• Journal of Convergence for Information Technology
• /
• v.7 no.1
• /
• pp.35-42
• /
• 2017

In this paper, we propose to implement an integrated monitoring system using log data to reduce the load of analysis task of information security officer and to detect information leak in advance. To do this, we developed a transmission module between different model DBMS that transmits large amount of log data generated by the individual security system (MSSQL) to the integrated monitoring system (ORACLE), and the transmitted log data is digitized by individual and individual and researches about the continuous inspection and measures against malicious users when the information leakage symptom is detected by using the numerical data.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.2
• /
• pp.81-87
• /
• 2004

Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.96-101
• /
• 2005

Spotlighted as an innovative information technology environment, ubiquitous computing has been actively researched on recently. Especially, domestic and global researches focus on the RFID system, which is being eyed to replace the existing bar-code system. As an essential technology for ubiquitous computing, the RFID system can be applied for various purposes. The security issues of the RFID system focus on how the low-priced tag type could have reasonable price competitiveness. The Auto-ID Center in the U.S. is spearheading the research on distribution service and omni-directional security. As for Japan, the researches on omni-directional security and EPC application are necessary in securing the technology for ubiquitous computing with support from the Ministry of Public Management Home Affairs, Posts, and Telecommunication. In this paper, a method of ensuring the availability of the RFID system service will be presented based on the ubiquitous computing environment with the existing omni-directional security and user-friendly interface. While the existing researches focus on the RF reader system and tag-based security, this paper's suggestion also considers the availability of a sen ice to suggest ways of increasing the practical usage of a low-priced RF tag.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.

• Annual Conference of KIPS
• /
• 2002.11b
• /
• pp.1043-1046
• /
• 2002

서바이벌 스토리지 시스템(Survivable Storage System)은 데이터의 가용성 및 보안성을 높이기 위해 여러 가지 분할 복제 기법들을 사용한다. 이러한 기법들을 정보의 중요도를 고려하지 않고 모든 데이터에 일괄적으로 적용하면, 시스템의 성능면에서 비효율적이다. 본 논문은 이를 해결하기 위해 정보의 중요도별로 다른 정보 분할 기법(IDS : Information Dispersal Scheme)를 적용하는 레벨 단위 데이터 분할 프로토콜을 제안하고 그 성능을 평가한다. 그 결과 제안된 방식은 정보의 중요도가 높을수록 데이터의 실질적인 가용성 및 보안성을 증가시킨다는 것을 볼 수 있다.

• Journal of Information Technology Applications and Management
• /
• v.13 no.4
• /
• pp.141-153
• /
• 2006

According to supply of super high way internet service, importance of security becomes more emphasizing. Therefore, flawless security solution is needed for blocking information outflow when we send or receive data. large enterprise and public organizations can react to this problem, however, small organization with limited work force and capital can't. Therefore they need to elevate their level of information security by improving their information security system without additional money. No hackings can be done without passing invasion blocking system which installed at the very front of network. Therefore, if we manage.isolation log effective, we can recognize hacking trial at the step of pre-detection. In this paper, it supports information security manager to execute isolation log analysis very effectively. It also provides isolation log analysis module which notifies hacking attack by analyzing isolation log.

• International Journal of Computer Science & Network Security
• /
• v.21 no.1
• /
• pp.184-191
• /
• 2021

The amount of information and data in the digital era is increasing tremendously. Continuous online connectivity is generating a massive amount of data that needs to store in computers and be made available as and when required. Cloud computing technology plays a pivotal role in this league. Cloud computing is a term that refers to computer systems, resources and online services that aim to protect and manage data in an effective, more efficient and easy way. Cloud computing is an important standard for maintaining the integrity and security of sensitive data and information for organizations and individuals. Cloud security is one of the most important challenges that the security of the entire cloud system depends on. Thus, the present study reviews the security challenges that exist in cloud computing, including attacks that negatively affect cloud resources. The study also addresses the most serious threats that affect cloud security. We also reviewed several studies, specifically those from 2017-20, that cited effective mechanisms to protect authentication, availability and connection security in the cloud. The present analysis aims to provide solutions to the problems and causes of cloud computing security system violations, which can be used now and developed in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.113-121
• /
• 2015

This research suggests construction processes and security solutions for security control center as management measures for security management improvement in domestic electronic security companies. Security control center (SCC) is the central nerve of electronic security service, and no matter how well the on-site response system has been built, if SCC ceases to work due to an incident or disaster or security control personnel are harmed, the electronic security system cannot perform its proper functions. It is divided to a spatial structure, the infrastructure, control equipment, control solutions and operating structure in a construction process in the security control center. And a solution can be presented for physical security, information security, and personnel security in the way to security solutions.