• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.85-95
• /
• 1996

인터넷을 중심으로 글로벌네트워크화 되고 있는 국내 전산망에서는 국내외 해킹 등에 의한 전산망 보안 침해사고가 매우 우려될 뿐 아니라 빈번히 발생되고 있다. 하지만 이에 대한 대책과 기술이 제대로 이루어지지 않고 있으며, 해외의 전문 침해사고대응에 비해 매우 열악한 상태에 있으므로 침해사고의 예방, 사고시 분석 및 확산 방지 및 방지책 개발과 이의 상호 정보 공유 방법을 제시하고 운영하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.664-666
• /
• 2003

DRM (Digital Rights Management)은 디지털 저작권 관리를 뜻하는 말로, 전자책, 음악, 게임 등의 디지털 컨텐츠의 지적 재산권을 보호하기 위해 디지털 컨텐츠의 무단 유통을 방지하는 서비스를 의미한다. 이러한 DRM 시스템은 주로 유선 환경에서 사용되고 있었으나. 최근 정보통신 기술의 발달로 인한 무선 환경에서의 디지털 컨텐츠의 사용요구가 증가함에 따라 DRM 시스템은 유선 환경뿐만 아니라 무선 환경에서도 그 중요성이 날로 커지고 있는 실정이다. 현재 DRM은 디지털 컨텐츠에 대한 저작권에 대한 보호 뿐 아니라 더 나아가 디지털 컨텐츠를 이용한 마케팅 솔루션을 제공하는 것까지 그 영역을 확장함에 따라 각 비즈니스 영역별로 적합하도록 다양한 DRM 솔루션이 제시되고 있다. 이로 인해 시스템간의 호환성을 위해 현재 OMA 등의 단체에서 무선 DRM에 관한 표준을 제시하고 있다. 그러나 표준으로 제시되고 있는 DRM 모델에서는 인가된 사용자만이 컨텐츠를 사용할 수 있도록 하는 인증서비스에 관한 부분이 매우 취약한 상황이다. 이에 따라 본 논문에서는 키 관리 서버와 사용자별 암호키 리스트를 다르게 소유할 수 있도록 하는 방법을 사용하는 인증서비스를 제시해보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.456-458
• /
• 2019

정보보안을 달성하기 위해서 컴퓨터가 보급된 이래로 많은 노력이 이루어졌다. 그중 메모리 보호 기법에 대한 연구가 가장 많이 이루어졌지만, 컴퓨터의 성능 향상으로 이전의 메모리 보호 기법들의 문제들이 발견되고, 부채널 공격의 등장으로 새로운 방어책이 필요 되었다. 본 논문에서는 프로그램에 정적 바이너리 재작성(Static Binary Rewriting) 기법을 통해 페이지(Page)마다 4~8byte 의 난수를 삽입하여 메모리 공유 기반 부채널 공격을 방어할 수 있는 2 가지 방법을 제시한다. 최근 아키텍처는 분기 예측(Branch Prediction)을 통해 jmp 명령어에 대한 분기처리가 매우 빠르고 정확하게 처리되기 때문에 난수를 삽입할 때 사용하는 jmp+rand 방식은 오버헤드가 매우 낮다. 또한 특정 프로그램에만 난수 삽입이 가능하므로 특히 클라우드 환경에서 중복제거 기능과 함께 사용하면 높은 효율성을 보일 수 있다고 예상한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.205-214
• /
• 2013

The study of the compatibility of EPUB DRM, granted by the Korea Copyright Commission, as a CT R & D project (Project Title: Development of standard reference software technology for the International Standard EPUB-based eBook DRM) developed standards such as profile standards for encryption, digital signature and authentication certificates and standards for technical terms of rights information. In 2012, these four standards have been established as the Korean Industrial Standards under the names of 'Encryption specification for EPUB DRM', 'the Digital signature specification for EPUB DRM', 'the Certificate specification for EPUB DRM', and 'Definitions of Right Terms for EPUB DRM' through the ODPF(Open Digital Standardization Forum) and the TTA(Telecommunications Technology Association). In spite of the establishment of the eBook DRM standards, however, the absence of the standard technology which supports the compatibility for issues and changes of licenses makes it unable to use eBooks served by different eBook distributors. This study tries to investigate technological approaches to methods of license issues supporting eBook DRM compatibility on the basis of the above-mentioned four EPUB DRM standards and to provide an industrially accepted technological model.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.219-227
• /
• 2005

This paper suggests to guideline food safety and economic gains in the restaurant business Industry. First, provide useful tools for easily understanding in the food safety and express warranty Second, manage all documents like sanitation report, claim report in related to the product liability as a precautions. Third, execute fast & proper action for consumer's demage. Fourth, organize positively brand image in the corporate. Fifth, implement useful tools in the product standard and qualification such as ISO9000, HACCP, and PLMS. Sixth. Support co-partner against product liability. Seventh, take a action early for product liability in the foodservice industry.

• Journal of Environmental Policy
• /
• v.8 no.4
• /
• pp.125-147
• /
• 2009

The Basic Environmental Policy Act (BEPA) (Law No. 4257 effective 1. August 1990) sets forth the basic policies and administrative framework for environmental preservation, leaving more detailed regulations, and emission controls to separate laws targeting air, water, and solid waste, etc. The BEPA Article 31 adopts an unprecedented strict liability standard for damages as an absolute liability. The BEPA Article 31 provides for liability as follows. If a company is alleged to have caused damage through pollution of the environment, it will be liable for damages unless it can show that the pollution did not cause damages, or that it did not actually cause pollution. If the company did cause pollution, and if the pollution is the cause for the damages in question, the company will be liable irrespective of whether it was negligent or otherwise at fault. If there are two or more companies involved in the pollution, but it is unclear which company caused the damages, all of the companies will be jointly and severally liable for the damages. In this paper, the author attempts to uncover the problems of BEPA Article 31 and then seeks desirable amendments by comparing it to the German Environmental Liability Act. First, it will be necessary to provide definitions of 'companies etc.'. Second, it will be necessary to enumerate the kinds of company facilities. Third, it will be necessary to provide exclusionary clauses on material damages. Fourth, it will be necessary to show 'presumption of cause and effect'. Fifth, it will be necessary to provide a clause on 'right to information'. Sixth, it will be necessary to provide a clause for force majeure. Seventh, it will be necessary to take measures to secure abundant liability for damages which can be caused by the owner of the facility, the potential polluter. Finally, it is appropriate that Korea now legislate an Environmental Liability Act akin to the German Environmental Liability Act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1259-1277
• /
• 2018

This study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Under this goal, this study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Based on the results of this analysis, this study suggests suggestions and directions for improvement of domestic cyber security governance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.35-45
• /
• 2005

There has recently been an increase of phishing attacks, attacks which lure users into revealing their personal information to an attacker who in turn exploits this information for economic gain. The conventional methods of fooling the user with similarly modified mail or address are constantly evolving and have diversified to include the forgery of mail or domain addresses. Recently the injury incurred by these attacks has greatly increased as attackers exploit the weaknesses found on a few web browsers and used these to conduct phishing attacks based on URL spoofing. Furthermore we are now witnessing the entrance of highly advanced phishing techniques that no longer simply rely on vulnerabilities, but employ ordinary script, HTML, DNS sniffing, and the list goes on. In this paper we first discuss means of investigating and preventing the advanced URL spoofing techniques used in phishing attacks, and then propose a scheme for fundamentally restricting them altogether.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.85-94
• /
• 2014

Information Security Check System was Introduced in 2004, higher than in 2013, the effectiveness of Information Security Management System(ISMS) certification scheme was to unification. This is incident to the Internet affecting people's lives telecommunications service provider to target accountability because, considering the subject's duty selection criteria need to be clarified. however, Obligations under the current legislation, subject selection criteria applying the law itself is ambiguous, the result being a significant problem. Moreover, the regulatory system of certification systems subjects, although selection criteria should be clear and objectively not the obligation not to distrust the system itself and the subject was raised many issues for you. In this study, with SMART Technic in order to improve this certification you can easily determine whether a medical person authorized to develop a model for selection of medical subjects, The developed model is verified through empirical ways to improve the system by presenting the system to help, to secure the effectiveness.

• Journal of Korea Entertainment Industry Association
• /
• v.13 no.6
• /
• pp.53-67
• /
• 2019

This study is expected to be of significance in that it attempted to examine the personal information protection awareness of college students and the state of their personal information protection as prospective information processors and private information owners to boost their will to put private information protection in practice. As a result of making an analysis, the most common average time that the students spent in doing every online activity on weekdays was fewer than two or three hours, and the most dominant activities that they did over the Internet were for entertainment or hobbies. As for awareness of the nature of the Internet, they looked upon it as a quite open public space. Regarding the state of private information protection, they thought that changing passwords on a regular basis would be beneficial to personal information protection, and many thought that it's needed to withdraw from or shut down web sites that weren't used for a long time. In terms of actual practice, however, they didn't change their e-mail passwords regularly on the grounds that it's a hassle, and even the students who had experience of personal information leakage didn't report it or didn't ask for counsel on the grounds that they didn't want to be bothered as well. The majority of the students weren't cognizant of how to report or seek counsel. In the future, personal information protection should be educated on a continual basis as part of curriculum to raise awareness of it among students and boost their will to practice it with a sense of responsibility in an effort to prevent the occurrence of collateral damages triggered by personal information leakage.