• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.45-51
• /
• 2011

Certificate security oriented cyber certificate is important tool for the purpose of offering user-authentication service based on on-line system. In the paper, we analyzed management implement which could make the efficient use of certificate security oriented cyber terror response. This algorithm called SOL(Security Oriented Language) will make efficient use of the service about authentication consisting of the basis in the age of information through efficient management and partial use of each certificates. Especially, SOL could be used efficiently by grafting a small group of on-line system which is operated with particular purposes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.669-679
• /
• 2014

This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.37-47
• /
• 2020

The In the 4^th industrial revolution, cyber space will evolve into hyper-connectivity, super-convergence, and super-intelligence due to the development of advanced information and communication technologies, which will connect the nation's core infrastructure into a single network. As applying the 4^th industrial revolution technology to the cyber attack technique, it is evolving in an intelligent and sophisticate method. In order to response intelligent cyber attacks, it is difficult to guarantee self-defense in cyberspace by policy-oriented, preplanned-centric and hierarchical cyber response strategies. Therefore, this research aims to propose a situation-flexible & action-oriented cyber response mechanism that can respond flexibly by selecting the most optimal smart security solution according to changes in the cyber attack steps. The proposed cyber response mechanism operates the smart security solutions according to the action-oriented detailed strategies. In addition, artificial intelligence-based decision-making systems are used to select the smart security technology with the best responsiveness.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.35-42
• /
• 2013

Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.355-362
• /
• 2021

Through the Korean version of the New Deal 2.0, manufacturing-oriented SMEs are facing a new environmental change called smart factory construction. In addition, SMEs are facing new security threats along with a contactless environment due to COVID-19. However, it is practically impossible to apply the previously researched and developed security management system to protect the core technology of manufacturing-oriented SMEs due to the lack of economic capacity of SMEs. Therefore, through research on security management systems suitable for SMEs, it is necessary to strengthen their business competitiveness and ensure sustainability through proactive responses to security threats faced by SMEs. The security management system presented in this study is a security management system to prevent technology leakage applicable to SMEs by deriving and reflecting the minimum security requirements in consideration of technology protection point of view, smart factory, and remote access in a non-contact environment. It is also designed in a modular form. The proposed security management system is standardized and can be selectively used by SMEs.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.67-73
• /
• 2005

Security requirements must be defined well to reduce software vulnerabilities in requirement specification phase. In this paper, we show how to specify security requirements in structured manner for object-oriented development methodology. Our method specifies security requirements through four phases: defining security objectives, identifying the threat, construct attack tree, and specifying security function. This method would help developers to specify security requirements and functions which software have to possess clearly and systematically.

• Journal of the Korea Convergence Society
• /
• v.8 no.12
• /
• pp.15-22
• /
• 2017

This paper analyzes vulnerability of each service protocol used in ICT convergence industry, smart factory, smart grid, smart home, smart traffic, smart health care, and suggests technologies that can overcome security vulnerabilities. In addition, we design a service-oriented protocol security framework that allows us to quickly and easily develop security functions in an open environment by defining a security element common to protocols and designing a security module for each protocol layer including the corresponding elements. Service protocol independent security module and specialized security module, it will be possible to develop flexible and fast security system in ICT convergence industry where various protocols are used. The overall security level of the ICT service network can be improved by installing the necessary security modules in the operating system, and the productivity can be improved in the industrial security field by reusing each security module.