• Smart Media Journal
• /
• v.11 no.11
• /
• pp.75-83
• /
• 2022

NIST in the United States has developed SCAP, a protocol that enables automated inspection and management of security vulnerability using existing standards such as CVE and CPE. SCAP operates by creating a checklist using the XCCDF and OVAL languages and running the prepared checklist with the SCAP tool such as the SCAP Workbench made by OpenSCAP to return the check result. SCAP checklist files for various operating systems are shared through the NCP community, and the checklist files include ID, title, description, and inspection method for each item. However, since the inspection items are simply listed in the order in which they are written, so it is necessary to classify and manage the items by type so that the security manager can systematically manage them using the SCAP checklist file. In this study, we propose a method of extracting the description of each inspection item from the SCAP checklist file written in OVAL language, classifying the categories through a machine learning model, and outputting the SCAP check results for each classified item.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Smart Media Journal
• /
• v.11 no.3
• /
• pp.54-61
• /
• 2022

With the increase in the types of information systems managed by public institutions and companies, a security certification system is being implemented in Korea to quickly respond to vulnerabilities that may arise due to insufficient security checks. The korea security evaluation system, such as ISMS-P, performs a systematic security evaluation for each category by dividing the categories for technical inspection items. NIST in the United States has developed SCAP that can create security checklists and automate vulnerability checks, and the security checklists used for SCAP can be written in OVAL. Each manufacturer prepares a security check list and shares it through the SCAP community, but it's difficult to use it in Korea because it is not categorized according to the korea security evaluation system. Therefore, in this paper, we present a mechanism to categorize the OVAL definition, which is an inspection item written in OVAL, to apply SCAP to the korea security evaluation system. It was shown that 189 out of 230 items of the Red Hat 8 STIG file could be applied to the korea security evaluation system, and the statistics of the categorized Redhat definition file could be analyzed to confirm the trend of system vulnerabilities by category.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.31-39
• /
• 2019

The 129 public institutions in Korea are subject to Information Security Management Condition Evaluation (ISMCE) as a part of the government management evaluation system by the Ministry of Economy and Finance. ISMCE is started in 2006 with the central government institutions, and applied to the all public institutions in 2009. This evaluation is annually conducted by the National Intelligence Service through the site visits, and the number of the evaluated institutions is increasing year by year. However, the process of ISMCE - identifying existing vulnerabilities in the information system - is conducted manually. To improve this inconvenience, this paper introduces the various evaluation system in the major countries, especially in the United States, and analyzes the Security Content Automation Protocol (SCAP) by NIST. SCAP is automation protocol for the system vulnerability management (in technical fields) and security policy compliance evaluation. Based on SCAP, this paper suggests an improvement plan for the ISMCE of Korea.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3278-3288
• /
• 1999

This paper proposes a security platform, called SCAP(Security platform for CORBA based APplication), to cope with potential threats in a distributed object system. SCAP supports CORBA security specification announced by OMG. SCAP is comprised of four functional blocks, which co-work with ORB to provide security services: Authentication Block, Association Block, Access Control Block, and Security Information Management Block. It is designed to support Common Secure Interoperability Functionality Level 2, which is useful for large-scale intra-, or inter-network based applications. Actual security services, which are dependent on supporting security technology, will be provided as external security service for replace ability. Implementation issues such as how to simulate an interceptor mechanism using a commercial ORB product without source code, and how to extend Current object required for security services are also described. At the end of the paper, the SCAP applied to the web environment is described to show its practical utilization.

• Proceedings of the KSR Conference
• /
• 2011.10a
• /
• pp.1303-1308
• /
• 2011

In the modern society various types of transportation mode are utilized, among them the subway system is the one of the main transportation mode which more than 7.21 million people ride a day. Because of interests on the indoor air quality (IAQ) of underground public facilities, concerns on IAQ of subway system by many people are increasing. There are several approach to improve IAQ of subway station, such as installing platform screen door (PSD), frequent tunnel washing-out, and etc, however there has not been any attempt to improve IAQ of subway cabin inside. Most technologies for removing airborne particulate matters are known to be difficult to adopt on the subway cabin since the problem of maintenance cost. Therefore, the ultimate object of this study is a practical development of cabin air cleaning system which can reduce the concentration of airborne particles and harmful gases at the same time. The subway cabin air purifier (SCAP) was developed for removing particulate matters and gases pollutants inside a cabin. The whole system was designed and the roll-filter device was manufactured based on numerical prediction results. It is expected that SCAP could reduce indoor air pollutants in the subway cabin practically and it can be applied to other part of transportation vehicles.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.180-182
• /
• 2023

많은 기업에서 시스템 보안 침해사고가 증가함에 따라 국내에서는 보안성 강화를 위해 정보보호 및 개인정보보호 관리체계(ISMS-P) 인증 의무대상을 확대하고 있다. 이에 중소기업에서도 ISMS-P 인증을 받기 위한 준비가 필요해졌다. 그러나 ISMS-P 인증을 위한 시스템을 구축하기 위해 많은 비용과 인력이 필요하고 이를 중소기업에서 구축하기엔 현실적으로 어려운 부분이 있다. SCAP는 정보시스템의 취약점을 보안기준에 맞춰 자동 관리하는 프로토콜이다. 본 논문에서는 ISMS-P 인증 항목 중 시스템 자동관리가 가능한 부분을 도출하여 상용 소프트웨어와 동작 방식을 비교함으로써, 중소기업에 SCAP를 적용하여 시스템을 구축하는 것이 정보보호 강화에 도움이 될 수 있음을 검증하고자 한다.

• Journal of the Korean Association of Oral and Maxillofacial Surgeons
• /
• v.40 no.4
• /
• pp.173-180
• /
• 2014

Objectives: The purpose of this study was to investigate the neurogenic differentiation of human dental pulp stem cells (DPSCs), periodontal ligament stem cells (PDLSCs), and stem cells from apical papilla (SCAP). Materials and Methods: After induction of neurogenic differentiation using commercial differentiation medium, expression levels of neural markers, microtubule-associated protein 2 (MAP2), class III ${\beta}$-tubulin, and glial fibrillary acidic protein (GFAP) were identified using reverse transcriptase polymerase chain reaction (PCR), real-time PCR, and immunocytochemistry. Results: The induced cells showed neuron-like morphologies, similar to axons, dendrites, and perikaryons, which are composed of neurons in DPSCs, PDLSCs, and SCAP. The mRNA levels of neuronal markers tended to increase in differentiated cells. The expression of MAP2 and ${\beta}$-tubulin III also increased at the protein level in differentiation groups, even though GFAP was not detected via immunocytochemistry. Conclusion: Human dental stem cells including DPSCs, PDLSCs, and SCAP may have neurogenic differentiation capability in vitro. The presented data support the use of human dental stem cells as a possible alternative source of stem cells for therapeutic utility in the treatment of neurological diseases.

• Journal of the korean academy of Pediatric Dentistry
• /
• v.45 no.1
• /
• pp.1-9
• /
• 2018

The purpose of this study is to identify the factors affecting the treatment outcome after surgical-orthodontic treatment of the maxillary impacted incisors using multiple regression analysis. The study enrolled 83 patients who had surgical-orthodontic treatment in impacted maxillary central incisor between January 2005 and December 2015. Possible explanatory variables related to the prognosis of impacted incisor were age, gender, tooth developmental stage, height, position and angle of the teeth. The results of multiple regression analysis showed that as the height of the stem cell from apical papilla (SCAP) increased, the tooth length ratio increased by 0.345 units (p < 0.01). There was no statistically significant difference in gender, tooth development stage, distance and angle between the center line and the tooth, and the height of incisal tip of the tooth. In conclusion, the height of the SCAP of the impacted central incisor is factor affecting the tooth length after orthodontic traction.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.24 no.12A
• /
• pp.1899-1909
• /
• 1999

Considering survivability in fiber-optic transmission networks using B-DCS(Broadband Digital Cross-connect System), a network design problem consists of WCAP(Working Channel Assignment Problem) and SCAP(Spare Channel Assignment Problem). WCAP has not been studied intensively as a part of a network design problem to minimize total network cost while SCAP has been studied in the several papers as an independent problem. In this study, we developed a WSCAP(Working and Spare Channel Assignment Problem) algorithm which is to minimize the total number of spare channels and working channels. After problem description, an IP(Integer Programming) model is formulated and several heuristic algorithms are presented. Finally, the result of a case study is described.