• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.91-98
• /
• 2012

OLAP(On-Line Analytical Processing) is a tool to satisfy the requirements of managing overflowing data analysis. OLAP can provide an interactive analytical processing environment to every end-user. Security policy is necessary to secure sensitive data of organization according to users direct access database. But earlier studies only handled the subject in its functional aspects such as MDX(Multidimensional Expressions) and XMLA(XML for Analysis). This research work is purported for solving such problems by designing and implementing an efficient data access control mechanism for the information security on OLAP. Experimental evaluation result is proposed and its efficiency and accuracy are verified through it.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.83-90
• /
• 2012

MANET(Mobile Ad-Hoc Network) has a weakness from a security aspect because it operates where no wired network is built, which causes the exposed media, dynamic topology, and the lack of both central monitoring and management. It is especially difficult to detect and mitigate a malicious node because there is not a mediator which controls the network. This kind of malicious node is closely connected to the routing in the field of study of Ad-Hoc security. Accordingly this paper proposes the method on how to enhance the security for the safe and effective routing by detecting the malicious node. We propose MBC(Identification technition of Malicious Behavior node based on Collaboration in MANET) that can effectively cope with malicious behavior though double detecting the node executing the malicious behavior by the collaboration between individual node and the neighbor, and also managing the individual nodes in accordance with the trust level obtained. The simulation test results show that MBC can find the malicious nodes more accurately and promptly that leads to the more effectively secure routing than the existing method.

• Journal of Digital Convergence
• /
• v.19 no.4
• /
• pp.133-139
• /
• 2021

Due to the rapid progress in network technology, many research on content security technologies is also being conducted in the mobile digital content sector. In the meantime, content protection has been immersed in preventing illegal copying, certifying, and issuance/management certificates, but still have many vulnerabilities in managing or authenticating confidential information. This study aims to strengthen confidential information about content based on dual management of content download rights through mobile phone numbers or device numbers. It also protect replay-attack by building a secure mobile DRM system where digital content is safely distributed based on a three-stage user authentication process. In addition, blockchain-based content security enhancements were studied during the primary/secondary process for user authentication for the prevention of piracy and copyright protection. In addition, the client authentication process was further improved through three final stages of authorization in the use of illegal content, considering that legitimate users redistributed their content to third-party.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.345-351
• /
• 2023

As software development progresses and programs become increasingly complex, the cost of reducing and managing software vulnerabilities has also increased. To address this issue, the Rust programming language, which guarantees Memory Safety, has been suggested as an alternative for more error-prone languages such as traditional C/C++. However, Rust also supports the use of libraries written in C/C++ to enhance compatibility with older languages and avoid redundant development, compromising its original guarantees. For example, memory corruption happened in C/C++ can lead to exploits such as buffer overflow, Use-After-Free and null-pointer dereferecing. To tackle this problem, recent studies have been conducted to secure interactino between Rust and C/C++ by isolation. This paper uncovers areas that have not been fully explored in previous studies, following limitation analysis on each. Finally, this paper suggests the future direction of research on safe interaction between Rust and C/C++.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Korean Security Journal
• /
• no.36
• /
• pp.227-253
• /
• 2013

The threat of crime became a global issue nowadays. Terrorism, organized crime, crime by nation can be mentioned as typical examples. The crimes in modern society can't be identified to happen when, where and how being different from those traditional crimes(murder, robbery, sexual abuse, arson). This was the result of changed security environment that needs to address wide range of crimes as being indicated sporadic characteristics of modern threat of crime such as terrorism threat targeting unidentified masses as well as the emergence of systemic phenomenon of organized crimes and crime committed by nation. In this regard, the case of 9.11 occurred in 2001 can be deemed as an example that made a dramatic turn around to the security environment. After the terrorism, it provided an opportunity to rethink not only USA but also to the institutions all over the world that deals with crime about gathering, management, utilization of crime intelligence. As a result of which there appeared a change in police activities more effectively in gathering & managing crime information and ILP is the very activity that emerged from the USA/UK countries. This aims police activities to minimize the threat of crime being the system reflecting a framework to manage more directly to control crime by gathering and processing information. In view of the global change of security environment as a common phenomenon, the need to direct to ILP has increased in Korea in line with such security environmental change. Accordingly, this study focused on the method of introduction of ILP and presentation of matters for discussion by reviewing ILP activities of the USA/UK countries.

• Journal of the Korea Convergence Society
• /
• v.11 no.1
• /
• pp.237-246
• /
• 2020

The background of the research is the following: As a result of ultra-light flying device industry development, the utilization of drones and their efficiency have been increasing. However, problems regarding flight permission·approval procedure have not been improved, resulting in increased number of civil complaints. Thus, the purpose of this research is to minimize such civil petition according to the required standards of the two government organizations through enhancing the procedure for managing and employing the system. The research methods entail pinpointing the problems by analysing ultra-light flying device related literature review and by holding focus-interviews with field experts, thereby verifying and providing improved solutions. Under (MLIT) Ministry of Land, Infrastructure and Transport supervision and in accordance with aviation security law, the research provides various updated functions such as improved civil petition processing system's employment and management system, flight approval, integration of names, process, format regarding aviation photographing approval, tool buttons such as the 'Main' button in the system's homepage. This research has the following expected effects : Firstly in the law and regulations section, the clear distinction in the missions and roles of each organization enhances cooperations in tackling civil petition. Secondly the integration of civil petition process reduces time and improves efficiency. And lastly, the improvement of supplementary tools for the public is expected to minimize civil petitions. Future research needs to be conducted under the supervision of the Ministry of National Defense(MND). Factors such as systematic infrastructure for flight photography approval, related unit's reorganization following the defense reform 2.0, and guaranteed conditions for field security action units need to be ameliorated.

• Journal of KIISE:Databases
• /
• v.29 no.3
• /
• pp.230-245
• /
• 2002

Database systems for real-time applications must satisfy timing constraints associated with transactions. Typically, a timing constraint is expressed in the form of a deadline and is represented as a priority to be used by schedulers. Recently, security has become another important issue in many real-time applications. In many systems, sensitive information is shared by multiple users with different levees of security clearance. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, there is an urgent need to develop concurrency control protocols in transaction management that satisfy both timing and security requirements. In this paper, we propose two concurrence control protocols that ensure both security and real-time requirements. The proposed protocols are primarily based on multiversion locking. However, in order to satisfy timing constraint and security requirements, a new method, called the FREEZE, is proposed. In addition, we show that our protocols work correctly and they provide a higher degree of concurrency than existing multiversion protocols. We Present several examples to illustrate the behavior of our protocols, along with performance comparisons with other protocols. The simulation results show that the proposed protocols can achieve significant performance improvement.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.1
• /
• pp.111-118
• /
• 2019

For the security of a vast amount of information, it has been started to diagnose the site as a way of operating and managing the information owned by a company holding assets, to establish indexes to check the actual status and all kinds of standards to obtain security, and also to classify the information assets based on that. This has been extended to many different areas including policies to operate and manage information assets, services, the management of owned devices as physical assets, and also the management of logical assets for application software and platforms. Some of these information assets are already being operated in reality as new technology in new areas, for example, Internet of Things. Of course, a variety of electronic devices like Smart Home are being used in ordinary families, and unlike in the past, these devices generate a series of information life cycles such as accumulating and processing information. Moreover, as even distribution is now being realized, we are facing a task to secure the stability of information assets and also information that assets are holding. The purpose of this study is to suggest and apply standard security policy by moduling methods for information assets owned by companies and even families and obtain the enhancement of confidentiality as well as integrity.