• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.1-14
• /
• 2015

To conform to new emerging computing paradigm, various researches and challenges are being done. New information technologies make easy to access and acquire information in various ways. In other side, however, it also makes illegal access more powerful and various threat to system security. In this paper, we suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules, based on their semantic information. New method is to derive security policy rules using context tree structure and to control the exceed granting of privileges through the degree of the semantic discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.41-49
• /
• 2017

According to a research by global IT market research institute IDC, CSIM(Converged Security Information Management) market of Korea was estimated to be 1.7 trillion KRW in 2010, and it has grown approximately 32% every year since. IDC forcasts this size to grow to 12.8 trillion KRW by 2018. Moreover, this case study exemplifies growing importance of CSIM market worldwide. Traditional CSIM solution consists of various security solutions(e.g. firewall, network intrusion detection system, etc.) and devices(e.g. CCTV, Access Control System, etc.). With this traditional solution, the the data collected from these is used to create events, which are then used by the on-site agents to determine and handle the situation. Recent development of IoT industry, however, has come with massive growth of IoT devices, and as these can be used for security command and control, it is expected that the overall amount of event created from these devices will increase as well. While massive amount of events could help determine and handle more situations, this also creates burden of having to process excessive amount of events. Therefore, in this paper, we discuss potential events that can happen in CSIM system and classify them into 3 groups, and present a model that can categorize and process these events effectively to increase overall efficieny of CSIM system.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.56 no.2
• /
• pp.99-103
• /
• 2007

In this paper, one type of a security system for panel working is suggested. The industrial Ethernet is used for open-close door control of the working panel and for monitoring the working panel is correct or not. Especially to upgrade the security system, a remote approval function of panel working by using the given approval number, a remote monitoring function for checking the approved panel is currently working or not, and an alarming function for keying the unapproved number or opening the disapproved panel, are added for preventing and reducing the intentional working error. Also the worker and working time are stored in PC automatically in exel file for detecting the working error. To show the possibility of suggested security system. two-working panel system is prepared and studied.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.153-160
• /
• 2007

Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.266-269
• /
• 2002

As a simulation or replacement of analog money in cyber space, the e-cash was introduced by using cryptographic primitives. Since a perfect anonymity system causes some illegal activities, such as money laundering, blackmailing, and illegal purchase, a revocable electronic system was paid a great attention to control the anonymity. In general, Trust Third Party(TTP) is introduced to detect any dubious user and coin, namely user tracing and coin tracing. In this paper we propose a new revocable anonymity e-cash system, and verify the security requirement as well. In our scheme a user first withdraws the e-coin from bank by using blind signature, and then TTP verifies the bank's signature and records the tracing information.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.85-90
• /
• 2011

JPMP SID Tag is the security senor tag to provides physical information protective function using sensor module, has impossible feature to copy and fake the data which is stored in the tag. So data which is stored in the JPMP SID Tag has authenticity, integrity, originality. Therefore JPMP SID Tag could be applied in the place where the security of data is demanded. This paper propose the system using the JPMP SID Tag to acquire and protect digital evidence where cause investigation of accident is necessary. Also, proposed systems is complement of software security with composition secondary control logic for JPMP SID tag access control.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.445-446
• /
• 2021

Union file system is a technology that can be used as a single file system by integrating various files and directories. It has the advantage of maintaining the source file/directory used for integration, so it is used in many applications like container platform. When using the union file system, the user accesses the write-able layer, to which the security technology provided by the operating system can be applied. However, there is a disadvantage in that it is difficult to apply a separate security technology to the source file and directory used to create the union file system. In this study, we intend to propose an access control mechanism to deny security threats to source file/directory that may occur when using the union file system. In order to verify the effectiveness of the access control mechanism, it was confirmed that the access control mechanism proposed in this study can protect the source file/directory while maintaining the advantages of the union file system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• The Journal of the Korea Contents Association
• /
• v.18 no.8
• /
• pp.102-108
• /
• 2018

The existing data transmission technology applied between the non-secure external internet and the secure internal business network has various problems when applied to the building facility management SCADA system control network. Traditional inter-network data transfer technologies involve high complexity and high costs because blacklist-based security techniques are applied to all data. However, whitelist-based security techniques can be applied to data distributed in Building Facility Management SCADA control systems because a small number of structured control data are repeatable and periodic. This simplifies the security technology applied to inter-network data transmission, enabling building facility management SCADA system control network deployment at low cost. In this paper, we proposed building control networks specialized in building facility management SCADA control systems by providing solutions to address and address these problems.

• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.205-206
• /
• 2008

Electrical Power System is very important infrastructure in the country. The functions of control, monitoring and so on in the electrical power system are implemented by information technologies(IT) through cyber space. Recently, many activities for enhancing cyber security in the world. In this paper, we introduce the study tendency of cyber security in power IT areas.