• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3278-3288
• /
• 1999

This paper proposes a security platform, called SCAP(Security platform for CORBA based APplication), to cope with potential threats in a distributed object system. SCAP supports CORBA security specification announced by OMG. SCAP is comprised of four functional blocks, which co-work with ORB to provide security services: Authentication Block, Association Block, Access Control Block, and Security Information Management Block. It is designed to support Common Secure Interoperability Functionality Level 2, which is useful for large-scale intra-, or inter-network based applications. Actual security services, which are dependent on supporting security technology, will be provided as external security service for replace ability. Implementation issues such as how to simulate an interceptor mechanism using a commercial ORB product without source code, and how to extend Current object required for security services are also described. At the end of the paper, the SCAP applied to the web environment is described to show its practical utilization.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.75-80
• /
• 2022

With the rapid growth of Internet of Things (IoT) applications and devices, there are still defects in safety and privacy. Current researches indicate that there are weak security mechanisms to protect these devices. Humans use the Internet of Things to control and connect their devices with the Internet. Using the Internet of things has been increased over time. Therefore, capture of sensitive user data has increased intentionally or not [1]. The IP Camera is a type of (IOT) devices. Therefore, in this paper we aim to create a "Security Eyes" application that protects IP Cameras from security attacks according to certain security mechanisms (increasing the strength of encryption and filling the usual security holes in IP cameras … etc) and alerts the user when the live broadcast is interrupted or an error occurs.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.11-17
• /
• 2012

According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.

• The Journal of the Korea Contents Association
• /
• v.16 no.2
• /
• pp.243-250
• /
• 2016

Recently, with the rise of the mobile device, from mobile devices the user who owns the security, speed up the implementation of the guarantee management environment as businesses and individual equipment for the effcient management of the existing system, but the introduction of the MDM MDM App management features administrators to register the App until you can't prvent the security threat. Therefore, this paper addresses these issues in order to improve the security of your application for the control system. The proposed system is a function of the MDM authentication technology to design analysis, and system architecture to help prevent information disclosure within the design and implementation of Mobile-based application control system. Implementation of the control system to assess the security of the international common criteria security evaluation complete the test scenarios on the basis of the test items. An average of 40% of the test results to verify the results of this enhanced security.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.13-20
• /
• 2000

There are many security problems with Electronic Commerce since insecure public networks, especially Internet, are used. Therefore, for implementing secure Electronic Commerce, CAPI(Cryptographic Application Programming Interfaces) is expected to use various form of security applications. The Cryptographic Application Programming Interface supports cryptographic services for each level and various security services. The CSSM API(Common Security Service Management Application Programming Interface) Provides modularity, simplicity, and extensibility in terms of various add-in modules and interfaces in contract to other CAPIs. This paper proposed an applying method of CSSM API having various extensibility and supporting multi-platforms to Electronic Commerce. we describe encryption, digital signature operation of CSSM API's CSP interface and evaluate secureness by matching relation of theratening factors to security services.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.87-93
• /
• 2016

In this paper, we propose a new method to enhance an android security by exploiting a selective management of application permission. To that purpose, we analyze behavior of the current android security, via which we draw out possible vulnerabilities. After that, we develop a tool to implement the selective management of the application permission, witch has a function to give a permission selectively for the application when we install a new application. Via experiment we show validity of the developed tool in solving the drawn vulnerability in the current android security.

• The Journal of Society for e-Business Studies
• /
• v.1 no.1
• /
• pp.51-67
• /
• 1996

Recently the interests in NII, CALS/EC, and security are rapidly increasing. However, only one of the security issues for CALS implementation, i.e., the security for EDI implementation, has been presented in the literature. No comprehensive discussion about CALS security including other CALS applications exists. This paper intends to present such a comprehensive analysis for the security requirements and standards for the well-recognized two-phase CALS implementation. We present a framework for CALS security encompassing security protocols and systems that are arranged into the framework in terms of the CALS implementation phases, application systems, and communication modes. This framework is followed by brief descriptions of the security services and mechanisms for each CALS application.

• Journal of Korea Multimedia Society
• /
• v.18 no.11
• /
• pp.1342-1350
• /
• 2015

Due to rapid development of mobile device technologies, the mobile banking through Internet has become a major service of banking information systems as a security-critical information systems. Recently, lots of mobile banking information systems which handle personal and transaction information have been exposed to security threats in vulnerable security control and management processes, mainly software systems. Therefore, in this paper, we propose a process model for software security improvements in mobile banking information system by application of fault tree analysis(FTA) and failure modes and effects analysis(FMEA) on the most important activities such as 'user authentication' and 'access control' and 'virus detection and control' processes which security control and management of mobile banking information systems are very weak.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.47-54
• /
• 2004

The growth of computer resource and network speed has increased requests for the use of remotely located computer systems by connecting through computer networks. This phenomenon has hoisted research activities for application service provision that uses server-based remote computing paradigm. The server-based remote computing paradigm has been developed as the ASP (Application Service Provision) model, which provides remote users through application sharing protocol to application programs. Security requirement such as confidentiality, availability, integrity should be satisfied to provide ASP service using centralized computing system. Existing Telnet or FTP service for a remote computing systems have satisfied security requirement by a simple access control to files and/or data. But windows-based centralized computing system is vulnerable to confidentiality, availability, integrity where many users use the same application program installed in the same computer. In other words, the computing system needs detailed security level for each user different from others, such that only authorized user or group of users can run some specific functional commands for the program. In this paper, we propose windows based centralized computing system that sets security policies for each user for the use of instructions of the application programs, and performs access control to the instructions based on the security policies. The system monitors all user messages which are executed through graphical user interface by the users connecting to the system. Ail Instructions, i.e. messages, for the application program are now passed to authorization process that decides if an Instruction is delivered to the application program based on the pre-defined security polices. This system can be used as security clearance for each user for the shared computing resource as well as shared application programs.