• Title/Summary/Keyword: information security system

Search Result 6,591, Processing Time 0.035 seconds

Analysis of Usage Patterns and Security Vulnerabilities in Android Permissions and Broadcast Intent Mechanism (안드로이드 권한과 브로드캐스트 인텐트 매커니즘의 사용 현황 및 보안 취약성 분석)

  • Kim, Young-Dong;Kim, Ikhwan;Kim, Taehyoun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1145-1157
    • /
    • 2012
  • Google Android employs a security model based on application permissions to control accesses to system resources and components of other applications from a potentially malicious program. But, this model has security vulnerabilities due to lack of user comprehension and excessive permission requests by 3rd party applications. Broadcast intent message is widely used as a primary means of communication among internal application components. However, this mechanism has also potential security problems because it has no security policy related with it. In this paper, we first present security breach scenarios caused by inappropriate use of application permissions and broadcast intent messages. We then analyze and compare usage patterns of application permissions and broadcast intent message for popular applications on Android market and malwares, respectively. The analysis results show that there exists a characteristic set for application permissions and broadcast intent receiver that are requested by typical malwares. Based on the results, we propose a scheme to detect applications that are suspected as malicious and notify the result to users at installation time.

Design of RFID System for User's Authentication Under Ubiquitous Surroundings

  • Kim, Dae-Yoo;Kim, Jung-Tae
    • Journal of information and communication convergence engineering
    • /
    • v.5 no.2
    • /
    • pp.136-139
    • /
    • 2007
  • In this paper we will discuss a general idea about an information system which provides information a user really needs in user's authentication. We will discuss how RFID could be applied for this kind of system especially from the standpoint of using RFID as a way to collect information of personal belongings. Also we will discuss security issues of using RFID as a component of the proposed system because while RFID could provide usefulness, it could also be very dangerous for revealing private information without user's awareness.

A study on the Extension of Information Ethics and Security Area of ISST - Forcused on a Information Teacher - (ISST 정보윤리.보안 영역 확장에 관한 연구 "교육정보담당교사를 중심으로\lrcorner$)

  • 권소화;안성진
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.167-172
    • /
    • 2004
  • In the process of presenting the additional criteria, ISST, developed to evaluate teachers' capacity of applying information, suggests the criteria without considering teacher's own task. Information Ethics and Security Model is made up of two parts. In one part, it deals with four areas concerning with Information Ethics evaluation to measure the sensibility of Information Ethics of Information Teacher In another part, it is divided Information Security Evaluation into three areas which estimate technical method to secure the information system tying in the environment of information-oriented education.

  • PDF

An Enhanced System of Group Key Management Based on MIPUF in IoT (IoT 환경의 MIPUF 기반 그룹키 관리 시스템 개선)

  • Tak, Geum Ji;Jeong, Ik Rae;Byun, Jin Wook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1243-1257
    • /
    • 2019
  • With the emergence of the IoT environment, various smart devices provide consumers with the convenience and various services. However, as security threats such as invasion of privacy have been reported, the importance of security issues in the IoT environment has emerged, and in particular, the security problem of key management has been discussed, and the PUF has been discussed as a countermeasure. In relation to the key management problem, a protocol using MIPUF has been proposed for the security problem of the group key management system. The system can be applied to lightweight IoT environments and the safety of the PUF ensures the safety of the entire system. However, in some processes, it shows vulnerabilities in terms of safety and efficiency of operation. This paper improves the existing protocol by adding authentication for members, ensuring data independence, reducing unnecessary operations, and increasing the efficiency of database searches. Safety analysis is performed for a specific attack and efficiency analysis results are presented by comparing the computational quantities. Through this, this paper shows that the reliability of data can be improved and our proposed method is lighter than existing protocol.

The Recommendation of Controls for Hospital Information System Using CRAMM: Case Studies of Two Korean Hospitals

  • Moon, Song-Chul;Han, In-Goo;Lee, Sang-Jae
    • Korean Management Science Review
    • /
    • v.17 no.1
    • /
    • pp.145-158
    • /
    • 2000
  • The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individual's life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agency's Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.

  • PDF

Information Security Management in e-Learning Service Using System Thinking (시스템 사고를 이용한 이러닝 서비스의 정보보호관리)

  • Lee, Jun-Hee
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2011.06a
    • /
    • pp.359-362
    • /
    • 2011
  • 본 논문에서는 시스템 사고를 이용한 이러닝 서비스의 정보보호관리를 제안하였다. 이러닝 활용이 증가되면서 이러닝 시스템에 불법적인 접근을 통한 정보의 유출, 변조, 삭제 등 다양한 위협 요인도 병존하고 있기 때문에 정보자산에 대한 위협 및 위험요소에 대한 체계적인 대책과 지속적인 관리의 중요성이 지속적으로 증가하고 있다. 현재 이러닝 운영 기관에서 정보자산을 보호하기위해 다양한 정보보호 활동과 노력을 하고 있으나, 하루가 다르게 변화하고 있는 IT 환경에서는 조직의 운영 환경과 여건에 맞게 정보자산을 보호하기 위해서 시스템 사고를 활용한 동태적인 관리가 종합적이고 지속적인 정보보호관리체계 수립을 위해서 필요하다.

  • PDF

Infocommunication Technologies In Education: Problems Of Implementation

  • Rebenok, Vadym;Al-Namri, Roza;Butko, Oleksandr;Fedorenko, Viktoriia;Tereshchenko, Olha;Tsimokh, Nataliia
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.41-44
    • /
    • 2021
  • This article proposes to consider the experience of using information and communication technologies in educational processes and social practices of Ukrainian universities. The history of the introduction of information and communication technologies in the development of the higher education system is considered, the system of organizing the information space of universities is investigated. The distinctive features of the structure of a single information space, as well as distance e-learning technologies are highlighted. Empirical material obtained in the course of sociological research is used to discuss specific examples of the use of ICT in universities.

Effective measures for the regulation and supervision of encryption of unique identification information of financial companies (금융회사의 고유식별정보 암호화 규제·감독에 대한 실효성 확보 방안)

  • Lee, Seung Yun;Kim, In Seok
    • Convergence Security Journal
    • /
    • v.18 no.5_1
    • /
    • pp.3-9
    • /
    • 2018
  • The purpose of this study is to propose effective countermeasures against the regulation and supervision of unique identification information for financial institutions and present the present problems and future directions. In financial institutions, it is investigated that DB system of many personal information processing systems is in order to comply with the law, and additional measures such as encryption are required for data files containing unique identification information in many other application systems. In this paper, the conclusions of institutional, administrative, and technological feasibility are presented.

  • PDF

Design and Implementation of Web-based Electronic Bidding System using XML (웹 기반의 XML을 활용한 전자 입찰 시스템의 설계 및 구현)

  • 윤선희
    • The Journal of Information Systems
    • /
    • v.10 no.1
    • /
    • pp.127-146
    • /
    • 2001
  • The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and server, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority(CA).

  • PDF

Effects of the Recognition of Business Information Protection Activities in Ranks on Leaks of Industrial Secretes (직위에 따른 기업정보보호활동인식이 산업기밀유출에 미치는 영향)

  • Choi, Panam;Han, Seungwhoon
    • Journal of the Society of Disaster Information
    • /
    • v.11 no.4
    • /
    • pp.475-486
    • /
    • 2015
  • The objective of this study is to analyze control factors in protecting activities of business information that affects the effects of protecting leaks of industrial secretes during business security works in the ranks of staffs. A regression analysis was implemented by 36 items of protecting activities of information and 10 items of preventing industrial secretes for a total of 354 users and managers who use internal information systems in governments, public organizations, and civilian enterprises. In the recognition of protecting activities of business information that affects the prevention of controlling industrial secretes, clerks showed recognitions in physical control, environmental control, and human resource control, and software control and assistant chiefs showed recognitions in hardware control and environmental control. Also, ranks of department managers and higher levels represented recognitions in security control activities. It showed that clerks, assistant chiefs, and above department managers show effects of technical control factors on protecting activities of industrial secretes but section chiefs represent system control factors in preventing industrial secretes.