• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.1-14
• /
• 2015

To conform to new emerging computing paradigm, various researches and challenges are being done. New information technologies make easy to access and acquire information in various ways. In other side, however, it also makes illegal access more powerful and various threat to system security. In this paper, we suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules, based on their semantic information. New method is to derive security policy rules using context tree structure and to control the exceed granting of privileges through the degree of the semantic discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.371-382
• /
• 2022

The trend of Bring Your Own Device (BYOD) is gaining popularity all over the world with its innumerable benefits such as financial gain, greater employee satisfaction, better job efficiency, boosted morale, and improved flexibility. However, this unstoppable and inevitable trend also brings its own challenges and risks while managing and controlling corporate data and networks. BYOD is vulnerable to attacks by viruses, malware, or spyware that can reach sensitive data and disclose information, modify access policies, disrupt services, create financial issues, minimise productivity, and entail some legal implications. The key focus of this research is how Saudi Arabia has approached BYOD with the help of their 5-step solution model and quantitative research methodology. The result of this study is a statement about what users know about this trend, their opinions about it, and suggestion to increase the employee awareness.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.99-107
• /
• 2021

With the recent establishment of a ubiquitous-based medical and healthcare environment, the medical information system for obtaining situation information from various sensors is increasing. In the medical information system environment based on context-awareness, the patient situation can be determined as normal or emergency using situational information. In addition, medical staff can easily access patient information after simple user authentication using ID and Password through applications on smart devices. However, these services of authentication and patient information access are staff-oriented systems and do not fully consider the ubiquitous-based healthcare information system environment. In this paper, we present a authentication service model based context-awareness system for providing situational information-driven authentication services to users who access medical information, and implemented proposed system. The authentication service model based context-awareness system is a service that recognizes patient situations through sensors and the authentication and authorization of medical staff proceed differently according to patient situations. It was implemented using wearables, biometric data measurement modules, camera sensors, etc. to configure various situational information measurement environments. If the patient situation was emergency situation, the medical information server sent an emergency message to the smart device of the medical staff, and the medical staff that received the emergency message tried to authenticate using the application of the smart device to access the patient information. Once all authentication was completed, medical staff will be given access to high-level medical information and can even checked patient medical information that could not be seen under normal situation. The authentication service model based context-awareness system not only fully considered the ubiquitous medical information system environment, but also enhanced patient-centered systematic security and access transparency.

• Journal of Computing Science and Engineering
• /
• v.12 no.1
• /
• pp.12-23
• /
• 2018

The Internet of Things (IoT) ecosystem potentially includes heterogeneous devices with different processing mechanisms as well as very complicated network and communication models. Thus, analysis of data associated with adverse conditions is much more complicated. Moreover, mobile things in the IoT lead to dynamic alteration of environments and developments of a dynamic and ultra-large-scale (ULS) environment. Also, IoT and the services provided by that are mostly based on devices with limited resources or things that may not be capable of hosting conventional controls. Finally, the dynamic and heterogeneous and ULS environment of the IoT will lead to the emergence of new security requirements. The conventional preventive and diagnostic security controls cannot sufficiently protect it against increasing complication of threats. The counteractions provided by these methods are mostly dependent on insufficient static data that cannot sufficiently protect systems against sophisticated and dynamically evolved attacks. Accordingly, this paper investigates the current security approaches employed in the IoT architectures. Moreover, we define the dynamic security based on dynamic event analysis, dynamic engineering of new security requirements, context awareness and adaptability, clarify the need for employment of new security mechanism, and delineate further works that need to be conducted to achieve a secure IoT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.541-548
• /
• 2017

The smartphone operates the media server daemon to handle audio service requests. Media server daemons, running with a high privilege in the background, caused many vulnerabilities to applications most frequently used in smart devices including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities. Unfortunately, fuzzing itself is not much effective in such format-strict environments as media services. In this paper, we propose a file format-aware fuzzing in order to efficiently detect vulnerabilities of media server daemon. We acquired a remote arbitrary code execution vulnerability on iOS/tvOS/MacOS/watchOS, and we verified the effectiveness by comparing our methodology with the fuzzers FileFuzz and ZZUF.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.267-279
• /
• 2017

This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.332-346
• /
• 2022

Digital transformation represents one of the main obstacles facing several government, private, and non-profit sectors that help stabilize digital transformation in the Arabic region. One of the helpful ways to improve the level of freedom, productivity, and flexibility among employees to accept the BYOD approach is using their own devices to perform their work both in and outside the workplace. This study focuses to present the differences between the main three economic sectors, which represent the most important pillars of the economy in Saudi Arabia within the Kingdom's Vision 2030. BYOD also has great importance to the stakeholders for raising their awareness by expressing the implications, if the concept of BYOD is widely and correctly adopted. The study uses the diffusion of innovation (DOI) framework and quantitative analysis data to determine the main dimensions and important factors that help increase the awareness of the target audience. The number of participants in this study was 830, and the participants are mixing between the government, private, and non-profit sectors. The main findings showed a significant impact of several factors such as the importance of knowledge, ease of use, employee satisfaction, risk awareness, and attention to increase the level of acceptance in three main sectors study for using the BYOD approach widespread and professional use.

• Journal of Information Processing Systems
• /
• v.2 no.1
• /
• pp.28-33
• /
• 2006

The initial research of Task Computing in the ubiquitous computing (UbiComp) environment revealed the need for access control of services. Context-awareness of service requests in ubiquitous computing necessitates a well-designed model to enable effective and adaptive invocation. However, nowadays little work is being undertaken on service access control under the UbiComp environment, which makes the exposed service suffer from the problem of ill-use. One of the research focuses is how to handle the access to the resources over the network. Policy-Based Access Control is an access control method. It adopts a security policy to evaluate requests for resources but has a light-weight combination of the resources. Motivated by the problem above, we propose a universal model and an algorithm to enhance service access control in UbiComp. We detail the architecture of the model and present the access control implementation.