• 제목/요약/키워드: Security Analysis

검색결과 6,437건 처리시간 0.037초

Security Analysis of Cryptographic Protocols Based on Trusted Freshness

  • Chen, Kefei;Dong, Ling;Lai, Xuejia
    • 정보보호학회논문지
    • /
    • 제18권6B호
    • /
    • pp.219-232
    • /
    • 2008
  • A novel idea of protocol security analysis is presented based on trusted freshness. The idea has been implemented not only by hand but also by a belief muitisets formalism for automation. The key of the security analysis based on trusted freshness is a freshness principle: for each participant of a cryptographic protocol, the security of the protocol depends only on the sent or received one-way transformation of a message, which includes a trusted freshness. The manual security analysis method and the belief multisets formalism are all established on the basis of the freshness principle. Security analysis based on trusted freshness can efficiently distinguish whether a message is fresh or not, and the analysis results suggest the correctness of a protocol convincingly or the way to construct attacks intuitively from the absence of security properties. Furthermore, the security analysis based on trusted freshness is independent of the idealization of a protocol, the concrete formalization of attackers' possible behaviors, and the formalization of concurrent runs of protocols.

산업별 정보보안의 투자 수준과 관리 역량에 관한 연구 (A Study on the Investment Level and Administrative Competence of Information Security by Industry)

  • 정병호;주형근
    • 디지털산업정보학회논문지
    • /
    • 제19권2호
    • /
    • pp.89-102
    • /
    • 2023
  • The purpose of this study is to examine what are the important variables for information security compliance and whether the information security investment by the industry is different. To comply with the information security policies, the organization must establish measures to prevent or resolve information security incidents. This research process consists of four stages, and the analysis method was conducted with the categorical regression analysis and the correspondence analysis. The first analysis analyzed the independent variables that affect security regulations compliance. The rest of the analysis was conducted by industry in the order of security compliance regulations, manpower investment, and budget investment. As a result of the first analysis, this had positive effects on an organization and personal information protection awareness, joint operation organization of information protection, manpower and budget investment, corporate size, and industry. The correspondence analysis was conducted from the second analysis to the fourth analysis and it analyzed the differences in information security investment by industry. The second analysis showed that the construction industry, science and technology industry, and finance industry have higher compliance with security regulations than other industries. The third analysis showed that the financial industry and the science and technology industry were higher than other industries. The last analysis showed that the financial industry was higher than other industries. The theoretical contribution of this study provided the basis for updating the information security theory. The practical contribution of this study requires government support to reduce information security deviations by industry.

A Study on the Mobile Application Security Threats and Vulnerability Analysis Cases

  • Kim, Hee Wan
    • International Journal of Internet, Broadcasting and Communication
    • /
    • 제12권4호
    • /
    • pp.180-187
    • /
    • 2020
  • Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

The big data analysis framework of information security policy based on security incidents

  • Jeong, Seong Hoon;Kim, Huy Kang;Woo, Jiyoung
    • 한국컴퓨터정보학회논문지
    • /
    • 제22권10호
    • /
    • pp.73-81
    • /
    • 2017
  • In this paper, we propose an analysis framework to capture the trends of information security incidents and evaluate the security policy based on the incident analysis. We build a big data from news media collecting security incidents news and policy news, identify key trends in information security from this, and present an analytical method for evaluating policies from the point of view of incidents. In more specific, we propose a network-based analysis model that allows us to easily identify the trends of information security incidents and policy at a glance, and a cosine similarity measure to find important events from incidents and policy announcements.

특허분석을 통한 정보보안 부문 미래교육 수요분석 (Future Education Skills Needs Analysis through Patent Analysis in the field of Information Security)

  • 황규희;임명환;송경석;이중만
    • 경영과학
    • /
    • 제31권4호
    • /
    • pp.1-13
    • /
    • 2014
  • This study aims to expand the future study methodology and to develop a methodology of future-oriented curriculum analysis with future skills needs derived from patent analysis. With the case of information security, the methodology is applied to the 16 universities, which have information security department in undergraduate course. From the results, the followings are suggested : 1) for the increasing importance area including hacking, infiltration and PC security, a practical exercise should be emphasized; 2) for the convergence area including security policy, security legislation and OS security, proper faculties should be filed with recruiting field-based experts; 3) for the increasing importance area including professional area including security audit and information security protocol, the advanced curriculum related to graduate level should be provided.

복합전력계통 신뢰도평가의 확률론적 안전도 도입 (The Implementation of Probabilistic Security Analysis in Composite Power System Reliability)

  • 차준민;권세혁;김형철
    • 대한전기학회논문지:전력기술부문A
    • /
    • 제55권5호
    • /
    • pp.185-190
    • /
    • 2006
  • The security analysis relates to the ability of the electric systems to survive sudden disturbances such as electric short circuits or unanticipated loss of system elements. It is composed of both steady state and dynamic security analyses, which are not two separate issues but should be considered together. In steady state security analysis including voltage security analysis, the analysis checks that the system is operated within security limits by OPF (optimal power flow) after the transition of a new operating point. On the other hand, dynamic security analysis deals that the transition will lead to an acceptable operating condition. Transient stability, which is the ability of power systems to maintain synchronism when subjected to a large disturbance, is a principal component in dynamic security analysis. Usually any loss of synchronism will cause additional outages. They make the present steady state analysis of the post-contingency condition inadequate for unstable cases. This is the reason of the need for dynamics of systems. Probabilistic criterion can be used to recognize the probabilistic nature of system components and shows the possibility of system security. A comprehensive conceptual framework for probabilistic static and dynamic assessment is presented in this paper. The simulation results of the Western System Coordinating Council (WSCC) system compare an analytical method with Monte-Carlo simulation (MCS). Also, a case study of the extended IEEE Reliability Test System (RTS) shows the efficiency of this approach.

ISO/IEC 15408, 18045 기반 소프트웨어 취약성 분석 방법론 (Refining software vulnerbility Analysis under ISO/IEC 15408 and 18045)

  • 임재우
    • 정보보호학회논문지
    • /
    • 제24권5호
    • /
    • pp.969-974
    • /
    • 2014
  • 국제표준인 공통평가기준에서는 취약성 정보를 수집하고 침투시험을 수행하는 과정을 요구하고 있다. 하지만 촉박한 개발 및 평가 기간에 따라 임시방편의 취약성 점검 및 분석이 이뤄지며 취약성 분석에 대한 체계의 부재로 개발자의 역량에 따라 취약성 분석 및 적용이 제각각 이루어지고 있다. 이에 동일한 평가등급을 획득한 제품임에도 불구하고 보안성 품질이 상이하다. 본 논문에서는 방대한 취약성 정보를 직관적으로 이해하고 적용할 수 있는 취약성 분류체계 및 적용 방안을 제시한다. 뿐만 아니라, 보안성 평가 대상 여부와 무관하게 정보보호제품 개발 시 정보보호제품 개발 및 평가에 실용적으로 적용할 수 있는 정보보호제품의 보안성 품질 관리 방안을 제안하고자 한다.

정보보호 시스템 보안성 자동 분석 방법 연구 (A Study on Scheme of Automatical Security Analysis Tools for Information Security System)

  • 김점구;김태은
    • 융합보안논문지
    • /
    • 제8권1호
    • /
    • pp.117-127
    • /
    • 2008
  • 국내 보안관리 시스템의 후진성은 선진기술을 가진 외국 보안업체에 의존하는 현상을 낳았고, 이는 국내 기업은 물론 공공기관의 기밀사항이 외국에 유출될 위험을 내포하고 있다. 따라서 본 논문은 국내 공공망의 안전성 유지를 위한 자동화 보안분석 시스템을 설계 구현함으로서 보안성 분석기술을 확보하고, 이를 이용 공공기관의 보안수준을 높이며 외국업체에 대한 의존도를 줄여 국가 보안 안전성 확보에 기여하고자 한다.

  • PDF

CALS체계의 정보보호 구조 연구 (A Study on the Security Architecture of CALS System)

  • 남길현
    • 한국전자거래학회지
    • /
    • 제4권2호
    • /
    • pp.197-208
    • /
    • 1999
  • With developing computer and communication technologies, the concept of CALS system has been popular not only to military but also to commercial industries. The security problem is one of the most critical issues to construct CALS infrastructure. The CALS system needs some security functions such that data confidentiality, integrity, authenticity, availability, and non-repudiation. This paper proposes a security architecture model in CALS. The security architecture model is composed of 5 submodels such that network security model, authentication and key management model, operation and audit model, integrated database security model, and risk analysis model.

  • PDF

보안기능의 무력화 공격을 예방하기 위한 위협분석 기반 소프트웨어 보안 테스팅 (Threat Analysis based Software Security Testing for preventing the Attacks to Incapacitate Security Features of Information Security Systems)

  • 김동진;정윤식;윤광열;유해영;조성제;김기연;이진영;김홍근;이태승;임재명;원동호
    • 정보보호학회논문지
    • /
    • 제22권5호
    • /
    • pp.1191-1204
    • /
    • 2012
  • 정보보안시스템을 무력화하는 공격이 나타남에 따라, 정보보안제품의 취약성을 분석하는 보안 테스팅에 대한 관심이 높아지고 있다. 보안제품 개발의 주요 단계인 침투 테스팅은, 공격자가 악용할 수 있는 취약성을 찾기 위해 컴퓨터 시스템을 실제적으로 테스팅하는 것이다. 침투 테스팅과 같은 보안 테스팅은 대상 시스템에 대한 정보 수집, 가능한 진입점 식별, 침입 시도, 결과 보고 등의 과정을 포함한다. 따라서 취약성 분석 및 보안 테스팅에서 일반성, 재사용성, 효율성을 극대화하는 것이 매우 중요하다. 본 논문에서는, 정보보호제품이 자신의 보안 기능을 무력화하거나 우회하는 공격에 대응할 수 있는 자체보호기능 및 우회불가성을 제공하는 가를 평가할 수 있는 위협분석 기반의 소프트웨어 보안 테스팅을 제안한다. 위협분석으로 취약성을 식별한 후, 보안 테스팅의 재사용성과 효율성을 개선하기 위해 소프트웨어 모듈과 보안 기능에 따라 테스팅 전략을 수립한다. 제안기법은 위협 분석 및 테스팅 분류, 적절한 보안테스팅 전략 선정, 보안 테스팅으로 구성된다. 사례연구와 보안테스팅을 통해 제안 기법이 보안 시스템을 체계적으로 평가할 수 있음을 보였다.