• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.217-224
• /
• 2011

Existing wire based physical security system solutions show limitations in time and space. In order to solve these deficiencies, a remote physical security system has been implemented using smart phone based on mobile cloud computing technique. The security functions of mobile cloud computing technique include mobile device user authentication, confidentiality of communication, integrity of information, availability of system, and target system access control, authority management and secure hand off etc. Proposed system has been constructed as remote building management system using smart phone, and also has been efficient to reduce energy cost (5~30%), result of system average access and response time 7.082 second. This systems are evaluated to have high efficiency compared to performance.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1141-1149
• /
• 2020

Most of the industrial control network is an independent closed network, which is operated for a long time after installation, and thus the OS is not updated, so security threats increase and security vulnerabilities exist. The zero-day attack defense must be applied with the latest patch, but in a large-scale industrial network, it requires a higher level of real-time and non-disruptive operation due to the direct handling of physical devices, so a step-by-step approach is required to apply it to a live system. In order to solve this problem, utility-specific patch impact assessment is required for reliable patch application. In this paper, we propose a method to test and safely install the patch using the regression analysis technique and show the proven results. As a patch impact evaluation methodology, the maximum allowance for determining the safety of a patch was derived by classifying test types based on system-specific functions, performance, and behavior before and after applying the patch. Finally, we report the results of case studies applied directly to industrial control networks, the OS patch has been updated while ensuring 99.99% availability.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1149-1154
• /
• 2003

Due to various requirements for the user access control to large databases in the hospitals and the banks, database security has been emphasized. There are many security models for database systems using wide variety of policy-based access control methods. However, they are not functionally enough to meet the requirements for the complicated and various types of access control. In this paper, we propose a database security system that can individually control user access to data groups of various sites and is suitable for the situation where the user's access privilege to arbitrary data is changed frequently. Data group(s) in different sixes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices. The proposed system operates in two phases. The first phase is composed of a modified MAC (Mandatory Access Control) model and RBAC (Role-Based Access Control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC(Discretionary Access Control) model is applied to re-control the 'read' mode by filtering out the non-accessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s, d, r) were also defined and used to control access to any data or data group(s) that is not permitted in 'read ' mode. With this proposed security system, more complicated 'read' access to various data sizes for individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.

• Journal of the Society of Disaster Information
• /
• v.11 no.4
• /
• pp.475-486
• /
• 2015

The objective of this study is to analyze control factors in protecting activities of business information that affects the effects of protecting leaks of industrial secretes during business security works in the ranks of staffs. A regression analysis was implemented by 36 items of protecting activities of information and 10 items of preventing industrial secretes for a total of 354 users and managers who use internal information systems in governments, public organizations, and civilian enterprises. In the recognition of protecting activities of business information that affects the prevention of controlling industrial secretes, clerks showed recognitions in physical control, environmental control, and human resource control, and software control and assistant chiefs showed recognitions in hardware control and environmental control. Also, ranks of department managers and higher levels represented recognitions in security control activities. It showed that clerks, assistant chiefs, and above department managers show effects of technical control factors on protecting activities of industrial secretes but section chiefs represent system control factors in preventing industrial secretes.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2232-2239
• /
• 2016

IoT industry has been highlighted in the domestic and foreign country. Since most IoT systems operate separate servers in Internet to control IoT hardwares, there exists the possibility of security problems. Also, IoT systems in markets use their own hardware controllers and devices. As a result, there are many limitations in adding new sensors or devices and using applications to access hardware controllers. To solve these problems, we have developed a novel IoT hardware control system based on a mobile messenger. For the security, we have adopted a secure mobile messenger, Telegram, which has its own security protection. Also, it can improve the easy of the usage without any installation of specific applications. For the enhancement of the system accessibility, the proposed IoT system supports various network protocols. As a result, there are many possibility to include various functions in the system. Finally, our IoT system can analyze the collected information from sensors to provide useful information to the users. Through the experiment, we show that the proposed IoT system can perform well.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.1
• /
• pp.104-115
• /
• 2010

Development of the system which provides services using diverse sensors is expanding due to the widespread use of ubiquitous technology, and the research on the security technologies gaining attention to solve the vulnerability of ubiquitous environment's security. However, there are many instances in which flexible security services should be considered instead of strong only security function depending on the context. This paper used Fuzzy algorithm and MAUT to be aware of the diverse contexts and to propose context-aware security service which provides flexible security function according to the context.

• Journal of the Korean Society of Safety
• /
• v.11 no.2
• /
• pp.150-159
• /
• 1996

In this paper, an A-team(Asynchronous Team ) based approach for Reactive power and volage control considering static security assessment in a power system with infrastructural deficiencies is proposed. Reactive power and voltage control problem is the one of optimally establishing voltage level given several constraints such as reactive generation, voltage magnitude, line flow, and other switchable reactive power sources. It can be formulated as a mixed-integer linear programming(MILP) problem without deteriorating of solution accuracy to a certain extent. The security assessment is to estimate the relative robustness of the system in Its present state through the evaluation of data provided by security monitoring. Deterministic approach based on AC load flow calculations is adopted to assess the system security, especially voltage security. A security metric, as a standard of measurement for power system security, producting a set of discrete values rather than binary values, is employed. In order to analyze the above two problems, reactive power/voltage control problem and static security assessment problem, in an integrated fashion for real-time operations, a new organizational structure, called an A-team, is adopted. An A-team is an organization for agents which ale all autonomeus, work in parallel and communicate asynchronously, which is well-suited to the development of computer-based, multi-agent systems for operations. This A-team based approach, although it is still in the beginning stage, also has potential for handling other difficult power system problems.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.693-698
• /
• 2004

The cyber attacks on the computer system in nowadays are focused on works that do not operate specific application. The main key point that we protect information security system has an access control to keep an application. Most of system has a main function to protect an infrastructure such as hardware, network and operating system. In this paper, we have presented an intrusion tolerance system that can service an application in spite of cyber attacks. The proposed system is based on the middle ware integrating security mechanism and separate function of application and intrusion tolerance. The main factor we use security system in nowadays is service to keep a persistency. The proposed intrusion tolerance system is applicable to such as medical, national defense and banking system.