• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.119-127
• /
• 2013

The merits of Smartphone are portability, convenience and especially a lot of information can be stored in the device. Especially in Smartphone, users can install programs that cannot install to normal cell phone and users can use many different services through these Smartphone programs. Also Smartphone can connect to Internet through network, so it can access information anytime, anywhere easily. Security of personal information and variety of information which stored in Smartphone are in risk. In Chapter 2 of thesis, it will discuss the definition and features of the Smartphone and market trends. In Chapter 3 of thesis, it will discuss security vulnerabilities of Smartphone and it will analyze and research security vulnerabilities of Smartphone in Chapter 4. In conclusion, it will check users' identification twice in useful application especially application that relate to finance and mobile payment. By checking users' identification several times, it will help to defend from security threats. Users can use Smartphone safely and convenience by know how to prevent from mobile hacking for personal and private information. the quality of APIs matching by the clustering and hierarchical relationships mechanism.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2002.11a
• /
• pp.72-81
• /
• 2002

Management for security product and application is becoming more difficult because they became more specialized. Most of research is focused on combining policies for information security management policy, security standard, and security tools. However, there are no researches for total solution for both application and security policy. Thereby, the purpose of this research is to propose a remote integrated management system based on linux. The system could efficiently manage data update for application and policy update for a server supporting the distinct configuration of each server. By using the remote integrated management system, system manager with poor secure knowledge also could easily manage their system securely.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.11a
• /
• pp.72-81
• /
• 2002

Management for security product and application is becoming more difficult because they became more specialized. Most of research is focused on combining policies for information security management policy, security standard, and security tools. However, there are no researches for total solution for both application and security policy. Thereby, the purpose of this research is to propose a remote integrated management system based on linux. The system could efficiently manage data update for application and policy update for a server supporting the distinct configuration of each server. By using the remote integrated management system, system manager with poor secure knowledge also could easily manage their system securely.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Journal of Information Processing Systems
• /
• v.2 no.3 s.4
• /
• pp.170-177
• /
• 2006

Recently, RFID technology has attracted considerable attention in many industry fields. The RFID environment requires a standard architecture for the smooth exchange of data between heterogeneous networks. The architecture should offer an efficient standard environment, such as a communication environment based on Web Services, PKI or Kerberos-based security, and abstract business processes which could be used in the diverse domains. Therefore, in this paper, we propose an Enterprise Application Framework (EAF) which includes a standard communication protocol, security functions, and abstract level business processes. The suggested architecture is expected to provide a more secure and flexible security management in the dynamic RFID application environments, and is expected to provide an abstract business event for the development of business processes which could apply RFID technology to the existing systems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.203-206
• /
• 2021

The article is devoted to the study of the problems of polygraphic research to obtain forensically significant information. An analysis of the legal basis for the use of the polygraph in Ukraine. Problematic issues concerning the appropriateness of using a polygraph in the investigation and detection of crimes have been studied. The domestic legal norms that regulate this issue, as well as foreign experience are analyzed. The article reveals the essence of the polygraph, the legal basis and requirements for its use. Attention is drawn to the main difficulties of using a polygraph and ways to solve them.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.35-42
• /
• 2013

Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.

• Journal of the Korea Convergence Society
• /
• v.10 no.1
• /
• pp.53-59
• /
• 2019

In this paper, we introduce the UTOPIA Smart City Security Management System which manages a user authentication for smart cities. Because the smart city management system should take care of huge number of users and services, and various kinds of resources and facilities, and they should be carefully controlled, we need a specially designed security management system. UTOPIA is a smart city system based on ICT(Information and Communication Technology), and it has a three tier structure of UTOPIA portal system, UTOPIA processing system and UTOPIA infrastructure system. The UTOPIA processing system uses the smart city middleware named SmartUM. The UTOPIA Smart City Security Management System is implemented in the application security layer, which is the top layer of the SmartUM middleware, and the infrastructure security layer, which is the lowest layer. The UTOPIA Smart City security management system is built on the premise that it supports all existing user authentication technologies. This paper introduces the application security layer and describes the authentication management in the application security layer.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.21 no.9
• /
• pp.95-100
• /
• 2007

The importance of communication security is increased in the power industry. The representative communication network of power industry is the SCADA(Supervisory Control and Data Acquisition) systems. The SCADA system has been used for remote measurement and control in the power industry. Recently, many studies of SCADA network security have been carried out around the world. In this paper, we introduce recent security issues in the SCADA network and propose the application of a symmetric encryption method to the Korea SCADA network.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.464-466
• /
• 2021

Currently, most companies have security solutions such as firewalls or WAF (Web Application Firewall) for web services, cloud systems, and data centers. Recently, as the need for remote access increases, the task of overcoming the security vulnerabilities of remote access control is becoming more important. In this paper, the concept of the network security model from the perspective of zero trust and the strategy and security system using it will be reviewed.