• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.1
• /
• pp.406-434
• /
• 2019

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.1-10
• /
• 2003

In this paper, we propose a secure communication framework for interaction and information sharing between a server and agents in DS-NVSA(Detection System of Network Vulnerability Scan Attacks) proposed in〔1〕. For the scalability and interoperability with other detection systems, we design the proposed IDMEF and IAP that have been drafted by IDWG. We adapt IDMEF and IAP to the proposed framework and provide SKTLS(Symmetric Key based Transport Layer Security Protocol) for the network environment that cannot afford to support public-key infrastructure. Our framework provides the reusability of heterogeneous intrusion detection systems and enables the scope of intrusion detection to be extended. Also it can be used as a framework for ESM(Enterprise Security Management) system.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.91-106
• /
• 2010

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.82-89
• /
• 2021

Recently, applications are increasing the importance of security for published documents. This paper deals with data-publishing where the publishers must state sensitive information that they need to protect. If a document containing such sensitive information is accidentally posted, users can use common-sense reasoning to infer unauthorized information. In recent studied of peer-to-peer databases, studies on the security of data of various unique groups are conducted. In this paper, we propose a security framework that fundamentally blocks user inference about sensitive information that may be leaked by XML constraints and prevents sensitive information from leaking from general user. The proposed framework protects sensitive information disclosed through encryption technology. Moreover, the proposed framework is query view security without any three types of XML constraints. As a result of the experiment, the proposed framework has mathematically proved a way to prevent leakage of user information through data inference more than the existing method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.657-659
• /
• 2011

Given the security and privacy problems in the application of Radio Frequency Identification(RFID), this paper is proposed a kind of novel security framework, aiming to find a better mechanism in security and privacy problems. This paper reviews the relative work of RFID security mechanisms, then, the overall design scheme and modularized implementation of a secure RFID system based on trusted computing technologies is presented.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.95-102
• /
• 2017

A large volume of research has been devoted to the development of security tools for protecting the Smart Grid systems, however the most of them have not taken the Availability, Integrity, Confidentiality (AIC) security triad model, not like CIA triad model in traditional Information Technology (IT) systems, into account the security measures for the electricity control systems. Thus, this study would propose a novel security framework, an abnormal behavior detection system, to maximize the availability of the control systems by considering a unique set of characteristics of the systems.

• Journal of information and communication convergence engineering
• /
• v.8 no.2
• /
• pp.129-135
• /
• 2010

Wireless sensor networks (WSNs) are an emerging technology and offers economically viable monitoring solution to many challenging applications. However, deploying new technology in hostile environment, without considering security in mind has often proved to be unreasonably unsecured. Apparently, security techniques face many critical challenges in WSNs like data security and secrecy due to its hostile deployment nature. In order to resolve security in WSNs, we propose a novel and efficient secure framework called TriSec: a secure data framework for wireless sensor networks to attain high level of security. TriSec provides data confidentiality, authentication and data integrity to sensor networks. TriSec supports node-to-node encryption using PingPong-128 stream cipher based-privacy. A new PingPong-MAC (PP-MAC) is incorporated with PingPong stream cipher to make TriSec framework more secure. PingPong-128 is fast keystream generation and it is very suitable for sensor network environment. We have implemented the proposed scheme on wireless sensor platform and our result shows their feasibility.

• The Journal of the Korea Contents Association
• /
• v.5 no.4
• /
• pp.160-168
• /
• 2005

Today, home networking security shows the complicated and various characteristics of requirements for consideration because of the variety of information appliances and share of resources among them. Therefore, security framework to satisfy with security functions is arranged ,regardless of the variety of communication medium and protocols. Thus, we construct security framework for mobile host(or user) to securely control devices in home-network through the variety of suggested mechanism, with security mechanism to be available for future home networking model, and verified the performance of our model.

• Journal of Computing Science and Engineering
• /
• v.5 no.4
• /
• pp.331-337
• /
• 2011

Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect security-sensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1169-1180
• /
• 2013

Emulab is a research framework developed by Utah university, proving on-demend research environment service so that researchers can set up and use the environment at anytime. The main advantage of Emulab over other research methodologies like simulation or virtualization is to use real systems and networks using real operating systems, making the research environment much similar to the real world. Even though Emulab has been actively used in many areas such as security and network, there has been little use in Korea research community. As KISTI recently constructed a small Emulab, it is expected that many researchers and educators would make use of the Emulab. In this study, we introduce Emulab to Korea research community and give an overview of utilization trend of Emulab as a cyber security research framework.