• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.471-478
• /
• 2013

Industrial control system was designed mainly in the form of analog in early days. However, necessity of digital system engineering is increasing recently because systems become complicated. Consequently, stability of digital systems is improved so most industrial control systems are designed with digital. Because Using digital design of Industrial control system is expanded, various threatening possibilities such as penetration or destruction of systems are increasing enormously. Domestic and overseas researchers accordingly make a multilateral effort into risk analysis and preparing countermeasures. In this paper, this report chooses common security requirement in industrial control system and nuclear control system through relevant guidelines analysis. In addition, this report suggests the development plan of nuclear cyber security system which will be an essential ingredient of planning approvals.

• Proceedings of the KIEE Conference
• /
• 2007.04a
• /
• pp.163-165
• /
• 2007

Recently, the security requirements of the embedded system which were not considered when the embedded system is independently deployed are being increased because the embedded system is connected to an internet. The connection to the internet of embedded system is the meaning that it is exposed to the various kinds of external attack and can be a victim to these attacks in anytime. Particularly, it is trend that the user-related information is stored into the personal terminals and/or electrical appliances such as PDA, home gateway for home network, settop boxes and so on. So it is needed the security mechanism which protects the user information from the malicious accesses. Accordingly, the coverage of the system security is being expanded from the general server to the embedded system. And it is not enough that the embedded system supports only its inherent functions and it becomes the essential element to provide the security function to the embedded system. This paper applies the RBAC(role-based access control) function to the embedded linux OS and tries to strengthen the security of the embedded linux OS. RBAC is implemented as a loadable kernel module with LSM(Linux Security Module) security framework for user's flexibility.

• Journal of the Society of Disaster Information
• /
• v.4 no.1
• /
• pp.154-174
• /
• 2008

Korean public power isn't currently performing its duties of crime prevention or public security services as effectively as the people expect from it due to excessive work load, insufficient budget, and equipment or work force problems, although it should protect the people from increasing crimes. The mutual cooperation between the police and the private security firms can' t be enhanced unless both parties are involved. Above all, the private security companies should secure superior security personnel and provide them with systematic education and training to improve their qualities. The police should also make an effort. In order to foster the private security firms soundly, the police should improve the system if necessary, and establish, guide and monitor the department wholly responsible for the private security affair. Both parties also should deal with crimes systematically by exchanging information for crime prevention, having informal meetings and introducing a joint patrol system. In order to cope with crimes threatening the livelihood of the people in our society, the public and private securities' mutual cooperation plans should be formulated. For this purpose to be achieved, the private security firms and the police should understand each other and bilateral efforts should be made. If both parties understand each other and make an effort, the relationship between them will be improved greatly and developmental plans for preventing crimes can be made.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.919-943
• /
• 2019

Distributed ledger technology, which is attracting attention as an emerging technology related to the 4th Industrial Revolution, is implemented as an open source based distributed ledger technology system and widely used for development with various applications (or services), but the security functions provided by the distributed general ledger system are very insufficient. This paper proposes security enhancements for distributed ledger technology systems based on open source. To do so, potential security threats that may occur under running an open source based distributed ledger technology systems are identified and security functional requirements against the security threats identified are provided by analyzing legislation and security certification criteria (ISMS-P). In addition, it proposes a method to implement the security functions required for an open source based distributed ledger technology systems through analysis of security functional components of Common Criteria (CC), an international standard.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.525-528
• /
• 2006

최근 전자투표 시스템에 대한 투표자의 신뢰성을 높이기 위해 영수증을 발급하는 기술에 대한 연구가 활발히 진행되고 있다. 전자투표 영수증은 투표자가 자신이 투표한 결과가 최종집계에 올바르게 반영되었음을 확인할 수 있어야 하며, 매표 방지 기능도 함께 가지고 있어야 한다. 본 논문에서는 기존의 연구되었던 기술 중에서 일반 용지 및 프린터를 이용하여 검증 가능한 영수증을 발급하는 전자투표 시스템을 구현하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.484-510
• /
• 2017

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

• Asia pacific journal of information systems
• /
• v.31 no.2
• /
• pp.236-256
• /
• 2021

Online financial technology products are an important consumer finance innovation. While a large body of previous research has focused on initial adoption and consumer willingness to use these products, little research explores the continued use of these products beyond the initial adoption phase. In particular, special attention should be paid to how users' trust and perceptions of privacy and security affect continued use behavior. This paper integrates the expectation confirmation model of information system continuance (ECM-ISC), the information system success model (ISSM) and the security and trust literatures to investigate continued use of online financial technology. To test the research model, we collected 398 valid questionnaires from Ant Credit Pay users. The research results show that system and service quality positively impact users' expectation confirmation, while information quality has no significant impact. Expectation confirmation and perceived usefulness positively affect user satisfaction. Moreover, the user's perception of privacy and security plays a vital role in user satisfaction. Satisfaction and perceived trust jointly promote users' continuance behaviors. Findings of this study indicates the importance of the information system success factors and security factors due to their influence on the continued use of Fintech products. This conclusion has implications for enterprises in improving the product qualities and enhancing the degree of security to meet user needs.

• Journal of Information Processing Systems
• /
• v.9 no.1
• /
• pp.157-172
• /
• 2013

There are many recommendation systems available to provide users with personalized services. Among them, the most frequently used in electronic commerce is 'collaborative filtering', which is a technique that provides a process of filtering customer information for the preparation of profiles and making recommendations of products that are expected to be preferred by other users, based on such information profiles. Collaborative filtering systems, however, have in their nature both technical issues such as sparsity, scalability, and transparency, as well as security issues in the collection of the information that becomes the basis for preparation of the profiles. In this paper, we suggest a movie recommendation system, based on the selection of optimal personal propensity variables and the utilization of a secure collaborating filtering system, in order to provide a solution to such sparsity and scalability issues. At the same time, we adopt 'push attack' principles to deal with the security vulnerability of collaborative filtering systems. Furthermore, we assess the system's applicability by using the open database MovieLens, and present a personal propensity framework for improvement in the performance of recommender systems. We successfully come up with a movie recommendation system through the selection of optimal personalization factors and the embodiment of a safe collaborative filtering system.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.81-88
• /
• 2015

Recently the Security fields is emerged as a important issue in the world, While a variety of techniques such as a Cloud Computing or a Internet Of Things appeared. In these circumstances, The domestic security fields are divided into the Information Security, the Physical Security and the Convergence Security. and among these security fields, Convergence security is attracted much attention from various industries. the classification systems of a new field Convergence Security has become a very important criteria such about the Statistics calculation, the Analysis of status industry sector and the Road maps. However, In the domestic, The related institutions classified each other differently the Convergence Security Classification. so it is urgently needed a domestic security fields systematic classification due to the problems such as lack of reliability of the accuracy, compatibility of a data. Therefore, this paper will be analyzed to the characteristics of the domestic security classification systems by the cases. and will be proposed the newly improved classification system, to be possible to addition or deletion of an classification entries, and to be easy expanded according to the new technology trends. this proposed to classification system is expected to be utilized as a basis for the construct of a domestic security classification system in a future.