Browse > Article

Design and Implementation of Information Security System to Prevent Leakage of Drawing Information  

Chang, H.B. (소프트캠프(주) 정보보안기술연구소)
Lee, H.S. (아이오와 주립대학교)
Abstract
Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.
Keywords
CAD Security; Virtual Secure Disk; Application Access Control; Application Programming Interface Hooking; System Service Table Hooking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 이기동, 김준우, '디지털 콘텐츠 정보보호를 위한 저작권 관리시스템 설계 및 구현', 경영정보학연구, 제13권, 제4호, 2003
2 Basie Von Solms, 'Information Security Governance: COBIT or ISO 17799 or Both?', Computer & Security, Vol. 24, 2005
3 Rajeev Nagar, 'Windows NT File System Internals : A Developer's Guide' O'Reilly & Associates, 1997
4 Lee, Y. H. and Hwang, D. J., 'Design and Implementation of Agent Based Dynamic Digital Rights Management', Journal of Information Processing Association, D. Vol. 8D, No.5, October 2001, pp. 613-622   과학기술학회마을
5 정연찬, 박준철, 'CAD/CAM 응용 소프트웨어 개발을 위한 형상 커널 개발', 제6권, 제4호, 2001
6 염근철, 이세정, '다양한 소프트웨어 개발환경에서의 최적설계 프레임 웍', CAD/CAM학회논문지, 제10권, 제5호, 2005
7 Chechanowicz, Z., 'Risk Analysis: Requirements, Conflicts and Problems', Computer & Security, Vol. 16, 1997
8 Green, R., 'CAD Manager: Drawing Security', Cadalyst, 2005
9 Edward N. Deker and Joseph M. Newcomer, 'Developing Windows NT Device Drivers: A Programmer's Handbook', Addison-Wesley, 1999
10 Otwell, K. and B. Aldridge, 'The Role of Vulnerability in Risk Management', IEEE Proceedings of the 5th Annual Computer Security Applicant Conference, pp. 32-38, 1989
11 Marianthi Theoharidou, Spyros Kokolakis Maria Karyda, Evangelos Kiountouzis, 'The Insider Threat to Information Systems and the Effectiveness of ISO17799', Computer & Security, Vol. 24, 2005
12 Eloff, J. and M. Eloff, 'Information Security Management - A New Paradigm', Proceedings of SAIC-SIT, 2003