• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.229-239
• /
• 2014

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

• Journal of Digital Convergence
• /
• v.18 no.6
• /
• pp.373-378
• /
• 2020

For improving interoperability of medical information, health level 7 has initiated the development of a next-generation framework for the exchange of medical information called the Fast health interoperability resources (FHIR). However, there was no attempt to exchange the medical three-dimensional (3D) image with clinical data via FHIR. Thus, we designed a new method. The 3D image to be made from computed tomography was converted to the javascript object notation (JSON) file format, and clinical data was added. We made a test FHIR server, and the client used the postman. The JSON file was attached to the body, and was then transmitted. The transmitted 3D image could be seen through a web browser, and attached clinical data was identified in the source code. This is the first attempt to exchange the medical 3D image. Additional researches will be needed to develop applications or FHIR resources that apply this method.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.379-388
• /
• 2014

We noted that substituting hard disk with high-performance storage device on SAN did not immediately result in getting high performance. Investigating the reason behind this leaded us to propose optimization schemes for high-performance storage system. We first got rid of the latency in the I/O process which is unsuitable for the high-performance storage device, added parallelism on the storage server, and applied temporal merge to Superhigh speed network protocol for improving the performance with small random I/O. The proposed scheme was implemented on the SAN with high-performance storage device and we verified that there were about 30% reduction on the I/O delay latency and 200% improvement on the storage bandwidth.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.7
• /
• pp.384-393
• /
• 2002

A Parallel file system is normally used to support excessive file requests from parallel applications in a cluster system, whereas prefetching is useful for improving the file system performance. This paper proposes a new prefetching method, Fips(dynamic File Prefetching Scheme based on file access patterms), that is particularly suitable for parallel scientific applications and multimedia web services in a parallel file system. The proposed prefetching method introduces a dynamic prefetching scheme to predict data blocks precisely in run-time although the file access patterns are irregular. In addition, it includes an algorithm to determine whether and when the prefetching is performed using the current available I/O bandwidth. Experimental results confirmed that the use of the proposed prefetching policy in a parallel file system produced a higher file system performance.

• Journal of Digital Convergence
• /
• v.13 no.12
• /
• pp.135-142
• /
• 2015

Appearance and rapid growth of the social network services (SNS) have led to changes in the distribution structure of information. Consumers can obtain various information quickly via the social network services and companies make use of a new advertising channel in them. In order to increase the effect of publicity activities through the social network services, development and application of public relations strategy by evaluating and analyzing the results of the activities is required. In this paper, a method for developing a low cost system to evaluate and analyze the results of public relations through the social networks is proposed. The proposed method was verified through building and running a demo system to collect and analyze data in the Facebook fan pages using MySQL database and PHP script on a Linux server.

• Journal of Intelligence and Information Systems
• /
• v.13 no.3
• /
• pp.83-99
• /
• 2007

Nowadays, the advancement of digital information technology resulting in the increased interest of the management and the use of information has given stimulus to the research on the use and management of information. In this paper, we propose an integrated data mining model that can provide the necessary information and interface to users of scientific information portal service according to their respective classification groups. The integrated model classifies users from log files automatically collected by the web server based on users' behavioral patterns. By classifying the existing users of the web site, which provides information service, and analyzing their patterns, we proposed a web site utilization methodology that provides dynamic interface and user oriented site operating policy. In addition, we believe that our research can provide continuous web site user support, as well as provide information service according to user classification groups.

• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.311-316
• /
• 2014

Social network server due to the popularity of smart phones, and data stored in a big usable access data services are increasing. Big Data Big Data processing technology is one of the most important technologies in the service, but a solution to this minor security state. In this paper, the data services provided by the big -sized data is distributed using a double hash user to easily access to data of multiple distributed hash chain based data processing technique is proposed. The proposed method is a kind of big data data, a function, characteristics of the hash chain tied to a high-throughput data are supported. Further, the token and the data node to an eavesdropper that occurs when the security vulnerability to the data attribute information to the connection information by utilizing hash chain of big data access control in a distributed processing.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.219-227
• /
• 2017

Network access control should be able to effectively block security threats to the IT infrastructure, such as unauthorized access of unauthorized users and terminals, and illegal access of employees to internal servers. From this perspective, it is necessary to build metrics based on relevant standards to ensure that security is being met. Therefore, it is necessary to organize the method for security evaluation of NAC according to the related standards. Therefore, this study builds a model that combines the security evaluation part of ISO / IEC 15408 (CC: Common Criteria) and ISO 25000 series to develop security metric of network access control system. For this purpose, we analyzed the quality requirements of the network access control system and developed the convergence evaluation metric for security of the two international standards. It can be applied to standardization of evaluation method for network access control system in the future by constructing evaluation model of security quality level of network access control system.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.9-15
• /
• 2011

It is difficult to identify attack requests from normal ones when those attacks are based on CSRF which enables an attacker transmit fabricated requests of a trusted user to the website. For the protection against the CSRF, there have been a lot of research efforts including secret token, custom header, proxy, policy model, CAPTCHA, and user reauthentication. There remains, however, incapacitating means and CAPTCHA and user reauthentication incur user inconvenience. In this paper, we propose a method to detect CSRF attacks by analyzing the structure of websites and the usage patterns. Potential victim candidates are selected and website usage patterns according to the structure and usage logs are analyzed. CSRF attacks can be detected by identifying normal usage patterns. Also, the proposed method does not damage users' convenience not like CAPTCHA by requiring user intervention only in case of detecting abnormal requests.

• Journal of Korea Society of Industrial Information Systems
• /
• v.5 no.4
• /
• pp.16-21
• /
• 2000

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. Administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system must be maintain the integrity of user-role and role-role relationships in the RBAC Database. Therefor, it is required set functions, properties defining integrity of database. When it will be designed security systems which is applying RBAC policy on the Linux(server system environments, this paper defines integrity of database for user-role and role-role relationships, and we propose formal specification of operation in order to manage these relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. Also, this paper can easily derive the implementation of the RBAC administration tool by formal specification of operations. It leads us tn the minimal set for a more efficiently implementation of administration tool.