• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.805-807
• /
• 2004

최근 IT 산업의 발전과 더불어, 리소스가 제한된 소형 기기들의 사용이 비약적으로 증가하고 있는 추세이다. 자바는 플랫폼 독립성(Platform Independency), 보안성(Security), 네트워크 이동성(Network Mobility) 등의 장점을 가지고 있어, 이러한 소형 기기들에 자바 환경을 적용하게 되면 여러 가지 이점을 가지게 된다. 임베디드 장치나 모바일 같은 제한된 리소스를 사용하는 기기들에는 SUN 사의 CLDC(Connected, Limited Device Configuration)에서 정의하고 있는 K 가상 머신(K Virtual Machine: KVM)을 탑재하여 사용하게 된다. 본 논문에서는 실시간 운영체제 iRTOS$^{TM}$와 KVM 을 탑재한 소형 기기에서 좀더 효율적으로 KVM 의 메모리를 관리하기 위한 Garbage Collection기법을 설계하고 구현한 내용을 설명한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.229-244
• /
• 2024

Recently, supply chain attacks against nuclear facilities such as "Evil PLC" are increasing due to the application of digital technology in nuclear power plants such as the APR1400 reactor. Nuclear supply chain security requires a asset management system that can systematically manage a large number of providers due to the nature of the industry. However, due to the nature of the control system, there is a problem of inconsistent management of attribute information due to the long lifecycle of software assets. In addition, due to the availability of the operational technology, the introduction of automated configuration management is insufficient, and limitations such as input errors exist. This study proposes a systematic asset management system using SBOM(Software Bill Of Materials) and an improvement for input errors using natural language processing techniques.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.375-381
• /
• 2015

In the past few years, data leakage of information assets has become prominent issue. According to the NIS in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment, operation and certification of ISMS, even for private enterprises. The purpose of this study is to examine the factors influencing the certification intention of ISMS using EFA (Exploratory Factor Analysis) and regression analysis. We identified expectation factors for certification of ISMS from 13 elements using EFA (Strengthening practical ability & economic effect factor and Improvement of security level & handling incident factor). Next, we examined that the certification intention of ISMS using regression analysis. As a result of regression analysis, Strengthening practical ability & economic effect factor is not significant for the certification intention of ISMS (p<.05). Also, Improvement of security level & handling incident factor have a significant and positive effect on the certification intention of ISMS (p<.05).

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.73-81
• /
• 2007

Users of World Wide Web (Web) experience difficulties in the retrieval of pertinent information due to the increased information provided by Web sites and the complex structure of Web documents that are continuously created, deleted, restructured, and updated. Web providers' efforts to maintain their sites are tend to be less than that of site creation due to the expenses required for maintenance. If information of relationship among Web documents and their validity is provided to Web managers as well as Web developers, they can better serve users. In order to grasp the whole structure of a Web site and to verify the validity of hyperlinks, traversal and analysis of hyperlinks in a Web document are required to provide information for effective and efficient creation and maintenance of the Web. In this paper, we introduce a Web Editor specialized for Web maintenance. We emphasized on two aspects: first, the analysis of HTML Tags to extract hyperlink information and second, establishment of the relationship among hyperlinked documents, and verification of the validity of them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.881-888
• /
• 2015

Financial Authorities have added security controls to the Electronic Financial Transaction Act and the Supervisory Regulation according to the recent frequent personal credit information leakages. Accordingly, the security level has been upgraded. But it is necessary to study more security controls to add. This paper deduces 19 security controls over the mean value to be added to the financial area receiving 15 security consultant's help.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.141-151
• /
• 2006

The destructive power of cyber threat arrived to until the phase which it threatens to direct and seriously in national security undergoes an important national institutuin hacking event of 2004 and Internet paralysis accidents of 2003. 1. 25. So Cyber terror and Cyber warfare is not the hypothetical enemy situation. It is more actual security situation and identify as magnification of warfare concept of incapacitation national important ability include military command system of the adversary, communication, energy, finance and transportation system. consequently, with the progress of cyber threat, it is necessary that looking at a number of general plan to make up for the weak points in cyber warfare operation system. Thus, the focus of this study is to examine new ways of developing a comprehensive cyber security management system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.99-107
• /
• 2022

In the current technological society, where various technologies are converged into one and being transformed into new technologies, new cyber attacks are being made just as they keep pace with the changes in society. In particular, due to the convergence of various attacks into one, it is difficult to protect the system with only the existing security system. A lot of information is being generated to respond to such cyber attacks. However, recklessly generated vulnerability information can induce confusion by providing unnecessary information to administrators. Therefore, this paper proposes a mechanism to assist in the analysis of emerging cyberattack convergence technologies by providing differentiated vulnerability information to managers by learning documents using deep learning-based language learning models, extracting vulnerability information and classifying them according to the MITRE ATT&CK framework.

• Journal of Digital Convergence
• /
• v.18 no.7
• /
• pp.31-36
• /
• 2020

In recent years, increasing the variety of disasters and accidents that accompany large-scale damage. Disasters are accidents with uncertainty and have a direct impact on people's lives, safety and property protection. Therefore, it is necessary to establish and operate safety management systems such as prevention, response, and recovery for various disasters. Therefore, in this paper, a real-time disaster safety management solution in a smart environment was designed to systematically respond to disaster accidents. To this end, 1: 1 or 1: N situation propagation was performed to the situation room, related organizations, and experts through smart devices. Through this, the solution was configured to respond quickly and appropriately through multi-party information sharing and communication. In other words, we designed a solution that applied functions such as real-time and multi-party HD video transmission, mobile-type report management, voice / text situation propagation, location information sharing, recording and history management, and security.