• KIISE Transactions on Computing Practices
• /
• v.23 no.3
• /
• pp.177-182
• /
• 2017

To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2002.11a
• /
• pp.29-37
• /
• 2002

본 논문은 가상 공격 시뮬레이션을 위한 공격자 및 리눅스 기반 호스트에 대한 모델링 방법의 제안을 주목적으로 한다. 최근, Amoroso는 보안 메커니즘 중심의 침입 모델을 제안하였으나, 시뮬레이션 접근이 분명치 않은 단점이 있다. 또한, Cohen은 원인-결과 모델을 이용하여 사이버 공격과 방어를 표현한 바 있으나, 개념적 단계의 추상화 모델링으로 인해 실제 적용이 어려운 실정이다. 이를 해결하고자 하는 시도로 항공대 지능시스템 연구실에서 SES/MB 프레임워크를 이용한 네트워크 보안 모델링 및 시뮬레이션 방법을 제안한 바 있으나, 공격에 따른 호스트의 복잡한 변화를 표현하기에는 부족하다. 이러한 문제점들을 해결하고자, 본 논문에서는 시스템의 구조를 표현하는 기존 SES에 합성용 규칙기반 전문가 시스템 방법론을 통합한 Rule-Based SES를 적용하여 공격자를 모델링하고, DEVS를 기반으로 하는 네트워크 구성원을 모델링한다. 제안된 모델링 방법의 타당성을 검증하기 위해 본 논문에서는 샘플 네트워크에 대한 사례연구를 수행한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.228-231
• /
• 2017

최근 랜섬웨어 같은 치명적 신 변종 사이버공격에 의한 경제적 피해가 심각해지고 있는 실정이며, 취약 홈페이지에 대한 위 변조 공격은 사용자 PC의 악성코드 감염 경로로 활용되고 있다. 본 연구에서는 소스코드, 이미지 및 키워드 등 3가지 방식의 홈페이지 위 변조 검증을 수행하고 해당 결과를 블록체인 기반으로 관리하여 데이터의 투명성 보안성 안정성을 확보할 수 있는 프레임워크를 제시하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.113-120
• /
• 2006

C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

• Review of KIISC
• /
• v.14 no.1
• /
• pp.107-122
• /
• 2004

세계 각 국은 산업 및 정보의 의존성에 의해 모든 정보를 한눈에 볼 수 있는 시대로 변모하였으며, 사이버 공간 그 자체가 정치, 경제사회, 문화 등의 기본적인 생활 공간으로 자리 매김하고 있다. 따라서 사이버 공간을 보호하지 않을 경우 안정된 정보사회 구축은 불가능하다. 특히, 정보보호의 대상이 특정 국가적인 정보 보안에 국한되지 않고 기업 및 사회의 정보 등으로 확대되고 있어, 국가적으로 국가 안보뿐만 아니라 개인의 정보보호를 위한 새로운 제도와 조치가 절실히 요구되는 시점이다. 따라서 본 고에서는 복합 기능을 갖는 정보보호 제품의 보호 프로파일 개발을 위한 기반 연구로 요구되는 대체 평가 방법론에 대해 고찰해 보고자한다. 특히 북미를 중심으로 표준화가 진행 중에 있는 CEM을 기준으로, 영국을 중심으로 유럽의 적합성 표준으로 추진 중에 있는 SCT와 ISO/IEC에서 제시되고 있는 적합성 테스트 방법론인 ISO/IEC 9496 및 보증 프레임워크인 ISO/IEC 15443에 대한 자체 취약성 분석을 수행하고 자각의 평가 방법론간의 상호 연관성과 비교 분석을 통해 복합 기능을 갖는 정보보호 제품의 보호 프로파일 개발의 가이드라인을 제시하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.425-433
• /
• 2016

In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.487-498
• /
• 2023

Security incidents using vulnerabilities in cloud services occur, but it is difficult to collect and analyze traces of incidents in cloud environments with complex and diverse service models. As a result, the importance of cloud forensics research has emerged, and infringement response scenarios must be designed from the perspective of cloud service users (CSUs) and cloud service providers (CSPs) based on representative security threat cases in the public cloud service model. This simulated hacking-based proactive cloud infringement response framework can be used to respond to the cloud service critical resource attack process from the viewpoint of vulnerability detection before cyberattacks occur on the cloud, and can also be expected for data acquisition. Therefore, in this paper, we propose a framework for preventive cloud infringement based on simulated hacking by analyzing and utilizing Cloudfox, a cloud penetration test tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.