• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1397-1402
• /
• 2021

The overlay2 file system is one of the union file systems that mounts multiple directories into one. The source directory used for this overlay2 file system mount has a characteristic that it operates independently of the write-able layer after mounting, so it is often used for container platforms for application delivery. However, the overlay2 file system has a security vulnerability that the write-able layer is also modified when file in the source directory is modified. In this study, I proposed the overlay2 file system protection technology to remove the security vulnerabilities of the overlay2 file system. As a result of empirically implementing the proposed overlay2 file system protection technology and verifying the function, the protection technology proposed in this study was verified to be effective. However, since the method proposed in this study is a passive protection method, a follow-up study is needed to automatically protect it at the operating system level.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.21-30
• /
• 2008

This study researched into the method that allows only the certified user and computational engineer to possibly use network resources and computing resources by implementing the system of the intensified certification and security based on LDAP(Lightweight Directory Access Protocol) directory service, that copes with incapacitation in security program due to making the security program forcibly installed, and that can correctly track down the industrial-technology exporter along with applying the user-based security policy through inter-working with the existing method for the protection of industrial technology. Through this study, the intensified method for the protection of industrial technology can be embodied by implementing the integrated infra system through strengthening the existing system of managing the protection of industrial technology, and through supplementing vulnerability to the method for the protection of industrial technology.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.445-446
• /
• 2021

Union file system is a technology that can be used as a single file system by integrating various files and directories. It has the advantage of maintaining the source file/directory used for integration, so it is used in many applications like container platform. When using the union file system, the user accesses the write-able layer, to which the security technology provided by the operating system can be applied. However, there is a disadvantage in that it is difficult to apply a separate security technology to the source file and directory used to create the union file system. In this study, we intend to propose an access control mechanism to deny security threats to source file/directory that may occur when using the union file system. In order to verify the effectiveness of the access control mechanism, it was confirmed that the access control mechanism proposed in this study can protect the source file/directory while maintaining the advantages of the union file system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1423-1428
• /
• 2010

This paper designs file security function on Windows O.S. Whenever you use Windows O.S, you need to protect some file data. This paper designs these security protection functions. This paper proposes two security functions on Windows O.S. One is file security. the other is directory access protection. To check the proposed functions well, I experiment the above functions on the Windows O.S. By this experiment, I confirmed that the proposed function worked well.

• Journal of KIISE
• /
• v.44 no.4
• /
• pp.352-362
• /
• 2017

This paper analyzes security threats in Security Enhanced (SE) Android and proposes a new technique to efficiently protect application data including private information on rooted Android phones. On an unrooted device, application data can be accessed by the application itself according to the access control models. However, on a rooted device, a root-privileged shell can disable part or all of the access control model enforcement procedures. Therefore, a root-privileged shell can directly access sensitive data of other applications, and a malicious application can leak the data of other applications outside the device. To address this problem, the proposed technique allows only some specific processes to access to the data of other applications including private information by modifying the existing SEAndroid Linux Security Module (LSM) Hook function. Also, a new domain type of process is added to the target system to enforce stronger security rules. In addition, the proposed technique separates the directory type of a newly installed application and the directory type of previously installed applications. Experimental results show that the proposed technique can effectively protect the data of each application and incur performance overhead up to or less than 2 seconds.

• Journal of Society of Preventive Korean Medicine
• /
• v.6 no.1
• /
• pp.36-50
• /
• 2002

Health industry, a knowledge based high value-added industry, is being considered as a strategic area for the 21C and many advanced countries are making every endeavors for the promotion of health industry along with information technology, new materials, and mechatronics. Korean health industry, however, has been excluded from the governmental supports as well as bound by strict regulation so far, and there is a significant gap in technology compared with advanced countries. In 21C, technology is the main factor of national competitiveness and that is why the role of R&D institutes are so important in the high level of competition to cope with the technology protection policies of advanced countries. In this article, with Directory of Korean R&D Institutes published by Korea Industry Technology Association, I reviewed the trends of R&D institute of health industry. Main findings of the research can be summarized as follows. The portion of health industry R&D institute is 3.6% of total R&D institute but the amount of R&D investment is over than 5% This means health industry are knowledge based and R&D intensified industry, meanwhile the variations of same industry R&D institutes of health industry is huge in R&D investments and other activities. Regional distributions of health industry institutes show some kind of different patterns in each industry areas. Medical devices and Medical informatics's preference of metropolitan region are distinguished with other industry areas. Many of the institutes are located in same site of it's company rather than operating separate building for R&D specific uses. It is better for transforming ideas to products and close cooperation of research body with product lines, but it is a handicap for networking and communicating with other research institutions too. It takes 18.4yrs for bearing R&D institute on the average. For a long times 'copy products' or 'me too products' policies were easy way to maintain business entities. But recently, it is recognized that research activities are essential component of sustaining it's own business firms. This means technology itself is leading power of corporation itself in the high level of competition.

• The Journal of the Korea Contents Association
• /
• v.19 no.5
• /
• pp.417-425
• /
• 2019

Storage snapshot technology allows to preserve data at a specific point in time, and recover and access data at a desired point in time. It is an essential technology for storage protection application. Existing snapshot methods have some problems in that they dependent on storage hardware vendor, file system or virtual block device. In this paper, we propose a new snapshot method for solving the problems and creating snapshots on-line. The proposed snapshot method uses a method of extracting the log records of update operations at the virtual file system layer to enable the snapshot method to operate independently on file systems, virtual block devices, and storage hardwares. In addition, the proposed snapshot mehod creates and manages snapshots for directories and files without interruption to the storage service. Finally, through experiments we measure the snapshot creation time and the performance degradation caused by the snapshot.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.33-43
• /
• 2006

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. However, there have been increasing privacy concerns since the personal information might be misused and spread over in public by the database administrators or the information users. Even in the systems in which organizations or companies control access to personal information according to their access policy in order to protect personal information, it is not easy to fully reflect the information subjects' intention on the access control to their own Personal information. This paper proposes a policy-based access control mechanism for the personal information which prevents unauthorized information users from illegally accessing the personal information and enables the information subjects to control access over their own information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the directory repository. For the access control, information subjects set up their own access control policy for their personal information and the policies are used to provide legal information users with the access keys.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.24 no.6
• /
• pp.717-725
• /
• 2018

IMO developed VIMSAS for effective application of IMO instruments related to maritime safety and environmental protection and was implemented from 2006 to 2016. Based on this, the purpose and procedures of VIMSAS applied to IMO member states by trial, and IMSAS was enforced from January 1st 2016. IMSAS was implemented to ensure that IMO Member States, such as flag states, coastal states and port states that ratified the IMO Convention, are properly performing their given responsibilities and to ensure the effective implementation of the IMO instruments through the improvement of identified non-conformities. In this study, the auditing contents and procedures were verified based on IMO documents in order to prepare for the IMSAS audit of Republic of Korea scheduled for 2020. For this purpose, this study proposed an update of a directory, development of monitoring system for information reporting required by IMO instruments, designation of relevant experts, preparation of an English version of related national laws, training of IMSAS auditors and establishment of an IMSAS audit response team for audit of IMSAS in 2020 by referring to the results of the VIMSAS for Republic of Korea, major findings of the VIMSAS of other IMO member states, and Consolidated Audit Summary Report (CASR), which was submitted at the 5th IMO III sub-committee.