• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.317-322
• /
• 2013

Mobile cloud environment is recently becoming popular due to Internet access through various environments. Driven by computer performance improvement and service development, the demand for mobile cloud is increasing and accordingly the damage is on the rise. Therefore, it needs to conduct a study on problems of security necessary in large database that occurs in mobile cloud services. Although various security solutions limiting database access, security strategies about new user environments should be analyzed. This study analyzes weakness of safe data access through database management in mobile cloud environment and examines security requirements for safe data management. In addition, this study looks into threatening factors of security in cloud services and then draws security requirements about safer access control. A study on system application and evaluation of security requirements about access control is required.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.2
• /
• pp.315-320
• /
• 2006

This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.71-77
• /
• 2023

In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.7 no.3
• /
• pp.137-141
• /
• 2014

RFID system is applied to various industry such as process control, distribution management, access control, environment sensing, entity identification, etc. Since RFID system uses wireless communication, it has more weak points for security. In this paper, an authentication protocol is suggested between tags and a reader, which is basic property for security. A suggested protocol use a bivariate polynomial over a finite field and is secure against snooping, replay attack, position tracking and traffic analysis.

• Journal of Korea Multimedia Society
• /
• v.13 no.1
• /
• pp.111-121
• /
• 2010

Since SMEs have recognized needs for industrial technique leakage prevention, they tend to construct information security system causing huge consumption of budget, yet they cannot organize information security team to operate integrated information security management system with consistency and it is fact that there only occur instant introductions of certain system. In this study, we designed information security management system for SMEs' industrial technique leakage prevention which is differentiated from those of large enterprises based on current status of SMEs' industrial technique leakage. Specifically we analyzed current status and vulnerability of SMEs' industrial technique leakage and we designed industrial technique leakage prevention management system for SMEs. Then we applied Delphi method to validate appropriateness of study result. We strongly believe that SMEs may estimate a appropriate level of investment on information security and develop countermeasures for control by utilizing this study result.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3278-3288
• /
• 1999

This paper proposes a security platform, called SCAP(Security platform for CORBA based APplication), to cope with potential threats in a distributed object system. SCAP supports CORBA security specification announced by OMG. SCAP is comprised of four functional blocks, which co-work with ORB to provide security services: Authentication Block, Association Block, Access Control Block, and Security Information Management Block. It is designed to support Common Secure Interoperability Functionality Level 2, which is useful for large-scale intra-, or inter-network based applications. Actual security services, which are dependent on supporting security technology, will be provided as external security service for replace ability. Implementation issues such as how to simulate an interceptor mechanism using a commercial ORB product without source code, and how to extend Current object required for security services are also described. At the end of the paper, the SCAP applied to the web environment is described to show its practical utilization.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.735-738
• /
• 2000

The most important issue in database security is correct concurrency control under the restrictive security policy. The goal of secure transaction management is to keep security and provide many concurrent users with the high availability of database. In this paper, we consider the security environment of multidatabase system with replicated data. The read-from relationship in the existed serializability is improper in security environment. So, we define new read-from relationship and propose new secure 1-copy quasi-seriailzability by utilizing this relationship and display some examples. This security environment requires both the existed local autonomy and the security autonomy as newly defined restriction. To solve covert channel problem is the most difficult issue in developing secure scheduling scheme. The proposed secure 1-copy quasi-serializability is very proper for global transactions in that this serializability not violates security autonomy and prevents covert channel between global transactions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1375-1391
• /
• 2012

Smart grid is a next-generation intelligent power grid that applying ICT to power grid to maximize the energy efficiency ratio. Recently, technologies and standards for smart grid are being developed around the world. Information security which is an essential part of smart grid development has to be managed continuously. Information security management system certification for organizational risk management has been implemented in Korea. Although preparation for information security management system certification which is applicable to smart grid is considered, there are no specific methods. This paper is to propose core and added evaluation criteria for Korean smart grid based on K-ISMS through comparative analysis between ISMS operated in Korea and smart grid information security management system developed in the United States. Added evaluation criteria enable smart grid related business that certified existing ISMS to minimize redundant and unnecessary certification assessment work.