• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.303-311
• /
• 2017

As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.219-227
• /
• 2017

Network access control should be able to effectively block security threats to the IT infrastructure, such as unauthorized access of unauthorized users and terminals, and illegal access of employees to internal servers. From this perspective, it is necessary to build metrics based on relevant standards to ensure that security is being met. Therefore, it is necessary to organize the method for security evaluation of NAC according to the related standards. Therefore, this study builds a model that combines the security evaluation part of ISO / IEC 15408 (CC: Common Criteria) and ISO 25000 series to develop security metric of network access control system. For this purpose, we analyzed the quality requirements of the network access control system and developed the convergence evaluation metric for security of the two international standards. It can be applied to standardization of evaluation method for network access control system in the future by constructing evaluation model of security quality level of network access control system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.620-636
• /
• 2015

Survivability is a necessary property of network system in disturbed environment. Recovery ability is a key actor of survivability. This paper concludes network survivability into a novel composite metric, i.e. Network Recovery Degree (NRD). In order to measure this metric in quantity, a concept of Source-Destination Pair (SD Pair), is created to abstract end-to-end activity based on end nodes in network, and the quality of SD Pair is also used to describe network performance, such as connectivity, quality of service, link degree, and so on. After that, a Survivability Test method in large scale Network based on SD pairs, called STNSD, is provided. How to select SD Pairs effectively in large scale network is also provided. We set up simulation environment to validate the test method in a severe destroy scenario and evaluate the method scalability in different large scale network scenarios. Experiment and analysis shows that the metric NRD correctly reflects the effort of different survivability strategy, and the proposed test method STNSD has good scalability and can be used to test and evaluate quantitative survivability in large scale network.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.284-296
• /
• 2021

Quality Models are important element of the software industry to develop and implement the best quality product in the market. This type of model provides aid in describing quality measures, which directly enhance the user satisfaction and software quality. In software development, the inheritance technique is an important mechanism used in object-oriented programming that allows the developers to define new classes having all the properties of super class. This technique supports the hierarchy design for classes and makes an "is-a" association among the super and subclasses. This paper describes a standard procedure for validating the inheritance metric in Quality Model for Object-Oriented Design (QMOOD) by using a set of nine properties established by Weyuker. These properties commonly using for investigating the effectiveness of the metric. The integration of two measuring methods (i.e. QMOOD and Weyuker) will provide new way for evaluating the software quality based on the inheritance context. The output of this research shows the extent of satisfaction of the inheritance metric in QMOOD against Weyuker nine properties. Further results proved that Weyker's property number nine could not fulfilled by any inheritance metrics. This research introduces a way for measuring software that developed using object-oriented approach. The theoretical validation of the inheritance metric presented in this paper is a small step taken towards producing quality software and in providing assistance to the software industry.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.699-707
• /
• 2023

DevSecOps is a concept that adds security procedures to the operational procedures of DevOps to respond to the short development and operation cycle. Multi-step vulnerability scanning process should be considered to provide reliable security while supporting rapid development and deployment cycle in DevSecOps. Many open-source vulnerability scanning tools available can be used for each stage of scanning, but there are difficulties in evaluating the security level and identifying the importance of information in integrated operation due to the various functions supported by the tools and different security results. This paper proposes an integrated security metric design plan for scurity results and the combination of open-source scanning tools that can be used in security stage when building the open-source based DevSecOps system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• Convergence Security Journal
• /
• v.10 no.1
• /
• pp.29-34
• /
• 2010

It is very important to evaluate the quality of soft wares based on SOA, which develops rapidly. Particularly, one of the most important properties influencing on the quality of system is complexity. Therefore, we propose the metrics for measuring a structural complexity of softwares based on SOA. The proposed metrics is composed of the size of a service, the depth of a service and interdependency from the viewpoint of system structure, and finally we applied the proposed metric to an example.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.292-302
• /
• 2022

The radar tomographic imaging is based on the Radar Cross-Section "RCS" of the materials of a shape under examination and investigation. The RCS varies as the conductivity and permittivity of a target, where the target has a different material profile than other background objects in a scene. In this research paper, we use Hierarchical Performance Modeling "HPM" and a framework developed earlier to determine/spot bottleneck(s) for pattern recognition of materials using a combination of the Single Layer Perceptron (SLP) technique and tomographic images in radar systems. HPM provides mathematical equations which create Objective Functions "OFs" to find an average performance metric such as throughput or response time. Herein, response time is used as the performance metric and during the estimation of it, bottlenecks are found with the help of OFs. The obtained results indicate that processing images consumes around 90% of the execution time.

• International Journal of Computer Science & Network Security
• /
• v.24 no.2
• /
• pp.1-14
• /
• 2024

While text-to-image models have made remarkable progress in image synthesis, certain models, particularly generative diffusion models, have exhibited a noticeable bias to- wards generating images related to the culture of some developing countries. This paper introduces an empirical investigation aimed at mitigating the bias of image generative model. We achieve this by incorporating symbols representing Saudi culture into a stable diffusion model using the Dreambooth technique. CLIP score metric is used to assess the outcomes in this study. This paper also explores the impact of varying parameters for instance the quantity of training images and the learning rate. The findings reveal a substantial reduction in bias-related concerns and propose an innovative metric for evaluating cultural relevance.