• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2744-2746
• /
• 2003

ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of assumptions about the TOE security environment or the intended usage of the TOE. This paper presents a specific conditions should be assumed to exist in the smart card environment and the analysis of those conditions developer of smart card PP must consider.

• Safety and Health at Work
• /
• v.4 no.2
• /
• pp.117-121
• /
• 2013

This paper describes progress on formulating a national asbestos profile for the country of Vietnam. The Center of Asbestos Resource, Vietnam, formulated a National Profile on Asbestos-related Occupational Health, with due reference to the International Labor Organization/World Health Organization National Asbestos Profile. The Center of Asbestos Resource was established by the Vietnamese Health Environment Management Agency and the National Institute of Labor Protection, with the support of the Australian Agency for International Development, as a coordinating point for asbestos-related issues in Vietnam. Under the National Profile on Asbestos-related Occupational Health framework, the Center of Asbestos Resource succeeded in compiling relevant information for 15 of the 18 designated items outlined in the International Labor Organization/World Health Organization National Asbestos Profile, some overlaps of the information items notwithstanding. Today, Vietnam continues to import and use an average of more than 60,000 metric tons of raw asbestos per year. Information on asbestos-related diseases is limited, but the country has begun to diagnose mesothelioma cases, with the technical cooperation of Japan. As it stands, the National Profile on Asbestos-related Occupational Health needs further work and updating. However, we envisage that the National Profile on Asbestos-related Occupational Health will ultimately facilitate the smooth transition to an asbestos-free Vietnam.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.69-86
• /
• 2003

A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1257-1268
• /
• 2015

Multi-functional devices was originally an equipment performing image processing, but function transmitting image data digitized by combining fax function and function of network are added and it was rapidly developed. Also, functions of internet application, application expansion, remote sharing and image treatment were added to multi-functional devices. But, multi-functional devices can cause security vulnerability such as data exposure, eavesdropping, etc. because of the threatening by network connection. Therefore, common criteria of multi-functional devices are necessary, but there is no protection profile for multi-functional devices now. Therefore, concrete standards of evaluation are not applied to evaluate secure for products, so it was difficult to maintain uniformity of evaluation quality. Therefore, this paper developed protection profile for multi-functional devices based on common criteria of evaluation so as to analyze threats of multi-functional devices and use secure multi-functional devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.99-119
• /
• 2007

The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.111-125
• /
• 2010

There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.139-150
• /
• 2008

Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.3-8
• /
• 2023

Multi-domain optical transport networks are not fundamentally interoperable and require an integrated orchestration mechanism and path provision mechanism at the entire network level. In addition, ensuring network survivability is one of the important issues. MPLS-TP (Multi-Protocol Label Switching-Transport Profile) defines various protection/recovery methods as standards, but does not mention how to calculate and select protection/recovery paths. Therefore, an algorithm that minimizes protection/recovery collisions at the optical circuit packet integrated network level and calculates and sets a path that can be rapidly protected/recovered over the entire integrated network area is required. In this paper, we proposed an algorithm that calculates and sets up a path that can be rapidly protected and restored in a T-SDN network composed of multiple ring-mesh topology.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2747-2749
• /
• 2003

Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of threats about the TOE security environment or the intended usage of the TOE. This paper presents a specific physical threats should be considered in the smart card PP which developers of smart card PP must consider.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6274-6281
• /
• 2015

Radio-based train control system has driving headway shortening effect by real-time train interval control using two-way radio communication between onboard and wayside systems, and reduces facility investment because it does not require any track-circuit. Automatic train protection(ATP), the most significant part of the radio-based train control system, makes sure a safe distance between preceding and following trains, based on real-time train location tracing. In this paper, we propose the overall ATP train interval control algorithm to control the safe interval between trains, and preprocessing-based speed profile calculation algorithm to improve the processing speed of the ATP. The proposed speed profile calculation algorithm calculates the permanent speed limit for track and train in advance and uses as the most restrictive speed profile. If the temporary speed limit is generated for a particular track section, it reflects the temporary speed limit to pre-calculated speed profile and improves calculation performance by updating the speed profile for the corresponding track section. To evaluate the performance of the proposed speed profile calculation algorithm, we analyze the proposed algorithm with O-notation and we can find that it is possible to improve the time complexity than the existing one. To verify the proposed ATP train interval control algorithm, we build the train interval control simulator. The experimental results show the safe train interval control is carried out in a variety of operating conditions.