• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.51-58
• /
• 2016

The unprecedented power of cloud computing (CC) that enables free sharing of confidential data records for further analysis and mining has prompted various security threats. Thus, supreme cyberspace security and mitigation against adversaries attack during data mining became inevitable. So, privacy preserving data mining is emerged as a precise and efficient solution, where various algorithms are developed to anonymize the data to be mined. Despite the wide use of generalized K-anonymizing approach its protection and truthfulness potency remains limited to tiny output space with unacceptable utility loss. By combining L-diversity and (${\alpha}$,k)-anonymity, we proposed a hybrid K-anonymity data relocation algorithm to surmount such limitation. The data relocation being a tradeoff between trustfulness and utility acted as a control input parameter. The performance of each K-anonymity's iteration is measured for data relocation. Data rows are changed into small groups of indistinguishable tuples to create anonymizations of finer granularity with assured privacy standard. Experimental results demonstrated considerable utility enhancement for relatively small number of group relocations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.821-834
• /
• 2019

As cyber security threats increase, there is a growing demand for highly reliable systems. Common Criteria, an international standard for evaluating information security products, requires formal specification and verification of the system to ensure a high level of security, and more and more cases are being observed. In this paper, we propose highly reliable drone systems that ensure high level security level and trust. Based on the results, we use formal methods especially Z/EVES to improve the system model in terms of scheduling in the system kernel.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.427-434
• /
• 2006

Broadband Convergence Network(BcN) is a critical infrastructure to provide wired-and-wireless high-quality multimedia services by converging communication and broadcasting systems, However, there exist possible danger to spread the damage of an intrusion incident within an individual network to the whole network due to the convergence and newly generated threats according to the advent of various services roaming vertically and horizontally. In order to cope with these new threats, we need to analyze the vulnerabilities of BcN in a system architecture aspect and classify them in a systematic way and to make the results to be utilized in preparing proper countermeasures, In this paper, we propose a new classification of vulnerabilities which has been extended from the ITU-T recommendation X.805, which defines the security related architectural elements. This new classification includes system elements to be protected for each service, possible attack strategies, resulting damage and its criticalness, and effective countermeasures. The new classification method is compared with the existing methods of CVE(Common Vulnerabilities and Exposures) and CERT/CC(Computer Emergency Response Team/Coordination Center), and the result of an application to one of typical services, VoIP(Voice over IP) and the development of vulnerability database and its management software tool are presented in the paper. The consequence of the research presented in the paper is expected to contribute to the integration of security knowledge and to the identification of newly required security techniques.

• Journal of Acupuncture Research
• /
• v.22 no.2
• /
• pp.1-12
• /
• 2005

Objective: With the onset of stroke, white blood cells release several proinflammatory cytokines, including interleukin (IL)-6, IL-10, and tumor necrosis factor $(TNF)-{\alpha}$. It has been proven in previous studies that the release of these cytokines is related to the extent of damage to the brain and to overall prognosis. However, no studies have yet been performed to determine the connection with IL-6 and IL-10. Thus, this study is performed to see whether polymorphisms of IL-6, IL-10, and $TNF-{\alpha}$ genes that show increased serum concentration with the onset of stroke are related to stroke attack in Koreans. Methods : Peripheral blood samples derived from patients with stroke (n=100) and healthy controls (n=100) were taken under informed consent. In subjects with stroke, blood samples were obtained within 24 hours of stroke onset. Genomic DNA was isolated using the Wizard DNA Purification Kit (Promega, Madison, WI). Results : 1. Subjects with Heterozygote (GA) and Homozygote (AA) $TNF-{\alpha}$ gene types showed 2.433 and 20.457 times higher risks of being attacked by stroke, respectively, compared to subjects with wild type (GG) $TNF-{\alpha}$ gene type. The data was still statistically significant after adjusting for age, sex, history of smoking, and history of alcohol drinking. 2. Subjects with Homozygote (CC) IL-6 gene type showed 182.033 times higher risk of being attacked by stroke, compared to subjects with wild type (GG) IL-6 genes. This data was statistically insignificant (p=0.700). The data was still statistically insignificant after adjusting for age, sex, history of smoking, and history of alcohol drinking. 3. Subjects with Heterozygote (GA) and Homozygote (GG) IL-10 gene types showed 8.785 and 3.303 times higher risks of being attacked by stroke, respectively, compared to subjects with wild type (AA) IL-10 genes. The data was still statistically insignificant after adjusting for age, sex, history of smoking, and history of alcohol drinking. Conclusion : Our results suggest that the investigated $TNF-{\alpha}$ and IL-10 gene polymorphisms play an important role in stroke attack, but IL-6 gene polymorphism has not been found to associated with stroke.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.613-628
• /
• 2019

In-Vehicle Infotainment provides navigation and various functions through the installation of the application. And infotainment is very important to control the entire vehicle by sending commands to the ECU. Infotainment supports a variety of wireless communication protocols to install and update applications. So Infotainment is becoming an attack surface through wireless communcation protocol for hacker's access. If malicious software is installed in infotainment, it can gain control of the vehicle and send a malicious purpose command to the ECU, affecting the life of the driver. Therefore, measures are needed to verify the security and reliability of infotainment software updates, and security requirements must be derived and verified. It must be developed in accordance with SDL to provide security and reliability, and systematic security requirements must be derived by applying threat modeling. Therefore, this paper conducts threat modeling to derive infotainment update security requirements. Also, the security requirements are mapped to the Common Criteria to provide criteria for updating infotainment software.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.229-237
• /
• 2021

Cloud of things (CoTs) is a newer idea which combines cloud computing (CC) with the Internet of Things (IoT). IoT capable of comprehensively producing data, and cloud computing can be presented pathways that allow for the progression towards specific destinations. Integrating these technologies leads to the formation of a separate element referred to as the Cloud of Things (CoTs). It helps implement ideas that make businesses more efficient. This technology is useful for monitoring a device or a machine and managing or connecting them. Since there are a substantial amount of machines that can run the IoT, there is now more data available from the IoT that would have to be stored on a local basis for a provisional period, and this is impossible. CoTs is used to help manage and analyze data to additionally create usable information by permitting and applying the development of advanced technology. However, combining these elements has a few drawbacks in terms of how secure the process is. This investigation aims to recent study literature from the past 3 years that talk about how secure the technology is in terms of protecting by authentication, reliability, availability, confidentiality, and access control. Additionally, this investigation includes a discussion regarding some kinds of potential attacks when using Cloud of Things. It will also cover what the various authors recommend and conclude with as well as how the situation can be approached to prevent an attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.111-125
• /
• 2010

There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.