• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.67-75
• /
• 2002

The purpose of this study is to reflect the risk analysis results acquired while building an information system of an organization by applying a risk analysis model capable of analyzing the confronted risk, on the information system build methodology. Risk analysis, a method of utilizing the functional relation between risk, vulnerability and countermeasure of information assets, is used to evaluate the overall information risk level by analyzing the influence range of vulnerability imposed in the information asset of an organization, and the applications of the countermeasures on the frequency and intensity of the corresponding risk.

• Information Systems Review
• /
• v.4 no.2
• /
• pp.95-109
• /
• 2002

The purpose of this research is to investigate a way to increase interoperability between information systems. We proposed a technical reference model (TRM) and a standard profile (SP) that are components of ITA as tools to secure information system interoperability. First, we composed TRM by choosing technology field that need standardization for information system interoperability. And, we choose standards to apply in each technology field of TRM as a interoperability common SP.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.295-304
• /
• 2003

Currently security researchers focus on protection of program and data from malicious users and accidents. Therefore, many firewalls and intrusion detection systems have been developed commercially. The intrusion tolerance is a new concept that is the last line of defense for the information survivability. It emphasizes availability and integrity to provide critical system services continuously even when system is compromised. In this paper, we classify current intrusion tolerant technologies from the point of view of program and data. Furthermore, we propose an integrated framework that supports intrusion tolerance of program and data.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.104-110
• /
• 2003

In this paper, we proposed hybrid cryptosystem of Diffie-Hellman base in Elliptic Curve, and explained for specific protocol design. The proposed system is efficient hybrid cryptosystems system that offer implicit key authentication about sender and receiver unlike existing hybrid system. This system increased safety generating session key using pseudo-random number generator by cryptographic. Because the system is hybrid system, it is more efficient in calculation amount aspect supplementing merit and fault of public key system and secret key system. Also, the system can not get right plaintext except receiver even if sender's secret key is revealed and impersonation attack is impossible. And the system offers security on known keys without influencing in safety of other session's cryptogram even if session key is exposed. And the system is provided safety about mutual entity authentication and replay attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.150-153
• /
• 2013

By the development of IT, most business has been processed on the IT solution-based servers has increased Therefore, the importance of security of the server is highlighted. And the need for password management server efficient and safe is raised. There is a need to change at least 8 characters to mix the numbers and letters and password change passwords on a regular basis, you need a password for each system account is set in a different way, but the continuation of the system there is a tendency to password problems occur problems caused by the limits of the introduction of human resources and introduction basis occurs. The password management feature, though it is expensive is partially providing integrated access control solutions at home and abroad, there is a drawback that stresses the traffic on the server. Future, we conducted a study of password management solutions for the server of the server is determined IT transformation trend of non-IT field to accelerate, is continuously increasing it accordingly.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.809-816
• /
• 2002

Cryptographic applications, such as data confidentiality and authentication, must be used for secure data communications. PRNG(Pseudo-Random Number Generator) is a basic cryptographic component which is supposed to be satisfied by criteria that we provable security and randomness properties. PRNG it used for generating an initial value or key value of cipher and security of whole cryptographic module depends on the security of PRNG. In this paper, we introduce an PRNG based on a block cipher and prove their security.

• Journal of the Korean Society for information Management
• /
• v.32 no.3
• /
• pp.277-293
• /
• 2015

This study examined the relative retrieval effectiveness after relevance feedback between two systems (Title/Abstract and Full-text) using four different sets of relevance judgment. Four relevance levels (not relevant, marginally relevant, relevant, highly relevant) are also used, each of which is determined by referees giving a relevance score to documents. This study also investigated how much the average precision was improved after relevance feedback when "marginally relevant" documents are included in the relevant class with the Title/Abstract system, and with the Full-text retrieval system as well. It is found that the Title/Abstract system benefited from relevance feedback with the marginally relevant documents. In case of the Title/Abstract system, the higher percentage of improvement was consistently obtained when including the marginally relevant documents in the relevance class, however the result was vice versa in case of the Full-text retrieval system. It implied that the marginally relevant documents in the relevant class had caused noises in the Full-text retrieval system.

• The KIPS Transactions:PartD
• /
• v.17D no.4
• /
• pp.259-270
• /
• 2010

Information systems nowadays are heterogeneous and distributed which integrate the enterprise information by processes. They are also very complex, because they are linked together by processes. It aims to integrate the systems so that these systems work as one system. A process is a framework which contains all of the business activities in an enterprise, and has a lot of information which is needed for measuring performance. A process consists of activities, and an activity contains events which can be considered information sources. In most cases, it is very valuable to determine if a process is meaningful, but it is difficult because of the complexity in measuring performance, and also because finding relationships between business factors and events is not a simple problem. So it would reduce operation cost and allow efficient process execution if I could evaluate the process before it ends. In this paper we propose an event based process measurement model. First, we propose the concept of process performance measurement, and a model for selecting process and activity indexes from the events which are collected from information systems. Second, we propose at methodologies and data schema that can store and manage the selected process indexes, the mapping methods between indexes and events. Finally, we propose a process Performance measurement model using the collected events which gives users a valuable managerial information.

• The KIPS Transactions:PartC
• /
• v.9C no.5
• /
• pp.665-670
• /
• 2002

Wireless communications require the cryptography system which satisfies a opposite purpose as safety and efficiency. In this paper we proposed the efficient key distribution system satisfying in wireless communication using escrow in order to satisfy the requirements. We supplemented the key recovery function to prevent side effects of cryptography and it is possible to check verification. Also, transmitted information is a little so that the system is efficient. The proposed key recovery method can be applicable to various application fields.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.970-973
• /
• 2003

Recently, the development paradigm of enterprise information system has been moved from 2-tier environment to 3-tier environment. 3-tier environment makes possible to develop more efficient system in terms of the performance, extension, deployment and maintenance. The ship drawing process management system which manages a long-term drawing process and a great number of designers has to support an accuracy and a real-time of information but it is impossible because it is still served in 2-tier environment and some process of them is not developed yet. In this paper, we implemented the analysis and design of system based on CBD(Component Based Development) for the purpose of hanging the environment from two-dimensional Client/server architecture environment to COM＋ based 3-tier architecture environment. And by completing a development of total system, the productivity and the efficiency of the ship drawing process management system will be improved. And a wide reuse of components makes possible to improve the productivity and efficiency of system.