• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.941-944
• /
• 2011

컴퓨팅 환경에서 각종 보안 위협들의 핵심에는 악성 실행파일들이 있다. 전통적인 시그니처 기반의 보안 시스템들은 악의적인 실행파일들 중에서 알려지지 않은 것들에 대해서는 런타임 탐지에 어려움이 있다. 그러한 이유로 런타임 탐지를 위해 시그니처가 필요 없는 정적, 동적 분석 방법들이 다각도로 연구되어 왔으며, 특히 악성 실행파일을 실제 실행한 후 그 동작상태를 모니터링 하는 행위기반 동적 분석방법들이 많은 발전을 이루어왔다. 그러나 대부분의 행위기반 분석방법들은 단순히 몇 가지 행위나 비순차적인 분석정보를 제공하기 때문에, 차후 악성여부를 최종 판단하는 방법론에 적용하기에는 그 분석정보가 충분하지 않다. 본 논문에서는 악성 실행파일이 실행되는 동안 발생할 수 있는 행위들을 분류하고, 이를 모니터링 하는 프로토타입 프로그램을 구현하였다. 또한, 악성 실행파일을 직접 실행하는 것은 제한된 컴퓨팅 환경에서 이루어지기 때문에, 실제 악성 실행파일을 모니터링 한 결과를 토대로 행위기반 모니터링 방법이 극복해야 될 이슈들에 대해서도 언급하고 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.328-330
• /
• 2022

Currently, the Metaverse is introduced in various fields, and a virtual convergence economy that uses NFTs for content or item transactions is expected to develop into a 'metaverse environment'. The 'metaverse environment' will lead the changes in our society in the future and it will be fused with AI, big data, cloud, IoT, block chain, and next-generation network technology. However, personal information, device information, and behavior information provided by Metaverse users to use the service are subject to major attacks. Therefore, in order to provide a safe environment for users to use and to expand the business base of related companies, building a public-private cooperation system and developing a security guide are the leading tasks. Therefore, in this study, we compare and analyze metaverse features and technologies, and examine possible security threats and countermeasures.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.396-400
• /
• 2001

본 논문은 현재 안전한 운영체제 개발에 사용되고 있는 강제 접근통제(MAC)와 역할행위 기반 접근통제(RBBAC)의 혼합 기법인 다중 등급 역할 행위 기반 접근통제 (ML/RBBAC)를 제안하고, 접근통제 모델을 기술한다. ML/RBBAC은 안전한 운영체제가 MAC과 RBBAC을 동시 지원하기 위한 최적의 방법이며, 기존 MAC의 단점인 지나치게 엄격한 정보흐름 통제 및 보안 관리 부담의 증대 문제를 해결한다.

• Journal of Digital Convergence
• /
• v.17 no.2
• /
• pp.127-134
• /
• 2019

The purpose of this study was to investigate the factors affecting the behavior intention of smartphone mobile banking service among tourists. Currently, due to the development of mobile Internet technology and the spread of smartphone all over the world, interest and spread of smart phone based mobile banking is popularized. Thus, we analyzed the relationship among performance expectancy, social influence, facilitating conditions, perceived financial cost, perceived habit, perceived security level, and user's behavioral intention as a dependent variable. In this study, 203 respondents were interviewed about Chinese tourists at Jeju International Airport, and the influence of independent variables was determined by Smartpls 3.0. The results showed that the perceived security level and habit had a positive effect on the behavior intention. Especially, perceived security is a major issue of smartphone-based mobile banking in recent years. This study is meaningful in that it is an analysis of behavior factors of smartphone-based mobile banking service for tourists.

• Journal of Korean Society for Quality Management
• /
• v.42 no.2
• /
• pp.153-163
• /
• 2014

Purpose: This research aims to find out clinical information protection behavior within a medical institution in mandatory circumstance based on health psychology theories Methods: This research has developed the survey based on the variables from ealth psychology theories; and conducted the survey during the whole month in April 2013. In the end, 256 samples have been used for this research's analysis. Results: First of all, Empirical results has proved that perceived benefits, self-efficacy, and cues to action have an positive influence on clinical information protection behavior. Perceived barriers has an negative influence. Finally, it has proven from the research that perceived severity and perceived susceptibility do not have an impact on clinical inf ormation protection behavior Conclusion: These findings provide an enriched understanding about medical institution workers information protection behavior on patient's clinical information.

• Journal of Digital Convergence
• /
• v.16 no.12
• /
• pp.343-349
• /
• 2018

Electroencephalograph(EEG) information, which is an important data of brain science, reflects various levels of information from the molecular level to the behavior and cognitive stages, and the explosively amplified information is provided at each stage. Therefore, EEG information is an intrinsic privacy area of an individual, which is important information to be protected. In this paper, we apply spring security to web based system of spring MVC (Model, View, Control) framework to build independent and lightweight server system with powerful security system. Through the proposal of the platform type EEG analysis system which enhances the security function, the web service security of the EEG information is enhanced and the privacy of the EEG information can be protected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1057-1067
• /
• 2013

The market share of smartphones has been increasing more and more at the recent mobile market and smart devices and applications that are based on a variety of operating systems has been released. Given this reality, the importance of smart devices analysis is coming to the fore and the most important thing is to minimize data corruption when extracting data from the device in order to analyze user behavior. In this paper, we compare and analyze the area-specific changes that are the file system of collected image after obtaining root privileges on the Android OS and iOS based devices, and then propose the most efficient method to obtain root privileges.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1251-1258
• /
• 2016

Recently, leaks of the personal information of Internet users have been occurring too frequently. Generally, Internet users have email accounts. The use of email as a communications tool in the private and public sectors has increased. Therefore, in email usage, password management to ensure a more secure email service is most important. In this study, we conducted an online survey of email users and analyzed their responses by using structural equation modeling software to find the psychological and behavioral characteristics of their password management. The results of this study provide useful suggestions on information security strategies related to email password management at both the enterprise and individual levels.

• International Journal of Computer Science & Network Security
• /
• v.24 no.7
• /
• pp.101-107
• /
• 2024

Cloud computing is a widely used technology that has changed the way people and organizations store and access information. This technology is quite versatile, which is why extensive amounts of data can be stored in the cloud. Furthermore, businesses can access various services over the cloud without having to install applications. However, the cloud computing services are provided over a public domain, which means that both trusted and non-trusted users can access the services. Though there are several advantages of cloud computing services, especially to business owners, various challenges are also posed in terms of the privacy and security of information and online services. A kind of threat that is widely faced in the cloud environment is the on/off attack. In this kind of attack, a few entities exhibit proper behavior for a given time period to develop a highly a positive reputation and gather trust, after which they exhibit deception. A viable solution is provided by the given trust model for preventing the attacks. This method works by providing effective security to the cloud services by identifying malicious and inappropriate behaviors through the application of trust algorithms that can identify on-off attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.804-807
• /
• 2012

Cloud service provider has to protect client's information securely since all the resources are offered by the service provider, and a large number of users share the resources. In this paper, a NoSQL-based anomaly detection system is proposed in order to enhance the security of mobile cloud services. The existing integrated security management system that uses a relational database can not be used for real-time processing of data since security log from a variety of security equipment and data from cloud node have different data format with unstructured features. The proposed system can resolve the emerging security problem because it provides real time processing and scalability in distributed processing environment.