Tree) heuristic mechanism for the design of a physical multiple security grade network with minimum construction cost. On the network, each node can communicate with other nodes by its desiring security grade. Added to the existing network security methods, the preventing method from illegal physical access is necessary for more safe communication. To construct such network with minimum cost, the GOSST problem is applied. As the GOSST problem is a NP-Hard problem, a heuristic with reasonable complexity is necessary for a practical solution. In this research, to design the physical multiple security grade network with the minimum construction cost, the reformed our previous Distance Direct GOSST heuristic mechanism is proposed. The mechanism brings average 29.5% reduction in network construction cost in comparison with the experimental control G-MST.

A Study of Web Application Security Quality Architecture Management Process referenced ISO/IEC9000 Model (ISO/IEC9000모델을 참조한 웹 애플리케이션 보안품질 관리체계 설계)

  • Kim, Jeom-Goo;Noh, Si-Choon;Lee, Do-Hyeon
    • Convergence Security Journal
    • /
    • v.12 no.3
    • /
    • pp.11-17
    • /
    • 2012
  • According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.

Design of Hardware(Hacker Board) for IoT Security Education Utilizing Dual MCUs (이중 MCU를 활용한 IoT 보안 교육용 하드웨어(해커보드) 설계)

  • Dong-Won Kim
    • Convergence Security Journal
    • /
    • v.24 no.1
    • /
    • pp.43-49
    • /
    • 2024
  • The convergence of education and technology has been emphasized, leading to the application of educational technology (EdTech) in the field of education. EdTech provides learner-centered, customized learning environments through various media and learning situations. In this paper, we designed hardware for EdTech-based educational tools for IoT security education in the field of cybersecurity education. The hardware is based on a dual microcontroller unit (MCU) within a single board, allowing for both attack and defense to be performed. To leverage various sensors in the Internet of Things (IoT), the hardware is modularly designed. From an educational perspective, utilizing EdTech in cybersecurity education enhances engagement by incorporating tangible physical teaching aids. The proposed research suggests that the design of IoT security education hardware can serve as a reference for simplifying the creation of a security education environment for embedded hardware, software, sensor networks, and other areas that are challenging to address in traditional education..