• Proceedings of the Korea Database Society Conference
• /
• 2000.11a
• /
• pp.201-209
• /
• 2000

기존의 리눅스 운영체제에서는 임의적 접근제어(DAC)에 의해서 자원의 접근을 통제하며, 이 때의 접근제어 정보를 로그 파일을 통한 정적인 감사 추적에 의존하고 있다. 따라서 본 논문에서는 DAC와 함께 강제적 접근통제(MAC) 기법을 구현하여 커널 수준에서 자원을 안전하고 강제적으로 통제할 수 있는 다중등급보안(MLS) 시스템을 설계, 구현하였으며, 동적이며 실시간으로 감사 정보를 수집, 분석, 추적할 수 있도록 데이터베이스 연동을 통한 감사 추적 시스템을 설계하고 구현하였다. 데이터베이스 연동을 통한 실시간 감사 추적 시스템은 보안 관리자로 하여금 불법적 침입 및 자료의 유출에 대하여 실시간으로 대처할 수 있도록 한다. 본 논문에서는 이러한 리눅스 실시간 감사 추적 시스템을 설계하고 구현한 내용을 소개한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.646-648
• /
• 2001

최근의 침입이나 공격들은 광범위한 망의 이용과 긴 시간을 두고 공격을 행하는 추세로 발전하고 있다. 이러한 공격들에 대한 탐지 및 대응을 위하여 침입탐지 시스템들은 시스템에 걸쳐 있는 정보의 공유, 침입이나 공격에 적극 대응하기 위한 자원의 이용 등의 상호협력이 요구되고 있다. 본 논문에서는 시스템에서 기록하는 많은 종류의 로그 정보를 침입 탐지에 이용할 수 있는 정보만을 추출하고 분석하여 저장함으로써, 침입 탐지 시스템이 이용할 수 있게 하고, 다른 시스템에서 정보를 필요로 할 때 제공할 수 있으며, 또한 침입이라 간주되어지는 행위에 대하여 대응하기 위한 추적 및 정보 수집 그리고 접속 거부 등을 행하는 Agent 시스템의 설계 및 개발을 목적으로 한다. 이를 위해 리눅스 시스템 기반 하에서 로그를 기록하는 SYSLOG, 발생한 시스템 콜 정보를 기록하는 LSM, 망에서 시스템으로 들어오는 패킷을 분석하는 Pcap Library를 이용한 로그 등을 통합하는 과정을 설명하고, 침입탐지 시스템에 의해서 침입이라 판단되었을 경우, DART Agent가 그 경로를 역추적하고 여러 시스템에 걸쳐 있는 정보들을 수집하는 과정, 고리고 공격에 대한 대응을 하는 과정을 설명한다.

• Journal of the Korean Society for information Management
• /
• v.20 no.2
• /
• pp.241-261
• /
• 2003

The electronic records management systems must create and maintain reliable and authentic records because such records can be easily duplicated, manipulated, altered, and revised. The goal of this study is to propose the strategies for maintainning authenticity of electronic records and to produce some baselines for developing the strategies for maintaining authenticity of electronic records and to produce some baselines for developing the trusted record management sytems. Therefore, the study is to identify and define the concept of an electronic record and the nature of authenticity; to estabilish the principles for ensuring the long-term preservation of authentic electronic records; to suggest the methods for describing electronic records in order to maintain audit trail; to suggest the methods for describing electronic records in order to maintain audit ; to propose the mechanisms for maintaining reliable and authentic electronic records; to analyse the Korean standards related to electronic document management systems; and to discuss future challenges for maintaining the authenticity.

• The KIPS Transactions:PartD
• /
• v.10D no.5
• /
• pp.773-780
• /
• 2003

SecuROS(Secure & Reliable Operating System) prevents and blocks possible system cracking by implementing additional security functions in FreeBSD 4.3 operating system (OS) kernel, including access control, user authentication, audit trail, encryption file system and trusted channel. This paper describes access control technique, which is one of core technologies of SecuROS, introduces the implementations of DAC, MAC and RBAC, all of which are corresponding access control policies, and show security and results of performance measurement on the basis of application of access control policies. Finally, security and performance between conventional OS environment and environment adopting access control policy is described.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.2 no.1
• /
• pp.159-169
• /
• 1999

Recently a firewall is being employed to protect hacking by controlling the traffics. The security services in the firewall include authentication, access control, confidentiality, integrity, and audit trail. A token is adapted for authentication to the firewall. A token has a small battery within which has restricted power capacity, This paper proposes a novel cost-effective firewall token for hacking protecting on transmission control protocol/internet protocol (TCP/IP) based network. This paper proposes a fast exponentiation method with a sparse prime that take a major operation for a public-key crypto-system and a major power consumption in the token. The proposed method uses much less amount of modular operations in exponentiation that is reduced of battery's capacity or CPU's price in the token.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1594-1597
• /
• 2005

A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

• Industrial Engineering and Management Systems
• /
• v.9 no.2
• /
• pp.141-156
• /
• 2010

Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour, and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

• The Korean Journal of Archival Studies
• /
• no.25
• /
• pp.3-46
• /
• 2010

Digital records management is one whole system in which many social and technical elements are interacting. To maintain the trustworthiness, the repository needs periodical audit and certification. Thus, individual electronic records management agency needs toolkit that can be used to self-evaluate their trustworthiness continuously, and self-assess their atmosphere and system to recognize deficiencies. The purpose of this study is development of self-certification toolkit for repositories, which synthesized and analysed such four international standard and best practices as OAIS Reference Model(ISO 14721), TRAC, DRAMBORA, and the assessment report conducted and published by TNA/UKDA, as well as MoRe2 and current national laws and standards. As this paper describes and demonstrate the development process and the framework of this self-certification toolkit, other electronic records management agencies could follow the process and develop their own toolkit reflecting their situation, and utilize the self-assessment results in-house. As a result of this research, 12 areas for assessment were set, which include (organizational) operation management, classification system and master data management, acquisition, registration and description, storage and preservation, disposal, services, providing finding aids, system management, access control and security, monitoring/audit trail/statistics, and risk management. In each 12 area, the process map or functional charts were drawn and business functions were analyzed, and 54 'evaluation criteria', consisted of main business functional unit in each area were drawn. Under each 'evaluation criteria', 208 'specific evaluation criteria', which supposed to be implementable, measurable, and provable for self-evaluation in each area, were drawn. The audit and certification toolkit developed by this research could be used by digital repositories to conduct periodical self-assessment of the organization, which would be used to supplement any found deficiencies and be used to reflect the organizational development strategy.

• The Korean Journal of Archival Studies
• /
• no.60
• /
• pp.317-358
• /
• 2019

Blockchain technology has emerged as one of the key technologies of the fourth industrial revolution. Blockchain technology is characterized by being able to verify the authenticity of stored information in a block and whether it is false or falsified, cannot arbitrarily manipulate or delete a particular record, and is capable of transparent audit trail. This study is designed to explore how to apply blockchain technology to record management. For this purpose, we want to approach the code area, the physical area of the blockchain technology, to explore some of the key physical structures, and to derive the applicability of the blockchain technology. By implementing the part of 'Cloud-Record Management System', future record management system model and currently in the process of phasing out step by step, as a modular block chain, I suggest a blockchain network model that can simplify or replace various functions of the current record management process.