• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.11a
• /
• pp.119-125
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. This paper proposes a new concept of operating system security enhancement system which uses loadabel security kernel module (LSKM) or dynamic link library(DLL) and specific conditions for operational environment should be assumed.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2093-2096
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. Trusted operating systems have been developed since the early 1980s and began to receive National Security Agency (NSA) evaluation in 1984. The researches about trusted OS are proceeding over the world, and new product type using the loadable security kernel module (LSKM) or dynamic link library (DLL) is being developed. This paper proposes a special type of product using LSKM and specific conditions for operational environment should be assumed.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.27-32
• /
• 2019

Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.04b
• /
• pp.821-824
• /
• 2002

과거의 프로그램은 단일 프로그램으로 작성될 경우, 작성하기도 어렵고 관리 또한 용이하지가 않았다. 결국, 오늘날에는 이를 해결하고자 큰 프로그램을 작고 이해하기 쉬운 분산 컴포넌트별로 나누는 방식을 활용하고 있다. 하지만, 이러한 분산 컴포넌트 기반 소프트웨어는 보안 측면에서 볼 때 상당히 위험한 요소들을 내포하고 있다. 즉, 외부나 내부에서 독립적으로 링크되는 개개의 컴포넌트들이 보안을 고려한 모든 상황에서 안전하게 이용된다는 보장이 없다. 본 논문에서 제안하는 시스템은 바로 이러한 점을 해결하고자 운영 체제에 보안 모듈을 내장하고 이 보안 모듈로 하여금 개개의 컴포넌트가 링크될 때에 그 안전성을 검증하고 혹시 있을지 모를 불법적인 컴포넌트 조작을 사전에 막을 수 있도록 설계하였다.