• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1319-1328
• /
• 2018

A blockchain system developed for crypto-currency has attractive characteristics, such as de-centralization, distributed ledger, and partial anonymity, making itself adopted in various fields. Among those characteristics, partial anonymity strongly assures privacy of users, but side effects such as abuse of crime are also appearing, and so countermeasures for circumventing such abuse have been studied continuously. In this paper, we propose a machine-learning based method for classifying smart contracts in Ethereum regarding their functions and design patterns and for identifying user behaviors according to them.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.201-202
• /
• 2014

In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits.

• Annual Conference of KIPS
• /
• 2021.11a
• /
• pp.28-31
• /
• 2021

컴퓨팅 시스템에서는 특정 프로세스가 반드시 필요한 상황이 아님에도 불구하고 메모리에 상주하며 구동되고 있는 경우가 존재한다. 이러한 상주형 프로세스는 해당 프로세스를 사용하지 않고 있을 때에도 리소스를 점유하며 구동되어서 리소스 활용 효율성을 저하시킨다는 문제가 있다. 또한, 어떤 상주형 프로세스들은 자신이 종료되는 것을 방지하는 메커니즘이 적용되어 있어서 종료되지 않은 상태로 컴퓨터의 리소스를 지속적으로 소모한다는 문제가 있다. 따라서 이러한 문제점들을 개선하기 위해 상주형 프로세스들의 리소스를 효율적으로 제어 및 관리할 수 있는 방안이 필요하다. 본 논문에서는 Linux Signal과 Control group namespace를 활용하여 리눅스 운영체제에서 구동 중인 프로세스의 자원을 효율적으로 오케스트레이션 할 수 있는 p-Fusebox 프레임워크를 제안한다. 우리의 실험결과에 따르면 p-Fusebox를 사용하였을 때 1시간 동안의 메모리 누적사용량이 약 38% 감소함을 확인할 수 있었다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.328-330
• /
• 2022

Currently, the Metaverse is introduced in various fields, and a virtual convergence economy that uses NFTs for content or item transactions is expected to develop into a 'metaverse environment'. The 'metaverse environment' will lead the changes in our society in the future and it will be fused with AI, big data, cloud, IoT, block chain, and next-generation network technology. However, personal information, device information, and behavior information provided by Metaverse users to use the service are subject to major attacks. Therefore, in order to provide a safe environment for users to use and to expand the business base of related companies, building a public-private cooperation system and developing a security guide are the leading tasks. Therefore, in this study, we compare and analyze metaverse features and technologies, and examine possible security threats and countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.973-983
• /
• 2016

It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1425-1435
• /
• 2019

The expanded application of digital controls has raised the issue of cyber security for nuclear facilities. To cope with this, the cyber security technical standard RS-015 for Korean nuclear facilities requires nuclear system developers to apply security functions, analyze known vulnerabilities, and test and evaluate security functions. This requires the development of procedures and methods for testing the suitability of security functions in accordance with the nuclear cyber security technical standards. This study derived the security requirements required at the device level by classifying the details of the technical, operational and administrative security controls of RS-015 and developed procedures and methods to test whether the security functions implemented in the device meet the security requirements. This paper describes the process for developing security function compliance test procedures and methods and presents the developed test cases.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.16 no.9
• /
• pp.893-900
• /
• 1991

And this system is compared with past knapsack system by implementation of low density attack in Brickell and Lagarias, Odlyzko’s method. Also the VLSI architecture for parallel implementation of this linearly shift knapsack system is presented

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.3
• /
• pp.754-766
• /
• 1997

In this paper,we implement the Audit Trail Service Sydtem for the EDI Security.It has solved a law dispute between enterprises by informations that have generated by the EDI serice systrm.The audit trail service sys-tem implemented for EDI security satisfied the requirements of audit and the protocol of the security serive of X.435 and X.400.The EDI Security Audit System consists of the event discrimiator,the audit recirder,the audit archiver,and the provider of audit services .The event discriminator classified the reansmitted data from the EDI network ot audit sercices.The audit recorder constructs an index that has combined time information wiht audit unformations which are classified by the event discriminator.ZThe audit archiver performas the vacumming of added audit imformations by passing time by passing time.The audit provider is a module that carries out the audit trail servies by using stored audit informations. The audit provider suports audit servies,which are non-requdiation,proof and probe,controller of security,and accesing infrimation.The audit trail service system for EDI security constructs audit information by using index that is combining time imfromation,so it supports especially fast accesing audit information.

• Smart Media Journal
• /
• v.11 no.3
• /
• pp.54-61
• /
• 2022

With the increase in the types of information systems managed by public institutions and companies, a security certification system is being implemented in Korea to quickly respond to vulnerabilities that may arise due to insufficient security checks. The korea security evaluation system, such as ISMS-P, performs a systematic security evaluation for each category by dividing the categories for technical inspection items. NIST in the United States has developed SCAP that can create security checklists and automate vulnerability checks, and the security checklists used for SCAP can be written in OVAL. Each manufacturer prepares a security check list and shares it through the SCAP community, but it's difficult to use it in Korea because it is not categorized according to the korea security evaluation system. Therefore, in this paper, we present a mechanism to categorize the OVAL definition, which is an inspection item written in OVAL, to apply SCAP to the korea security evaluation system. It was shown that 189 out of 230 items of the Red Hat 8 STIG file could be applied to the korea security evaluation system, and the statistics of the categorized Redhat definition file could be analyzed to confirm the trend of system vulnerabilities by category.

• Journal of information and communication convergence engineering
• /
• v.4 no.1
• /
• pp.13-17
• /
• 2006

In this paper a design and implementation method of remote control system for automobile is presented. For this, we used the Bluetooth technology for remote and wireless communications and microcontroller for system control. By using these techniques, we can design and implement automobile remote control system to improve data error rate, security and application.