• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.35-45
• /
• 2020

Cyber attacks on the aviation weapon system, a state-of-the-art asset, have become a reality and are approaching as a constant threat. However, due to the characteristics of embedded software of the current aviation weapon system, it is managed and operated without connection to the network in peacetime, so the response management to cyber attacks is relatively weak. Therefore, when a cyber attack becomes a reality, it is urgent to prepare and evaluate measures for the adverse effects that such attack will have on the execution of the Air Tasking Order(ATO). In this paper, we propose a framework for operational impact assessment in order to avoid confusion in ATO execution and systematic response to cyber attacks on aviation weapons systems. The proposed framework is designed to minimize the negative impact on operations against cyber attacks that may occur under no warning by analyzing the impact on air operations for each aviation weapon system and standardizing countermeasures for this. In addition, it supports the operational commander to make a quick decision to command for the execution of the operation even in a situation where a cyber attack occurs.

• The Journal of Society for e-Business Studies
• /
• v.26 no.1
• /
• pp.79-91
• /
• 2021

The public records of universities shall be classified according to the Enforcement Decree of the Public Records Act and public records management activities shall be carried out accordingly. Among various kinds of public records of the university, the records of performance management are still managed as paper documents, such as attendance books, answer sheets, and assignments, and the management system and methods of each school are different, making it difficult for the management manager to manage them. In this paper, we propose a service model that can perform blockchain-based records management of records related to performance at universities currently kept in paper documents. The proposed service is expected to reduce resource consumption, such as the cost, time and effort spent on storing and managing paper documents.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.169-178
• /
• 2022

In general, organizations operating multi-domain networks find it difficult to represent and manage multiple domain net works on a single screen space. Instead, most of them are managed with multiple screens visualizing network topology by domain or partitioning one screen area into multiple domains. We propose an efficient method to visualize the topology using only minimal connection information between domain-agnostic nodes in this work. This method visualizes the topology by utilizing centrality indices representing the influence of nodes in the network. Furthermore, the method dynamically segments the entire node's display area using virtual Root nodes to auto-separate domains and weights of child nodes and placing nodes in 3D space. Thus, although it is a straightforward method, the multi-domain network topology can be visualized with only minimal connection information between nodes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.939-946
• /
• 2023

In the hyper-connected network, which network equipment is diverse and network structure is complex, the attack surface has also increased. In this environment, MTD(Moving Target Defense) technology is being researched as a method to fundamentally defend against cyber attacks by actively changing the attack surface. network-based MTD technologies are being widely studied. However, in order for network address mutation technology to be applied within the existing fixed IP-based system, research is needed to determine what impact it will have. In this paper, we studied the impact of applying network address mutation technology to the existing network protection system. As a result of the study, factors to be considered when firewall, NAC, IPS, and network address mutation technologies are operated together were derived, and elements that must be managed in network address mutation technology for interoperability with the network analysis system were suggested.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.141-150
• /
• 2024

With the increasing frequency of incidents related to personal information leaks, there is a growing concern about personal information protection. Moreover, with the emergence of blockchain technology, there is a heightened interest in self-sovereign identity models applied through blockchain, with ongoing research on Decentralized Identifiers (DID) to achieve this. However, despite universities storing and utilizing significant information such as personal data, their computer systems are operated and managed based on centralized systems, leading to annual occurrences of personal data breaches. Therefore, this paper proposes and implements a DID-based computing system applicable within universities. Additionally, it establishes and executes prominent services within the university context. The proposed system ensures users' self-sovereign identities through verifiable credentials, enabling the establishment of a secure integrated information system within the university, departing from traditional centralized systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• Spatial Information Research
• /
• v.21 no.4
• /
• pp.15-24
• /
• 2013

Recently, as the spatial information and various multimedia are fused together, the demand for the high value-added spatial information contents and the necessity of technology for spatial information security are increasing. However, since the current security policy is being managed independently by each system, there is a problem with unreliable or costly to modify or revise the security policy. Such problems occur frequently in the process of coordination or integration of the spatial information management systems that are used in public institutions and private companies. Therefore, in this paper, the access control system that could provide an integrated security policy for many spatial platforms and systems with expandable grammar and semantics was designed and implemented based on GeoXACML proposed by OGC. As the GeoXACML-based access control system designed and implemented in this paper follows the international standard specifications, it provides high portability and interoperability. Finally, in this paper, the efficiency of the system was proved by applying it to a virtual scenario on the military area requiring the access control.

• The Southeast Asian review
• /
• v.26 no.3
• /
• pp.91-118
• /
• 2016

As all are aware, the results of the Malaysia 12th General Election (GE-12) in 2008 have surprised many. Not only the dominant parties Barisan Nasional (BN) were shocked by the loss of significant numbers of seats but for the first time in the history of Malaysia politics, vis-${\grave{a}}$-vis, electoral affairs, they were denied a two-thirds majority in the Parliament. Notwithstanding the opposition parties such as Parti Islam Se-Malaysia (PAS), Democratic Action Party (DAP) and Parti Keadilan Rakyat (PKR: The People's Justice Party) that form the opposition coalition called Pakatan Rakyat (People's Alliance: PR), has come to a surprised with the GE-12 result, in which they not even think that were able to challenge hegemonic politics of BN, managed to capture and formed a government at the state level namely Kedah, Penang, Perak, and Selangor, except Kelantan which has been under the control of PAS since the 1990 general election. This article aims to analyze whether Sabah as a "fixed deposit"state is still relevant in understanding the continuity and survival of the BN political hegemony in the context of Malaysia political developments post-13th general election.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.10 no.1
• /
• pp.1-8
• /
• 2007

The Anyang River which located in an urban area near Seoul had been managed focusing on supplying home and industrial water and preventing floods, coping with rapid industrialization and urbanization. Consequently, it was changed into a deadly river during 25 years. Its channel was straightened by concrete and water quality deteriorated to BOD 190mg/l. In addition, water quantity has been rapidly decreased and has been drying up. Also, as the river ecosystem, landscape, water-friendly function, and so forth were seriously deteriorated, people turn away from the urban river. From 2001, the master plan under the 10-year has been actively carried out centering on the preceding items, which are healthy river in which fishes inhabit, safe river free from floods and droughts, and pleasant river where citizens visit. As a result, its water quality was remarkably improved by BOD 5mg/l in 2005 and some upper zones were improved enough to allow people to swim. Moreover, various animals including fish and birds gather around the river. Now, the 'Anyang River Restoration Project' is recognized as the first comprehensive and systematic nature-friendly urban river improvement in Korea.