• Korean Security Journal
• /
• no.48
• /
• pp.113-146
• /
• 2016

Criminal profiling is a effective and efficient measure for enhancing industrial security of casino business. Particularly, developing criminal profiling of deviant behaviors in casino will help security management to become more effective and efficient in practical ways. Unfortunately, however, there is lack of empirical profiling study in this regard. To fill the vacuum of literature on this topic, this study was purported to create offender profiles of different types of deviant behaviors in casino based on various theories and techniques in criminal profiling literature, such as investigative psychology, linkage analysis, and behavioral evidence analysis. To fulfill the purposes, this study collected behavioral evidence from 90 casino security officers in South Korea. Offenders' behavioral evidence was analyzed to develop offender profiles of seven different types of deviant behaviors, and then the profiles were compared with each profiles that security officers focus on to identify offenders during their work hours. Results showed that, first, there were unique profiles of each type of seven different categories of deviant behaviors in terms of offenders' ways of speaking and acting, their appearance and attitudes. In addition, this study found that there were some amount of gaps between actual offenders' profiles and profiles that security officers have in mind. Based on the results, this study provided policy implications in terms of managing casino industrial security, education and training for security officers, and future study on casino security.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.223-232
• /
• 2010

Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1391-1396
• /
• 2021

The boundary-based security system has the advantage of high operational efficiency and easy management of security solutions, and is suitable for denying external security threats. However, since it is operated on the premise of a trusted user, it is not suitable to deny security threats that occur from within. A zero trust access control model was proposed to solve this problem of the boundary-based security system. In the zero trust access control model, the security requirements for real-time security event monitoring must be satisfied. In this study, we propose a monitoring method for the most basic file access among real-time monitoring functions. The proposed monitoring method operates at the kernel level and has the advantage of fundamentally preventing monitoring evasion due to the user's file bypass access. However, this study focuses on the monitoring method, so additional research to extend it to the access control function should be continued.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.01a
• /
• pp.185-186
• /
• 2015

본 논문에서는 플래시 비디오 파일을 이용하여 효율적인 다중화면 콘텐츠 제작을 제안한다. 플래시 라이브 비디오를 만들기 위하여 동영상 파일을 플래시 프로그램에 내장된 변환 프로그램을 사용하여 플래시 비디오 파일로 변환한다. 플래시 비디오 파일의 특성은 어떤 비디오 파일 포맷보다 보안성과 압축률이 높으면서 고화질을 제공하는 특성을 가지고 있다. 따라서 다중을 화면을 제작함으로써 어떤 다른 동영상 파일 포맷을 비교해 보면 보다 효율적인 우수함을 나타낸다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.250-253
• /
• 2020

파일 추적은 디지털 포렌식에서 매우 중요한 요소이며, 파일 추적에는 파일의 원본 확인과 이동 경로 분석이 수반된다. 본 논문은 다양한 매체를 통해 이미지 파일이 전송될 때 변화하는 시각정보와 원본 확인에 사용되는 해시값의 변화를 분석함으로써 파일 추적 시 고려해야 할 사항을 연구하였다.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.182-190
• /
• 2005

As computers and Internet become popular, many corporations and countries are using information protection system and security network to protect their informations and resources in internet. But the Intrusional possibilities are increases in open network environments such as the Internet. Even though many security systems were developed, the implementation of these systems are mostly application level not kernel level. Also many file protection systems were developed, but they aren't used widely because of their inconvenience in usage. In this paper, we implement a kernel module to support a file protection function using Loadable Kernel Module (LKM) on Linux. When a system is damaged due to intrusion, the file system are easily recovered through periodical file system image backup.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.941-944
• /
• 2011

컴퓨팅 환경에서 각종 보안 위협들의 핵심에는 악성 실행파일들이 있다. 전통적인 시그니처 기반의 보안 시스템들은 악의적인 실행파일들 중에서 알려지지 않은 것들에 대해서는 런타임 탐지에 어려움이 있다. 그러한 이유로 런타임 탐지를 위해 시그니처가 필요 없는 정적, 동적 분석 방법들이 다각도로 연구되어 왔으며, 특히 악성 실행파일을 실제 실행한 후 그 동작상태를 모니터링 하는 행위기반 동적 분석방법들이 많은 발전을 이루어왔다. 그러나 대부분의 행위기반 분석방법들은 단순히 몇 가지 행위나 비순차적인 분석정보를 제공하기 때문에, 차후 악성여부를 최종 판단하는 방법론에 적용하기에는 그 분석정보가 충분하지 않다. 본 논문에서는 악성 실행파일이 실행되는 동안 발생할 수 있는 행위들을 분류하고, 이를 모니터링 하는 프로토타입 프로그램을 구현하였다. 또한, 악성 실행파일을 직접 실행하는 것은 제한된 컴퓨팅 환경에서 이루어지기 때문에, 실제 악성 실행파일을 모니터링 한 결과를 토대로 행위기반 모니터링 방법이 극복해야 될 이슈들에 대해서도 언급하고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.139-150
• /
• 2008

Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.411-429
• /
• 2014

As cloud computing has enabled, a variety of cloud services has come into wide use. Thus, cloud computing products can be easily identified in the IT market. Common Criteria is international standards for security evaluation performed of IT products. In addition, Consumers can be used as a objective guideline for the evaluation results. And, it is a provides for protection profile(security target of security products). For general, IT products are providing the protection profile. However, for cloud-related products of protection profile is not being provided. Thus, about cloud security products, there is no way for evaluation. Therefore, in this paper, we propose protection profile on cloud database management system for the secure cloud environment in common criteria.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.155-164
• /
• 2002

A design implemented the $\delta$SAcc234bit Mask Data Insertion algorithm that can let the Mask which commercialized Wave Steganography had improved the problem that a filter ring was able to easily become and raised Capacity and extend the width that Cover-data was alternative. Also, it applied 3-Tier file encryption algorithm with a proposal in order to improve a security level of Mask. 3-Tier file encryption algorithm is the algorithm that a specific pattern improved the problem that appeared in Ciphertext according to a file. A design implemented the StegoWaveK model carried out Wave Steganography, using $\delta$SAcc234bit Mask Data Insertion algorithm and the 3-Tier file encryption algorithm that proposed in this paper.