• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.101-111
• /
• 2004

Risk analysis process, which identifies vulnerabilities and threat causes of network assets and evaluates expected loss when some of network assets are damaged, is essential for diagnosing ISP network security levels and response planning. However, most existing risk analysis systems provide only methodological analysis procedures, and they can not reflect continually changing vulnerabilities and threats information of individual network system on real time. For this reason, this paper suggests new system design methodology which shows a scheme to collects and analyzes data from network intrusion detection system and vulnerability analysis system and estimate quantitative risk levels. Additionally, experimental performance of proposed system is shown.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.107-108
• /
• 2023

기업 및 공공기관의 클라우드 서비스 도입이 확산되면서 업무 시스템에 대한 보안 요구사항이 변화하고 있다. 기존에는 보호해야 할 정보자산이 물리적으로 외부와 분리된 내부 공간에 집중되었다면 클라우드 환경에서는 자산의 분포 범위가 넓어지면서 내부와 외부의 경계가 모호해진다. 따라서 경계 기반의 전통적인 보안 방식은 클라우드 기반 업무환경에 적합하지 않으며 정보 서비스를 이용하는 전 주기에서 암묵적인 신뢰를 배제하고 지속적으로 검증을 수행하는 제로 트러스트 기반의 업무 시스템 운영이 필요하다. 본 논문에서는 스토리지 클라우드 서비스인 아마존 웹 서비스 S3(Simple Storage Service)에 대하여 제로 트러스트 모델을 설계하고, 직접 서비스를 운영하며 제안된 제로 트러스트 모델의 안전성을 검증한다. 제로 트러스트 모델은 스토리지에 접근하는 사용자에 대한 인증 및 식별 기술, 스토리지 암호화 기술, 암호화 키 관리 기술을 활용하여 설계하였으며 제로 트러스트 기술 적용 시, 스토리지 보안성이 향상되는 것을 실제 서비스 운영을 통한 실험을 통해 확인하였다.

• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.341-347
• /
• 2012

Network Access Control system of medical asset protection solutions that installation and operation on system and network to provide a process that to access internal network after verifying the safety of information communication devices. However, there are still the internal medical-data leakage threats due to spoof of authorized devices and unauthorized using of users are away hours. In this paper, Network 2-Factor Access Control Model proposed for prevention the medical-data leakage by improving the current Network Access Control system. The proposed Network 2-Factor Access Control Model allowed to access the internal network only actual users located in specific place within the organization and used authorized devices. Therefore, the proposed model to provide a safety medical asset environment that protecting medical-data by blocking unauthorized access to the internal network and unnecessary internet access of authorized users and devices.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.3
• /
• pp.60-67
• /
• 2002

Existing as a reverse function in the information age, the security threats against the information system is increasing day by day and a systematic security management to this is being considered more and more important. The most important thing on security management is a risk analysis to understand the cause of the threat and to set up a countermeasure. Therefore, to increase security the proposed model will advise on the set up of the security policy and for a set up of an economic security countermeasure we have increased the reliability on the risk calculation stage. Especially, on the countermeasure stage we have requested a security level on the asset in order to examine the mutual reliance between assets, and differing from the standard model, we have improved the proposed model so that the materializing of the proposed countermeasure has been made to identify the restricted items for each asset and in order to not materialize superficial countermeasures and to make sure to materialize an economic countermeasure.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.7
• /
• pp.337-352
• /
• 2017

Clone-and-own reuse is an approach to creating new software variants by copying and modifying existing software products. A family of legacy software products developed by clone-and-own reuse often requires high maintenance cost and tends to be error-prone due to patch-ups without refactoring and structural degradation. To overcome these problems, many organizations that have used clone-and-own reuse now want to migrate their legacy products to software product line (SPL) for more systematic reuse and management of software asset. However, with most of existing methods, variation points are embedded directly into design and code rather than modeled and managed separately; variation points are not created ("engineered") systematically based on a variability model. This approach causes the following problems: it is difficult to understand the relationships between variation points, thus it is hard to maintain such code and the asset tends to become error-prone as it evolves. Also, when SPL evolves, design/code assets tend to be modified directly in an ad-hoc manner rather than engineered systematically with appropriate refactoring. To address these problems, we propose a feature-oriented method for extracting a SPL asset from a family of legacy applications. With the approach, we identify and model variation points and their relationships in a feature model separate from implementation, and then extract and manage a SPL asset from legacy applications based on the feature model. We have applied the method to a family of legacy Notepad++ products and demonstrated the feasibility of the method.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10b
• /
• pp.481-483
• /
• 2004

ISO family와 CMMI는 조직의 소프트웨어 프로세스 개선을 위한 표준과 지침을 제공한다. ISO 9001은 품질경영 시스템에 관한 표준인 반면 CMMI는 프로세스 개선을 위한 모델이다. ISO 인증 조직은 지속적인 프로세스 개선을 위하여 CMMI를 적용할 필요가 있다. 그러나 용어나 적용 범위 및 내용의 상세함 등의 차이로 인해, ISO 인증 조직이 CMMI를 도입함에 있어서 어려움이 따른다. 이 논문에서는 ISO 인증 조직이 효과적으로 CMMI를 도입하기 위한 모델을 제안한다. 먼저 ISO 9001:2000의 요구사항과 CMMI 실행지침 사이의 관계를 기준에 따라 일대일 관계로 대응시킨다. 그런 후 CMMI 실행지침들을 ISO 9001:2000 용어와 형식으로 바꾸어 ISO 9001:2000 요구사항과 통합한 모델을 만든다. 이러한 모델은 ISO 조직에게 기존 자산과 새롭게 도입해야 할 사항을 통합 모델을 가지고 차이 분석(Gap Analysis)을 통해 보다 용이하게 식별할 수 있게 도움을 줄 것이다.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.339-345
• /
• 2012

Despite agile methods and software reuse being distinct approaches, there has been a growing amount of research on combining these approaches. Although Scrum is one of the most popular agile methods, reuse has not been actively supported. In this paper, we identify a new type of reusable Scrum assets, simplify the backlog process and propose a backlog factoring technique by extending task factoring to support reuse in the Scrum method. In addition, we can apply the proposed technique and show prototyping of backlog reuse in e-business applications.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.29-34
• /
• 2007

본 논문은 다양한 시스템이 존재하는 컴퓨터 네트워크 상의 위험을 분석 평가하기 위한 방법을 소개한다. 실시간으로 위험을 구성하는 요소들의 상태가 변화하는 상황에서 자산의 강도 평가, 위협 가능성 분석, 취약성에 대한 기존 통제 분석이 필요하다. 기존 통제 구성은 네트워크 토폴로지를 이용한 네트워크 베이스, 응용 어플리케이션에 기반한 호스트 베이스 통제가 있으며, 이들은 컴퓨터 네트워크상의 실질적인 취약성을 효과적으로 식별하는데 도움을 준다. 또한 가능성 분석은 위험평가 과정에서 불필요한 위협 정보를 효과적으로 제거하여 줄 수 있을 것이다.