• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.139-150
• /
• 2021

Object orientation has become the predominant paradigm for conceptual modeling (e.g., UML), where the notions of class and object form the primitive building blocks of thought. Classes act as templates for objects that have attributes and methods (actions). The modeled systems are not even necessarily software systems: They can be human and artificial systems of many different kinds (e.g., teaching and learning systems). The UML class diagram is described as a central component of model-driven software development. It is the most common diagram in object-oriented models and used to model the static design view of a system. Objects both carry data and execute actions. According to some authorities in modeling, a certain degree of difficulty exists in understanding the semantics of these notions in UML class diagrams. Some researchers claim class diagrams have limited use for conceptual analysis and that they are best used for logical design. Performing conceptual analysis should not concern the ways facts are grouped into structures. Whether a fact will end up in the design as an attribute is not a conceptual issue. UML leads to drilling down into physical design details (e.g., private/public attributes, encapsulated operations, and navigating direction of an association). This paper is a venture to further the understanding of object-orientated concepts as exemplified in UML with the aim of developing a broad comprehension of conceptual modeling fundamentals. Thinging machine (TM) modeling is a new modeling language employed in such an undertaking. TM modeling interlaces structure (components) and actionality where actions infiltrate the attributes as much as the classes. Although space limitations affect some aspects of the class diagram, the concluding assessment of this study reveals the class description is a kind of shorthand for a richer sematic TM construct.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.34 no.3
• /
• pp.155-163
• /
• 2009

We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.241-257
• /
• 2003

XML is a global standard for the Internet and e-business, and its use is growing in proportion to the spreading speed of e-Commerce. Thus, a policy for providing more safe security service for exchanging e-documents within e-Commerce is necessary. XKMS, one of XML security specification, defines the protocol for distributing and registering public keys for verifying electronic signatures and enciphering e-documents of e-Commerce applications with various and complicate functions. In this paper, we propose X-KISS service reference model and implement service component based on standard specification. Also describes the analysis and security of XML key information service for safe e-Commerce, paying attention to the features of XML based security service. This reference model supported include public key location by given identifier information, the binding of such keys to identifier information. The client service component controls the number of locate threads and validate threads to analyze the minimum requirements of real-time key retrievals. This service modeling offers the security construction guideline for future domestic e-business frameworks.

• The Journal of Information Systems
• /
• v.25 no.3
• /
• pp.117-146
• /
• 2016

Purpose The purpose of this paper is to examine factors and mechanism inducing end users' faithful appropriation of information security behavior through the information security system. This study is also trying to find out the role of Employees' adaptive activities like learning and feedback seeking behavior for the information security in organizations. Design/methodology/approach An empirical study was carried out with a sample of employees working in the financial service company. Employees(n = 268) completed a written questionnaire. Structural equation modeling was used to analyze the data. Findings Results indicated that employees' learning activities and feedback seeking behavior fully mediated the effect of major information security factors toward end users' faithfulness of appropriation of information security systems. In order to increase the level of employees information security behavior in accordance with security guideline, organizations should facilitate interactions that support the feedback seeking process between employees on information security awareness and behavior. Additionally, organizations may reinforce these behaviors by periodical training and adopting bounty hunter systems.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.238-242
• /
• 2021

Game theory has been regarded as a useful theoretical tool for modeling the interactions between distinct entities and thus it has been harnessed in various research field. In particular, research attention has been shown to how to apply game theory to modeling the interactions between malign and benign entities in the field of wireless networks. Although various game theoretic modeling work have been proposed in the field of wireless networks, our proposed work is disparate to the existing work in the sense that we focus on mobile malign node detection problem in static wireless sensor networks. More specifically, we propose a Bayesian game theoretic modeling for mobile malign node detection problem in static wireless sensor networks. In our modeling, we formulate a two-player static Bayesian game with imperfect information such that player 1 is aware of the type of player 2, but player 2 is not aware of the type of player 1. We use four strategies in our static Bayesian game. We obtain Bayesian Nash Equilibria with pure strategies under certain conditions.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.989-998
• /
• 2005

Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system security needs, risk analysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by an information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evolved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assessing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplified, and intrusion data must be diagrammed using a modeling technique this paper, we propose a modeling technique information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.103-114
• /
• 2021

A conceptual model can be used to manage complexity in both the design and implementation phases of the system development life cycle. Such a model requires a firm grasp of the abstract principles on which a system is based, as well as an understanding of the high-level nature of the representation of entities and processes. In this context, models can have distinct architectural characteristics. This paper discusses model multiplicity (e.g., unified modeling language [UML]), model singularity (e.g., object-process methodology [OPM], thinging machine [TM]), and a heterogeneous model that involves multiplicity and singularity. The basic idea of model multiplicity is that it is not possible to present all views in a single representation, so a number of models are used, with each model representing a different view. The model singularity approach uses only a single unified model that assimilates its subsystems into one system. This paper is concerned with current approaches, especially in software engineering texts, where multimodal UML is introduced as the general-purpose modeling language (i.e., UML is modeling). In such a situation, we suggest raising the issue of multiplicity versus singularity in modeling. This would foster a basic appreciation of the UML advantages and difficulties that may be faced during modeling, especially in the educational setting. Furthermore, we advocate the claim that a multiplicity of views does not necessitate a multiplicity of models. The model singularity approach can represent multiple views (static, behavior) without resorting to a collection of multiple models with various notations. We present an example of such a model where the static representation is developed first. Then, the dynamic view and behavioral representations are built by incorporating a decomposition strategy interleaved with the notion of time.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.12C
• /
• pp.995-1003
• /
• 2010

The content-based hashing for authentication and copy protection of image, video and 3D model has to satisfy the robustness and the security. For the security analysis of the hash value, the modelling method based on differential entropy had been presented. But this modelling can be only applied to the image hashing. This paper presents the modelling for the security analysis of the hash feature value in 3D model hashing based on differential entropy. The proposed security analysis modeling design the feature extracting methods of two types and then analyze the security of two feature values by using differential entropy modelling. In our experiment, we evaluated the security of feature extracting methods of two types and discussed about the trade-off relation of the security and the robustness of hash value.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.3
• /
• pp.59-68
• /
• 2013

In this study, airport security check process is analyzed to modeling a simulation. Simulation is compared with real security system to verify. Utilizing verified simulation, spends time in the current security check is calculated and suggests alternatives. Considering the movement of passengers and security check system of all four cases the results yielded by the experiment. The results show that security check time decreased significantly to 20.8%. The simulation was developed in this study; including the introduction of a new security system at security check can be used as a decision support tool is expected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.451-463
• /
• 2019

The purpose of this study is to identify the effects of organizational conflict stages and job withdrawal intention of information security organizations. We applied Pondy's conflict theory and analyzed the case of information security workers in public enterprises. We found that the more information security workers emotionally accept the potential factors of organizational conflict, the higher the intention of job change of information security practitioner. On the other hand, the perception mechanism has a moderating effect of lowering the job change-out probability. The result of this study is expected that the manager of the organization will be able to utilize the conflict in the organizational direction.