• The Transactions of the Korea Information Processing Society
• /
• v.4 no.3
• /
• pp.754-766
• /
• 1997

In this paper,we implement the Audit Trail Service Sydtem for the EDI Security.It has solved a law dispute between enterprises by informations that have generated by the EDI serice systrm.The audit trail service sys-tem implemented for EDI security satisfied the requirements of audit and the protocol of the security serive of X.435 and X.400.The EDI Security Audit System consists of the event discrimiator,the audit recirder,the audit archiver,and the provider of audit services .The event discriminator classified the reansmitted data from the EDI network ot audit sercices.The audit recorder constructs an index that has combined time information wiht audit unformations which are classified by the event discriminator.ZThe audit archiver performas the vacumming of added audit imformations by passing time by passing time.The audit provider is a module that carries out the audit trail servies by using stored audit informations. The audit provider suports audit servies,which are non-requdiation,proof and probe,controller of security,and accesing infrimation.The audit trail service system for EDI security constructs audit information by using index that is combining time imfromation,so it supports especially fast accesing audit information.

• Informatization Policy
• /
• v.30 no.4
• /
• pp.3-39
• /
• 2023

With the growing importance of information/information system, information security is emphasized, and the significance of information security audit as a tool for maintaining the proper security level is increasing as well. The objectives of the study are to identify the overall research trends and to propose future research areas by analyzing domestic and overseas research in the area. To achieve the objectives, 103 research papers were analyzed based on both general and subject-related criteria. The following are the major research results : In terms of research approach, more empirical studies are needed; For subject "Auditor," studies to develop a framework for related variables (e.g., capability) are needed; For subject "Audit Activities/Procedures," future research should focus on the process/results of detailed audit activities; Future domestic research for "Audit Areas" should look for the new technology/industry/security areas covered by foreign studies; For "Audit Objective/Impact," studies to define the variables (e.g., performance and quality) systematically and comprehensively are needed; For "Audit Standard/Guidelines," research on model/guideline needs to be continued.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.3
• /
• pp.761-769
• /
• 2014

We propose an improved M-ISMS(Military-ISMS) model which is based on common ISMS model for regarding military's unique characteristics. Our model focuses on 'Internal Security Audit' and 'Management of external activity' as military circumstances. So, we added the six control new items as internal security audits. Because the confidentiality is more important than availability in military service as compared with private sectors. In addition, we propose some control suggestions for establishing security management standards and keeping level maintenance when it will becomes to lose a value as confidential. The M-ISMS model in this paper has effectiveness which prevents security incidents in advance rapidly throughout a variety of common ISMS's advantages and security incidents of private sectors in consideration of military characteristics.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.179-182
• /
• 2018

최근 여기어때, 인터파크 등 전자상거래 기업을 대상으로 발생한 개인정보 해킹사고 사례를 보면, 사람의 취약점을 노리는 지능화지속위협(APT) 공격과 알려진 해킹 기술이 복합적으로 이루어지고 있다. 해킹사고가 발생한 기관은 한국인터넷진흥원(KISA) 정보보호관리체계(ISMS) 의무대상 기관으로써 정보보호관리체계를 유지 관리하고 있었다. 그럼에도 불구하고 대형의 개인정보 유출사고가 발생한 주요 원인은 정보보호관리체계가 적용되지 않았던 정보시스템과 인력을 대상으로 해킹이 이루어졌기 때문이다. 해킹 위협의 변화에 따라 전자상거래 보안 수준도 변화해야 하는데, 개인정보보호 관련 규제 준수도 전자상거래 기업에서는 힘든 상황이다. 고객의 개인정보 유출 사고는 일반인을 매출 기반으로 서비스하고 있는 전자상거래 기업에서는 치명적이다. 안전한 전자상거래 플랫폼 기반에서 고객에게 서비스를 제공하기 위해서는 무엇보다도 중요 자산인 고객의 개인정보보호를 위해 역량을 집중해야 한다. 한정된 예산과 자원으로 안전한 서비스를 제공하기 위해서는 기존에 구축된 정보보호관리체계를 기반으로 IT보안감사체계를 전사적으로 확대하여 지속적으로 모니터링 할 필요가 있다. 이에 본 연구에서는 최신 사이버 보안 위협 동향과 전자상거래 기업 대상으로 발생한 최근 개인정보유출사고 사례를 분석을 통해 시사점을 도출하여 전자상거래 개인정보 보호를 위한 IT보안감사체계를 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.41-52
• /
• 2024

Security audits of IPsec VPNs are crucial for identifying vulnerabilities caused by implementation flaws or misconfigurations, as well as investigating incidents. Nevertheless, auditing IPsec VPN presents noteworthy challenge due to the encryptiong of network contents which ensere confidentiality, integrity, authentications and more. Some researchers have suggested using man-in-the-middle(MITM) techniques to overcome this challenge. MITM techniques require direct participation in the network and prior knowledge of the pre-shared key for authentication. This causes temporary network disconnection for security audits, and it is impossible to analyse data collected before the audit. In this paper, we present an analysis technique aimed at ensuring network continuity without relying on a specific IPsec VPN topologies or authentication method. Therefore, it is anticipated that this approach will be effective, practical and adaptable for conducting IPsec VPN security

• Journal of Integrative Natural Science
• /
• v.14 no.4
• /
• pp.205-210
• /
• 2021

최근 메타버스 산업체 pc 하드디스크 메모리 저장 데이타에 대한 사이버 침해 공격 및 기밀유출 사고대응 방안으로 원격기반 상시 실시간 감시 및 분석 보안 체계를 검토 및 발전 시 요구된다. 이러한 사유는 정보보안 유출 90% 이상은 Edge단 pc에서 발생 되는 것으로 메타버스 산업보안기밀 유출 1건당 평균 10억 2,000만원 등의 유형 및 무형 피해(2018보안과 관련된 가장 중요한 팩트와 수치통계 2018.10.16일 IT WORLD) 발생의 근본에 대한 대응과 동시에 IT인프라 구축 시 연동 통합으로 네트웍 시스템 웹 등 영역에서 발생되는 악성코드 공격 대상 등의 대상이 되므로 이에 대한 대응책으로 Deep-Acess기반 상시 실시간 원격 메모리 분석 및 감사(audit)체계 개념이 핵심이다.