• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.263-279
• /
• 2024

With the increasing trend of Cloud migration, security threats in the Cloud computing environment have also experienced a significant increase. Consequently, the importance of efficient incident investigation through log data analysis is being emphasized. In Cloud environments, the diversity of services and ease of resource creation generate a large volume of log data. Difficulties remain in determining which events to investigate when an incident occurs, and examining all the extensive log data requires considerable time and effort. Therefore, a systematic approach for efficient data investigation is necessary. CloudTrail, the Amazon Web Services(AWS) logging service, collects logs of all API call events occurring in an account. However, CloudTrail lacks insights into which logs to analyze in the event of an incident. This paper proposes an automated analysis framework that integrates Cloud Matrix and event information for efficient incident investigation. The framework enables simultaneous examination of user behavior log events, event frequency, and attack information. We believe the proposed framework contributes to Cloud incident investigations by efficiently identifying critical events based on the ATT&CK Framework.

• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Korean journal of communication and information
• /
• v.35
• /
• pp.250-291
• /
• 2006

This study examines the regulatory issues and introduction problems of TV-betting data broadcasts in Korea by in-depth interview with a panel group. TV-betting data broadcast services of card games and horse racing games are widely in use in Europe and other parts of the world. In order to carry out the study, a demo program of TV-betting data broadcast in the OCAP(OpenCableTM Application Platform Specification) system environment, which is the data broadcasting standard for digital cable broadcasts in Korea was exposed to the panel group and then they were interviewed after watching and using the program. The results could be summarized as below. First of all, while TV-betting data broadcasts have many elements of entertainment, the respondents thought that it would be difficult to introduce TV-betting in data broadcasts as in overseas countries largely due to social factors. In addition, in order to introduce TV-betting data broadcasts, they suggested that excessive speculativeness must be suppressed through a series of regulatory system devices, such as by guaranteeing credibility of the media based on safe security systems for transactions, scheduling programs with effective time constraints to prevent the games from running too frequently, limiting the betting values, and by prohibiting access to games through set-top boxes of other data broadcast subscribers. The general consensus was that TV-betting could be considered for gradual introduction within the governmental laws and regulations that would minimize its ill effects. Therefore, the government should formulate long-term regulations and policies for data broadcasts. Once the groundwork is laid for safe introduction of TV-betting on data broadcasts within the boundary of laws and regulations, interactive TV games are expected to be introduced in Korea not only for added functionality of entertainment but also for far-ranging development of data broadcast and new media industries.

• Journal of Legislation Research
• /
• no.55
• /
• pp.167-191
• /
• 2018

Despite international cooperation, piracy has not yet been eradicated in major waters around the world. From the perspective of South Korea, which is absolutely dependent on exporting and importing, it's a lifeline for us to secure safe maritime traffic so it is a situation we have to be vigilant about maritime safety and security. However, criminal law on punishment of piracy is still insufficient and legislative consideration is needed. Since pirates are regarded as enemies of humankind, all nations can punish pirates regardless of their damage. The international community has done its best in cooperation from hundreds of years ago to secure maritime trade through this universal jurisdiction and marine transportation in international waters which is an essential space for military activities, particularly in the Gulf of Aden, the advanced nations have dispatched fleets to combat maritime security threats through joint operations to crack down on Somali pirates. Even if universal jurisdiction is allowed for piracy in accordance with the International Convention on Human Rights and the United Nations Convention on the Law of the Sea, it is difficult to effectively deal with piracy if it not fully complied with a domestic legal system for this purpose or is stipulated as different from international regulations. In other words, universal jurisdiction corresponding to international norms and constitution of piracy should be defined in criminal law in accordance with criminal statutory law. If the punishment of pirates by unreasonably applying our criminal law without prejudice to such work can lead to diplomatic disputes in violation of the Universal Declaration of Human Rights or other international norms. In South Korea, there is no provision to explicitly prescribe piracy as a crime, but punish similar acts like piracy in criminal law and maritime safety law. However, there is a limit to effective piracy punishment because we are not fully involved in internationally accepted piracy. In this study, we critically examine the proposals of the constitutional elements of piracy, propose the legislative direction, and insist on the introduction of globalism to pirate sins.