• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.05b
• /
• pp.238-241
• /
• 2003

최근 단거리 무선통신 중의 하나인 블루투스(bluetooth)의 기술이 첨가된 전자결재시스템 등의 출현으로 블루투스의 보안 문제가 대두되었다. 기존의 블루투스 보안 모델(bluetooth security model)은 하나의 피코넷(piconet)에서만 적용되어지며, 다수의 피코넷으로 구성된 스캐터넷(scatternet)에서는 적용될 수 없다. 본 논문에서는 스캐터넷상에서 서로 다른 보안 정책을 갖고 있는 다수의 어플리케이션을 지원하는 보안 모델을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.209-212
• /
• 2021

현재 IT 보안 관제 시스템을 구축하여 사용하고 있는 기업들은 여러 보안 솔루션을 도입하고 있어 각 솔루션에 따라 서로 다른 IT 이상징후 탐지 모델을 필요로 하고 있다. 이에 따라 솔루션별로 상이한 모델이 필요하며, 유지보수에 어려움이 대두되었다. 이러한 보안 관제 시장의 문제를 해결하기 위해 요구된 것이 이기종 보안 솔루션의 공통 정보 모델로의 표준화 및 탐지 모델 체계화이다. 현재 JCIM은 보안 관제 시장에서 데이터를 공통 정보 모델로 표준화하고, 선택한 솔루션의 시나리오를 보여주며 즉시 탐지까지 가능한 제품을 구현하였다. 이를 통해 AI 기반의 이상 탐지 시나리오를 구현할 수 있는 인력을 양성하고, 이를 기반으로 다양한 고객(산업군)사에 적응하는 것을 기대한다.

• Review of KIISC
• /
• v.13 no.4
• /
• pp.49-59
• /
• 2003

정보보호기술이 '수동형'에서 점차로 '능동형'으로 진화하고 있는 가운데, Secure OS가 능동형 정보보호기술의 핵심으로 주목받고 있다. Secure OS는 서버시스템 보안의 원천적 기술로 접근통제에 관한 보안정책, 보안모델 및 보안메커니즘에 대하여 검증 가능한 방법으로 안전ㆍ신뢰성이 확보되어야 한다. 이에 본 논문에서는 Secure OS 핵심기술의 이해와 더불어 Secure OS 개발 시 안전ㆍ신뢰성을 확보하기 위하여 이론적으로 잘 정립되고 정형화된 보안정책, 보안모델 및 보안메커니즘에 대하여 살펴본다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.1
• /
• pp.122-127
• /
• 2009

In this paper, it is reviewed security architecture and proposed security model about secure aeronautical system, which is considering in the cynical research topics out of aeronautical traffic system. The reviewed contents is treated about security model fur domestic aeronautical system with international security technology trends in the basis of security technology related aeronautical services. In the security framework of aeronautical communication network, it is analyzed data link security technology between air and ground communication, and security architecture in according to aeronautical system, and presented security architecture of U information HUB model. The security architecture of U-information HUB includes the internetworking scope of airline, airport network, airplane network, and related government agency, etc.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.3
• /
• pp.351-362
• /
• 2002

Today, management object using SNMP is not only covered network but also more privacy object like personal or billing data. To enforce security management, view-based access control model is introduced in SNMPv3. However, they are not designed to enforce more privacy object such as purpose and increase complexity of user management. Task-based access control can provide enhanced security service using purpose binding and leverage the complexity of user management using purpose of task.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.167-176
• /
• 2024

Chatbot services are used in various fields in connection with AI services. Security research on AI is also in its infancy, but research on practical security in the service implementation stage using it is more insufficient. This paper analyzes the security requirements for chatbot services linked to AI services. First, the paper analyzes the recently published papers and articles on AI security. A general implementation model is established by investigating chatbot services provided in the market. The implementation model includes five components including a chatbot management system and an AI engine Based on the established model, the protection assets and threats specialized in Chatbot services are summarized. Threats are organized around threats specialized in chatbot services through a survey of chatbot service managers in operation. Ten major threats were drawn. It derived the necessary security areas to cope with the organized threats and analyzed the necessary security requirements for each area. This will be used as a security evaluation criterion in the process of reviewing and improving the security level of chatbot service.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.31-46
• /
• 2012

Drawing upon Griffin and Neal's safety climate and performance model, this study developed an information security climate model. Research model is composed of three research variables that include information security climate, information security compliance attitude, and opportunistic security behavior. Results of the study strongly support the fundamental proposition that the organizational security climate has significant positive influence on the individual's opportunistic security behavior. However, the study also reveals that the organizational climate may not directly associate with the reduction of opportunistic security behavior. Rather the organizational security climate nurtures the favorable attitude of the employee towards the compliance of information security, which in turn discourages opportunistic security behavior.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.4
• /
• pp.1-7
• /
• 2024

Traditional security model design presents two primary issues. First, these models have been developed and implemented with a technology-centered approach rather than considering human factors. Such structures can be undermined by cognitive vulnerabilities like psychological resistance within organizations and user errors. Second, these models are typically designed based on network perimeter security. This design is unsuitable for the boundary-less remote work environments rapidly becoming prevalent due to the Fourth Industrial Revolution and the COVID-19 pandemic. This paper proposes an approach to address these limitations by integrating human-centered threats within the Zero Trust security model, a state-of-the-art boundary-less security framework. By doing so, we suggest a robust security model design that can protect against both technical and human-centered threats.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.235-241
• /
• 2012

To improve educational excellence and quality, academies carry forward integrative security model related to academic affairs including personal information. This paper proposes an integrative security model for academic affairs database, which guarantees DBMS access control, confidentiality, integrity, and security inspection. This proposed model considered that most academies can't make good use of data security product and suggests a detailed measure to realize the confidentiality based on the function of DBMS.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.132-135
• /
• 2021

최근 네트워크의 확장으로 인한 공격 벡터의 증가로 외부자뿐 아니라 내부자를 경계해야 할 필요성이 증가함에 따라, 이를 다룬 보안 모델인 제로트러스트 모델이 주목받고 있다. 이 논문에서는 reverse proxy 와 사용자 패턴 인식 AI 를 이용한 제로트러스트 아키텍처를 제시하며 제로트러스트의 구현 가능성을 보이고, 새롭고 효율적인 전처리 과정을 통해 효과적으로 사용자를 인증할 수 있음을 제시한다. 이를 위해 사용자별로 마우스 사용 패턴, 리소스 사용 패턴을 인식하는 딥러닝 모델을 설계하였다. 끝으로 제로트러스트 모델에서 사용자 패턴 인식의 활용 가능성과 확장성을 보인다.