• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.879-890
• /
• 2000

Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새？ Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.865-867
• /
• 2003

최근 보안성의 취약점을 이용한 보안 사고들이 증가하고 있다. 이러한 보안적 취약점을 극복할 수 있는 방법으로 정형적 설계 및 검증이 있으며 그 필요성은 국외뿐만 아니라 국내에서도 점차적으로 늘어나고 있다. 고등급의 보안 시스템을 개발하기 위해서는 정형화된 설계 및 검증 방법론을 사용해야 하지만 국내에서는 아직 정형적 설계 및 검증 방법에 대한 이해가 부족할 뿐만 아니라 개발자 수준에서 보안성을 보다 쉽게 설계하고 안전성을 검증, 평가 할 수 있는 자동화 도구도 갖추어지지 않은 실정이다. 본 논문에서는 기존의 보안성을 정형적으로 설계하고 검증한 사례를 조사, 분류하여 국내 보안 시스템 개발자들이 활용할 수 있는 가이드를 만드는데 근간을 두고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.17-27
• /
• 2005

With the development of wire and wireless based networks, a various security protocols have been proposed to protect important resources and user information against attackers. However, many security protocols have found oかy to be later vulnerable to attacks. In this Paper, we introduce the formal methodology to verify the safety of security protocols in the design phase, and we take advantage of the formal methodology which uses Casper/CSP and FDR tools by introducing the verification example of EKE protocol and BCY protocol. Lastly, we propose a new BCY protocol after verifying it's safety.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of Digital Contents Society
• /
• v.11 no.3
• /
• pp.331-339
• /
• 2010

On intranet system, it is essential element for providing information to decrease response time. To realize this efficiencies of response time of the network, a lot of research have been conducted. The purpose of the research and implementation is to shorten the response time of information system. We can realize final goal of information system through fast response time. This final goal of information system is to secure the performance efficiency within the required time. In order to acquire the method of warranty of fast response time, the efficient measurement method is essential. This research suggests a latency test techniques being used on infrastructure system and also offers a response time measurement methodology. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method. Also it is possible to develop a enhanced networking capabilities, and information system capabilities for the development of information system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.428-430
• /
• 2015

보안은 오직 기술을 관리하는 것이 아닌 사람관리, 조직관리, 경영관리이다. 그 중에서도 인적자원은 모든 산업에서 가장 중요한 자원임과 동시에 보안의 측면에서 볼 때 가장 통제해야 하는 존재이다. 이는 산업보안에서 가장 큰 이슈인 산업기술 기밀 유출이 주로 전 현직 임직원 및 협력업체 직원 등 인적자원을 통했기 때문이다. 미래 산업의 중심이 될 IoT환경에서는 산업기술이 핵심자산이므로 이에 더 주목해야 할 필요가 있다. 이처럼 인적자원에 대한 통제와 관리가 산업보안에서 중요한 의미를 갖는 것에 비해 기존의 보안관리체계의 통제항목은 대부분 IT적인 부분에 치중되어있다. 또한, 체계적인 운영이 부족하고, 산업스파이, 정보절취 등 다양한 위험요소가 존재한다. 특히, 인적자원은 완벽한 예측이 불가능하므로 위험을 최소화하는 방법을 고안해 대는 것에 유념하여 IoT환경에서의 인간중심적인 보안관리체계 구축해야한다. 이를 위해 기존의 정보보호 관리체계 분석을 통하여, 기존의 인적보안 지침들의 적합성을 따져 우선순위를 적용하여 효율적인 인적자원관리 방법론을 설계하였다. 본 연구결과는 보유자원을 가장 효율적으로 활용하여, 그 조직에 적합한 보안체계를 구축하는데 도움이 될 것으로 기대된다.

• Review of KIISC
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

본 논문에서는 소프트웨어 개발 프로세스에서 보안성을 향상시키기 위해, 소프트웨어 개발단계에서 산출되는 문서를 바탕으로 내재되어 있는 취약성을 찾기 위한 체크리스트를 제안한다. 현재 소프트웨어 생명주기내에서 보안성을 지키기 위해서는 설계단계에서의 위험분석 이 요구되며, 이를 확인하기 위한 검증단계가 필수적이다. 따라서, 본고에서는 취약성을 찾는 구체적인 방법으로 ISO/IEC 15408(Common Criteria, 이하 CC)[1]기준의 보안성 평가방법론인 CEM[2]에 기반한 취약성검색을 통해 소프트웨어 설계단계에서 산출되는 개발문서에 대해 검증해야 할 항목을 제시한다.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.3-9
• /
• 2011

On health information network architecture, traffic along the path of traffic and security, blocking malicious code penetration is performed. The medical information system network security infrastructure study, which was whether to be designed based on the structure and methodology is designed to develop the security features. Health informati on system's functionality and capabilities framework for infrastructure is the backbone and structure. The design fea tures a framework for the overall network structure formation of the skeleton and forms the basic structure of the security methodology. Infrastructure capabilities to build the framework and the application functionality is being implemented. Differentiated in accordance with security zones to perform security functions and security mechanisms that operate through this study is to present. u-Healthcare future advent of cloud computing and a new health information environment, the medical information on the preparation of this study is expected to be utilized for security.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.93-99
• /
• 2012

As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.169-177
• /
• 2012

In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.