• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.405-414
• /
• 2014

It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.145-154
• /
• 2014

In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.596-605
• /
• 2017

Recently, it has been pointed out that the lack of professional ethics of computer and security experts is serious as college students majoring in information security and insiders who are in charge of security work are involved in crimes after being tempted to cyber crimes. In this paper, we investigate and analyze the security ethics awareness and education situation of college students majoring in information security, and examine the security ethics education method for human resource development with personality and qualities. As the information society becomes more widespread, the ethics and occupational consciousness of the university students who are majoring in information security are recognized as lack of awareness and education about security ethics, As a solution to solve these problems, it is expected that it will be possible to nurture security experts who are aware of their vocation through the educational plan to enhance the security ethics of the information security major college students. According to the security ethics education system proposed in the paper, the security ethical consciousness of the group that received education was remarkably improved.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.717-720
• /
• 2004

Jini is a middle ware supposed in Sun Microsystems. The goal of lil is the establishment of dynamic distributed system, which can share information and control of other Jini technology-enabled services or devices in the same Jini system. Jini is one of the best middleware together UPnP and HAVi. Hone network security, soch as privacy protection, crime prevention, and etc, is very important. So Jini 2.0 adds security mechanism in 11. 2003. This paper describes the analysis of Jini 2.0 security mechanism, and home network security.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.729-732
• /
• 2003

Security and privacy issues complicate wireless local area network deployment. for a wired network, certain levels of security are maintained since access to the physical medium is restricted to the devices physically connected to the network. Though wireless local area networks offer some built-in security features, security breaches are possible if appropriate precautions are not taken. This paper describes security issues related to wireless local area networks and presents a software approach for restricting and controlling wireless access. The system authenticates users on the basis of identity, privileges and access hardware by distributed software agents that implement security policy and restrict unauthorized access.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.229-240
• /
• 2014

With increasing demands for security evaluation of side-channel resistance for crypto algorithm implementations, many equipments are developed at various research institutes. Indeed, commercial products came out for the purpose of evaluation and certification tool of security products. However, various types of security products exclusive a smart card make it difficult to implement a security evaluation system for them. In this paper, we describe implementation and characteristic of the side-channel evaluation boards of the KLA-SCARF, which is the project to develop domestic side-channel evaluation system. This report would be helpful for following researchers who intend to develop side-channel evaluation boards for other security devices.

• Nuclear Engineering and Technology
• /
• v.55 no.6
• /
• pp.2034-2046
• /
• 2023

Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

• Journal of information and communication convergence engineering
• /
• v.1 no.4
• /
• pp.213-216
• /
• 2003

A VPN is widely used in a communications environment which access is controlled to permit peer connections only within a defined community of interest. It is constructed through some form of partitioning of a common underlying communication medium, where this underlying communications medium provides services to the network on a non-exclusive basis. In this paper, we have analyzed a variety of architecture to implement Giga bps VPN system. The proposed architecture will satisfy the needs of clients who adopt Giga bps VPN system in the various environments.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.369-378
• /
• 2005

War simulation system is a virtual space that my tactical simulation exercise is held. The data used in this system are considered sensitive and needs to be protected. But suity vulnerabilities and possible security loopholes were not considered when designing the war game simulation system. So currently the systemis highly vulnerable against hackers and data leakages. This paper proposed a security system for war game simulation system based on considering the currently vulunerabilities and possible suity leakages. The proposed security system supports security patches. In this paper, we analyze vulunerabilities of the running environment of current system and we design and implement the security system that is consisted of three components : Authentication System, Encryption System and Network Security System. The security patches are safe and there are no negative effects on the system's performance. The patches are proved to be effective and very reliable towards solving the security vulnerabilities.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.119-124
• /
• 2017

Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.