• Journal of the Korea Society of Computer and Information
• /
• v.27 no.2
• /
• pp.107-114
• /
• 2022

Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.

• Journal of Industrial Convergence
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2021

Today, people share information and communicate with others using various information and communication media such as e-mail, smartphones, SNS, etc. However, it is being used in malicious attacks to send a large amount of illegal spam or to use it for fraud by using illegally collected personal information and devices that are vulnerable to security. Illegal spam, smishing, and fraudulent mail(SCAM) cause a lot of direct and indirect damage to companies and users, including not only social costs such as mental fatigue, but also unnecessary consumption of IT infrastructure resources and economic losses. Although there are regulations related to spam, violators of the law are still on the rise by circumventing the law, and victims are constantly occurring, so it is necessary to review what the problem is. This study examined domestic and foreign spam-related regulations and spam-related response activities, identified problems, and suggested improvement countermeasures. Through this study, it was intended to suggest directions for improving spam-related systems in order to block illegal spam and prevent fraudulent damage.

• Journal of Advanced Navigation Technology
• /
• v.26 no.5
• /
• pp.289-303
• /
• 2022

The purpose of this study verify to influence the effect of the 4th industrial revolution recognized by airport operators on the airport management system and the moderator effects of convergence and leadership between these influence relationships. Data collected through a survey of airport operators using simple random sampling at six international airports in Korea. Data analysis performed using Structural Equation Modeling. The research results found that the 4th industrial revolution had a positive effect on the airport management system. Also, moderator effects of convergence and leadership found significant statistically. In this paper, we asserts that it should be reconstructed the airport management system as a system suitable for the era of the 4th industrial revolution. This paper provide theoretical data and directions for empirical research to airport researchers, and implications for airport enterprise managers and airport policy planners. The findings of this study are particularly helpful for international airports that have adopted the technologies of the Fourth Industrial Revolution.

• Journal of Convergence for Information Technology
• /
• v.12 no.5
• /
• pp.15-20
• /
• 2022

This research studied the evaluation of reliability among the software quality characteristics: suitability, reliability, usability, portability, maintainability, performance efficiency, security, and compatibility. It proposes a quantitative evaluation of reliability in the measurement of software quality. This study introduces a method for measuring the failure rate included in maturity during reliability evaluation, which is one of the characteristics of software quality, and is a study with experimental data on how the failure rate changes depending on the form of failure data. Focusing on software testing, the failure rate was measured and compared according to the type of failure data by applying it to the software reliability growth model, focusing on the number of failures per day. The failure rate was measured around the failure time found through the 6-day test, and the failure rate was compared with the failure rate proposed by the international standard ISO/IEC 25023 using the measurement results, and the application was reviewed according to the data type.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.9-23
• /
• 2020

Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

• Journal of Platform Technology
• /
• v.11 no.4
• /
• pp.35-49
• /
• 2023

Recently, real-time cyber threats are constantly occurring for various reasons. Most companies have the characteristic of digitizing important internal information and storing it centrally, so it can be said that the impact is very high when an Computer Security Incident occurs. All electronic device information collected and analyzed in the process of responding to an Computer Security Incident has the characteristic of being subject to change at any time. Submission of related evidence is required in future investigations and courts. At this time, the basic principles of digital forensics, such as the principle of integrity and the principle of chain of custody, must be followed to ensure legitimacy and accuracy of the evidence. In this paper, we propose a digital forensic-based Computer Security Incident Inspection and Response procedure in the Windows 10 environment to secure the legitimacy and accuracy of digital evidence collected and analyzed when an intrusion occurs, prevent intrusion in advance, and quickly recognize it.

• Advanced Industrial SCIence
• /
• v.2 no.1
• /
• pp.21-38
• /
• 2023

An attempt has been made in this article to discuss the fundamentals of technical analysis of the stock market. A retail investor or trader may not have the wherewithal to source that kind of information. Technical analysis requires a candlestick chart only. Most of the brokers in India provide charting solutions as well. Studying the price action of a security or commodity or Forex generally indicates a price pattern. Prices react at certain levels and widely known as support and resistance levels. Since whatever is happening with the price of the security is considered to be a part of a pattern or cycle which has already played out sometime in the past, these studies help a keen technical analyst to identify with certain probability, the future movement of the price. Study of the candlestick patterns, price action, volumes and indicators offer the opportunities to identify a high probability trade with probable target and a stop loss. A trader or investor can take high probability trade or position and control only her losses.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.87-97
• /
• 2023

Containers are an emerging virtualization technology that can build an isolated environment more lightweight and faster than existing virtual machines. For that reason, many organizations have recently adopted them for their services. Yet, the container architecture has also exposed many security problems since all containers share the same OS kernel. In this work, we focus on the fact that an attacker can abuse host resources to make them unavailable to benign containers-also known as host resource exhaustion attacks. Then, we analyze the impact of host resource exhaustion attacks through real attack scenarios exhausting critical host resources, such as CPU, memory, disk space, process ID, and sockets in Docker, the most popular container platform. We propose five attack scenarios performed in several different host environments and container images. The result shows that three of them put other containers in denial of service.

• Advanced Industrial SCIence
• /
• v.3 no.2
• /
• pp.17-22
• /
• 2024

Recently, as the ICT field has been used in various environments, it has become possible to analyze pests by crops, use robots when harvesting crops, and predict by big data by utilizing ICT technologies in a sustainable agricultural environment. However, in a sustainable agricultural environment, efforts to solve resource depletion, agricultural population decline, poverty increase, and environmental destruction are constantly being demanded. This paper proposes an artificial intelligence-based big data processing analysis method to reduce the production cost and increase the efficiency of crops based on a sustainable agricultural environment. The proposed technique strengthens the security and reliability of data by processing big data of crops combined with AI, and enables better decision-making and business value extraction. It can lead to innovative changes in various industries and fields and promote the development of data-oriented business models. During the experiment, the proposed technique gave an accurate answer to only a small amount of data, and at a farm site where it is difficult to tag the correct answer one by one, the performance similar to that of learning with a large amount of correct answer data (with an error rate within 0.05) was found.

• Information Systems Review
• /
• v.22 no.3
• /
• pp.157-172
• /
• 2020

The demand of information security consultants is expected to increase due to the emergence of ISMS-P incorporating ISMS and PIMS, the implementation of European Privacy Act (GDPR) and various security accidents. In this paper, we collected and analyzed advertisements of job advertisement sites that could identify firms' demand explicitly. We selected representative job advertisement sites in Korea and the United States and collected job advertisement details of information security consultants in 2014 and 2019. The collected data were visualized using text mining and analyzed using non-parametric methods to determine whether there was a change in the role of the information security consultant. The findings show that the requirements for information security consultants have changed very little. This means that the role does not change much over a five year time gap. The results of the study are expected to be helpful to policy makers related to information security consultants, those seeking to find employment as information security consultants, and those seeking information security consultants.