• Journal of Platform Technology
• /
• v.11 no.1
• /
• pp.23-37
• /
• 2023

As the importance of R&D increases amid the paradigm of technology hegemony competition, countries around the world are increasing investment in R&D, at the same time, making effrots to portect R&D. Centering to technology-leading countries, such as Korea, the United States and Japan, they reorganize research security regulations to protect national R&D; however, the burden of compliance for researcher and research institutes is still high. Korea enacted the National R&D Innovation Act and the Enforcement Decree of the same Act to establish an integrated and systematic research security support system, but research institutes and researchers still lack understanding and practice of research security. In order to strengthen researcher's research security compliance, this study organized information requirements for each security management area through domestic and foreign research security laws and prior research analysis, and designed research security information requirements items centered on researchers. The designed information requirements are meaningful in that they were designed by considering both the management area and the stage of R&D, focusing on researchers performing R&D in the field. Based on the designed information requirements items, it is expected that systematic security management will be possible at the research site, which will ease the security burden of researchers and improve research security compliance at the research and development site.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1247-1257
• /
• 2013

The security vulnerabilities of cloud storage virtualization environments are different from those of the existing computer system and are difficult to be protected in the existing computer system environment. Therefore we need some technical measures to address this issue. First of all, the technology used in cloud storage virtualization environment needs to be thoroughly analyzed, and also, we should understand those security requirements of various stakeholders in the view of cloud storage service and perform the research on security guidelines of the research security requirements. In this paper, we propose security requirements based on layers and roles of cloud storage virtualization. The proposed security requirements can be a basement for development of solution of cloud storage virtualization security.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.5
• /
• pp.29-39
• /
• 2017

In this paper, we analyse security threats and security requirements about the designated PC solution which restricts usable PCs that are only an user own PCs or a registered PC for online banking or very important services. Accordingly, causable threats of the designated PC solution are classified a process, a network layer, a software module, and an environment of platform, and we draw security requirements based on analysed security threats. Results of this research are considered utilization of criteria for improving security of the designated PC solution and standards for giving hint of imposition of the designated PC solution.

• Nuclear Engineering and Technology
• /
• v.45 no.5
• /
• pp.637-652
• /
• 2013

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security.. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.5
• /
• pp.145-154
• /
• 2021

Recently, the introduction of Cloud Managing Security Services System to respond to security threats in cloud computing environments is increasing. Accordingly, it is necessary to analyze the security requirements for the Cloud Managing Security Services System. However, the existing research has a problem that does not reflect the virtual environment of the cloud and the data flow of the Cloud Managing Security Services System in the process of deriving the requirements. To solve this problem, it is necessary to identify the information assets of the Cloud Managing Security Services System in the process of threat modeling analysis, visualize and display detailed components of the cloud virtual environment, and analyze the security threat by reflecting the data flow. Therefore, this paper intends to derive the security requirements of the Cloud Managing Security Services System through threat modeling analysis that is an improved existing research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1441-1455
• /
• 2017

In order to build a secure electric vehicle charging infrastructure, security research is required because various data including charging and payment data are transmitted in the electric vehicle charging infrastructure. However, previous researches have focused on smart grid related security research such as power system infrastructure rather than charging infrastructure for electric vehicle charging. In addition, research on charging infrastructure is still lacking, and research using a systematic methodology such as threat modeling is not yet under way. Therefore, it is necessary to apply threat modeling to identify security threats and systematically analyze security requirements to build a secure electric vehicle charging infrastructure. In this paper, we analyze the electric vehicle charging infrastructure by accurately identifying possible threats and deriving objective security requirements using threat modeling including Data Flow Diagram, STRIDE, and Attack Tree.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.2
• /
• pp.163-177
• /
• 2009

The demand for services using digital technology is constantly increasing as new developments in digital consumer electronics and the Internet are made. This is especially true in terms of the demand for IPTV utilizing high speed Internet networks. Research on IPTV threats is important for facilitating financial transactions via IPTV and preventing illegal use or copying of digital content. Thus, this paper analyzes IPTV threats via the IPTV value chain. That is, the distribution system for IPTV service is analyzed along with the components of the value chain and corresponding IPTV security requirements or security technologies, in order to perform a threat analysis and research suitable for the IPTV service environment. This paper has a greater focus on the value chain of the IPTV business than the approach in previous research, in order to analyze security requirements and technologies that are more applicable to the business environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.113-124
• /
• 2019

Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.371-374
• /
• 2001

This paper shows how Ebooks contents can be securely transferred to consumers in wireless environment using public key infrastructure (PKI). In addition, we show the proposed scheme to be secure. The final goal is to show that our scheme satisfies all secure requirements of digital contents in any environments.