• Title/Summary/Keyword: 위협의 평가

Search Result 696, Processing Time 0.027 seconds

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries' Cases (해외 사례 비교를 통한 가상화 제품의 보안기능 요구사항 분석에 관한 연구)

  • Lee, Ji-Yeon
    • Journal of Digital Convergence
    • /
    • v.17 no.8
    • /
    • pp.221-228
    • /
    • 2019
  • The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.

A Study on Security Evaluation for Mobile Web Services Message (모바일 웹서비스 메시지의 보안 평가에 관한 연구)

  • Lee, Seoung-Hyeon;Lee, Jae-Seung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.06a
    • /
    • pp.765-768
    • /
    • 2007
  • In this paper, the security evaluation method about mobile web services message is suggested in the method for improving the safety an reliability about the mobile web services message. In order that the goal of this paper is accomplished, the security threat and the security vulnerability which can be occurred in the mobile web services message are defined. The evaluation method for performing the security evaluation about the mobile web services message is defined. Also, the requirements for the mobile web services message security evaluation are defined. Finally, the evaluation framework for performing the mobile web services message security evaluation is constituted, and the evaluation scenario example is suggested. By using the mobile web services message security evaluation defined in the paper, before the mobile web services is deployed, the security threats and security vulnerability can be verified. Also, the countermeasure for the security threat and security vulnerability discovered in the verification result can be prepared. Therefore, the sorority and reliability about the mobile web services can be improved.

  • PDF

Cyber Threats Prediction model based on Artificial Neural Networks using Quantification of Open Source Intelligence (OSINT) (공개출처정보의 정량화를 이용한 인공신경망 기반 사이버위협 예측 모델)

  • Lee, Jongkwan;Moon, Minam;Shin, Kyuyong;Kang, Sungrok
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.115-123
    • /
    • 2020
  • Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

Transmission Modeling and Verification for the Inverse Estimation of Electronic Warfare Threats (전자전 위협체 역추적을 위한 송수신 모델링 및 검증)

  • Park, So Ryoung;Jeong, Hoe Chang;Kwon, Jae Wan;Noh, Sanguk
    • The Journal of Korean Institute of Next Generation Computing
    • /
    • v.13 no.4
    • /
    • pp.112-123
    • /
    • 2017
  • Research for the inverse estimation of RF threats and the efficient electronic attack based on the parameters of the electronic information has been active in the electronic warfare (EW) situations. In this paper, an EW transmission simulator is constructed from the modeling of radar threats, EW receivers, and propagation environments with the collected electronic information in order to verify the performance of the inverse estimation algorithm in various and practical EW situations. In simulation results, we show that the range tracking error and angle tracking error are produced within ten meters and one degree, respectively. And also, we show that the changing relations between the angle tracking error and the parameters of the monopulse angle tracking radar such as the beamwidth and squint angle in simulation results correspond with those in the theoretical modeling. Accordingly, the constructed EW simulator can be used to observe the modifying characteristics of the electronic information in transmission environments, and then, to evaluate the performance of the inverse estimation system in various EW situations.

A Study on the Security Evaluations and Countermeasure of Exposure Notification Technology for Privacy-Preserving COVID-19 Contact Tracing (COVID-19 동선 추적에서의 프라이버시 보호를 위한 Exposure Notification 기술에 대한 보안성 평가 및 대응 방안 연구)

  • Lee, Hojun;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.929-943
    • /
    • 2020
  • Various methods are being presented to identify the movements of COVID-19 infected persons and to protect personal privacy at the same time. Among them, 'Exposure Notification' released by Apple and Google follows a decentralized approach using Bluetooth. However, the technology must always turn on Bluetooth for use, which can create a variety of security threats. Thus, in this paper, the security assessment of 'Exposure Notification' was performed by applying 'STRIDE' and 'LINDDUN' among the security threat modeling techniques to derive all possible threats. It also presented a new Dell that derived response measures with security assessment results and improved security based on them.

Proposed RASS Security Assessment Model to Improve Enterprise Security (기업 보안 향상을 위한 RASS 보안 평가 모델 제안)

  • Kim, Ju-won;Kim, Jong-min
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.635-637
    • /
    • 2021
  • Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

  • PDF

A Proposal of Classification System on Cyber Attack for Damage Assessment of Cyber Warfare (사이버전 피해 평가를 위한 사이버 공격의 분류 체계 제시)

  • Park, Jinho;Kim, Yonghyun;Kim, Donghwa;Shin, Dongkyoo;Shin, Dongil
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2017.11a
    • /
    • pp.235-238
    • /
    • 2017
  • 최근에는 랜섬웨어의 일종인 '워너크라이' 등의 바이러스로 인한 피해도 기하급수적으로 증가하고, 그 수법도 사용자가 파일에 접근하면 감염되던 형태에서 인터넷에 접속되기만 하면 감염되는 형태로 진화하면서 사이버전에 사용되어질 수 있는 사이버 공격에 대응하는 방어 및 회복 방책에 대한 관심이 한층 더 증폭되고 있다. 하지만 일반적으로 방어, 회복 등의 대응 과정은 공격의 피해를 평가하여 결과로 산출된 피해 정도를 전제 조건으로 가지기 때문에 먼저 해킹 공격의 피해를 평가하여야 한다. 본 논문에서는 사이버전에서 사용되어질 수 있는 해킹 공격 및 위협의 피해를 공격의 종류별로 평가하기 위해, 피해 정도를 수치화할 수 있는지의 여부 등을 기준으로 하여 총 3가지 Interruption, Modification, Interception로 구성된 해킹 공격의 분류 체계를 제시한다.

Risk analysis and assessment Methodology Research for network based Real-time Risk Management (네트워크 기반의 실시간 위험관리를 위한 위험분석 및 평가 방법연구)

  • Kim, Sung-Won;Kim, Hui-Young;Kwon, Young-Chan;Yun, Ho-Sang;Kim, Chul-Ho
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2007.06d
    • /
    • pp.29-34
    • /
    • 2007
  • 본 논문은 다양한 시스템이 존재하는 컴퓨터 네트워크 상의 위험을 분석 평가하기 위한 방법을 소개한다. 실시간으로 위험을 구성하는 요소들의 상태가 변화하는 상황에서 자산의 강도 평가, 위협 가능성 분석, 취약성에 대한 기존 통제 분석이 필요하다. 기존 통제 구성은 네트워크 토폴로지를 이용한 네트워크 베이스, 응용 어플리케이션에 기반한 호스트 베이스 통제가 있으며, 이들은 컴퓨터 네트워크상의 실질적인 취약성을 효과적으로 식별하는데 도움을 준다. 또한 가능성 분석은 위험평가 과정에서 불필요한 위협 정보를 효과적으로 제거하여 줄 수 있을 것이다.

  • PDF

The Study of Developing an Index for Evaluating (위험분석모델의 정보시스템 구축방법론 적용에 관한 연구)

  • 박동석;안성진;정진욱
    • Convergence Security Journal
    • /
    • v.2 no.2
    • /
    • pp.67-75
    • /
    • 2002
  • The purpose of this study is to reflect the risk analysis results acquired while building an information system of an organization by applying a risk analysis model capable of analyzing the confronted risk, on the information system build methodology. Risk analysis, a method of utilizing the functional relation between risk, vulnerability and countermeasure of information assets, is used to evaluate the overall information risk level by analyzing the influence range of vulnerability imposed in the information asset of an organization, and the applications of the countermeasures on the frequency and intensity of the corresponding risk.

  • PDF

Standardization Model and Implementation of Event Type in Real Time Cyber Threat (실시간 위협에서 Event 유형의 정형화 설계 및 구현)

  • Lee, Dong-Hwi;Lee, Dong-Chun;J. Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.67-73
    • /
    • 2006
  • The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

  • PDF