• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2084-2100
• /
• 2020

Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.

• Korean Security Journal
• /
• no.5
• /
• pp.89-108
• /
• 2002

The prospect of security services industries is as followings. First, integrated security system will be increased in the security service sphere of collective housing such as apartments. Second, the needs to security services with high-tech electronic security system and systematic security service against crimes will be increased. Third, the needs to crime prevention and disaster prevention service including information security service by means of internet and information and communication technology will be increased. Fourth, perhaps domestic market of security service will be reshaped in relation with localization trend and entrance of foreign security service companies to our country. With these conclusions I think that the departments of universities related to security services will focus on their social roles.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2000.05a
• /
• pp.320-324
• /
• 2000

In this paper we propose and realize the large scale multimedia security system that one janitor control many rooms in many building on multimedia. We Study the system that one watch janitor lots of rooms and lots of buildings the same time, and store the trespasser's moving cource in Database for understanding his action pattern using computer vision technology, but the relational system cannot solve the problem that the trespasser disjoint the security system on sensing method and the system watch only one room or one building.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.39-45
• /
• 2024

The purpose of security control in the public sector is to secure the safety of administrative services for the public by preventing resource loss or information infringement in information systems and information and communication networks. The security control system is a process that performs real-time detection, analysis, response, and reporting through system vulnerability analysis and security system detection pattern optimization. This study aims to objectively identify the current situation of the mismatch between the supply and demand of cyber security control centers currently in operation and specialized security control companies that can be entrusted to operate them, and to derive and propose practical and institutional improvement measures. Considering that the operation of security control centers in the public sector is expected to increase in the future, research on the practical supplementation required for the operation process of security control centers and the improvement of the designation system of security control specialized organizations has fundamental and timely significance, and it is an area that requires continuous research in terms of strategic industrialization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.61-76
• /
• 2002

To ensure PKI systems' reliability, the security for PKI systems evaluation is required. But, unfortunately, the systematic security evaluation and certification of PKI systems is insufficient. In Korea, Firewall and intrusion detection system's security evaluation and certification has been enforced, but research of PKI systems’ evaluation is insufficient. This paper provides a PKI system evaluation criteria. This paper specifies a 7 level of the functional and assurance security requirements for a PKI system. And this PKI system evaluation criteria provides a compatibility with CC(Common Criteria) and KISES(Korea Information Security Evaluation Systems).

• Journal of Electrical Engineering and information Science
• /
• v.2 no.6
• /
• pp.162-166
• /
• 1997

A message server have two basic functionalities, a server role for processing the processing the user environment as well as an entity role for transferring message to other entity in message system environment. The user who is going to send and receive his important information really wants to keep his own security requests. To satisfy this requirement, message server must be enforced by two seperated security policies- one for message processing security policy under department's computer working environment, the other for send/receive security policy under message system's communication path environment. Proposed access control model gurantees the user's security request by combining constrained server access control and message system access control with multi upper bound properties which come from inheritance attributes of originating user security contexts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.3-12
• /
• 2004

Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.153-168
• /
• 2013

Information security has been a major concern in organizations. The longstanding question of how to improve employees security behaviors and reduce human errors remains unanswered and requires further exploration in the information security domain. To do this, we propose a risk compensation theory-based model and examine the model. Research results shows that the relationships between information security countermeasures and information security compliance intention of employees are moderated by system vulnerability. However, the finding is contrary to the previously held risk compensation assumption and deserve further study. In addition, system quality does not play a moderator role in the relationship. Conclusions and implications are discussed.