• Title/Summary/Keyword: Security Management Framework

Search Result 366, Processing Time 0.024 seconds

Design and Implementation of Hierarchical Patch Management System Supporting Global Network (대규모 네트워크를 지원하는 계층적 패치관리시스템 설계 및 구현)

  • 서정택;윤주범;박응기;이상원;문종섭
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.199-204
    • /
    • 2004
  • Operating systems and application programs have security vulnerabilities derived from the software development process. Recently, incident cases related with the abuses of these vulnerabilities are increasing and the damages caused by them are becoming very important security issues all over the nations. Patch management is one of the most important processes to fix vulnerabilities of softwares and to ensure a security of systems. Since an institute or a company has distributed hierarchical and heterogeneous systems, it is not easy to update patches promptly. In this paper, we propose patch management framework to safely distribute and install the patches on Windows, Linux, and Solaris client systems. Besides, we censidered extensibility and hierarchical structure for our patch management framework to support large scaled network environment.

  • PDF

Study on Security Framework using Security Quantitative Analysis for the Effective Multimedia Services to WLAN Mesh Network (무선랜 메쉬 네트워크에서의 효율적인 멀티미디어 서비스를 위한 보안 정량화 기반의 프레임워크 연구)

  • Shin, Myoung-Sub;Lim, Sun-Hee;Yi, Ok-Yeon;Lim, Jong-In
    • Journal of Broadcast Engineering
    • /
    • v.13 no.2
    • /
    • pp.261-273
    • /
    • 2008
  • Multimedia service whose use is rapidly increasing supports effective services to convert and transmit multimedia data based on network speed, noise circumstance, terminal computation, and type of contents for satisfying QoS. For supporting information protection of multimedia service, it offers middle level of singular security service or security mechanism which is based on policy of service provider, depending on present terminal computation and type of contents. It can support security mechanism for more effective multimedia service, if we study security of application layer and network layer for supporting multimedia service. In this paper, we propose Multimedia security framework reflected on quantitative analysis of the WLAN(Wireless Local Area Network) mesh network security using the utility function in the level of the sorority, violation and addictive compensation model.

Information security auditing Framework in Industrial control system (산업제어시스템 정보보안 감리 프레임워크 연구)

  • Lee, Chul-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.139-148
    • /
    • 2008
  • Information technology have led to change the automation of large industrial control system as well as business system and environments. Industrial control system(ICS) is vital components of most nation's critical infrastructures such as electricity, natural gas, water, waste treatment, transportation and communication that are based of national security, safety of citizen and development of national economy According to the change of business environment, organizational management pushed integration all of the system include MIS and ICS. This situation led to use standard information technologies for ICS, this transition has been to expose ICS to the same vulnerabilities and threats that plague business system. Recently government obliged owners of the public information system to audit for safety, efficiency and effectiveness, and also obliged the owners of national infrastructure to improve their system security as a result of vulnerability analysis. But there doesn't prepare a security architecture and information security auditing framework of ICS fur auditing. In this paper, I suggested the security architecture and information security auditing framework for ICS in order to prepare the base of industrial system security auditing.

Enhanced ANTSEC Framework with Cluster based Cooperative Caching in Mobile Ad Hoc Networks

  • Umamaheswari, Subbian;Radhamani, Govindaraju
    • Journal of Communications and Networks
    • /
    • v.17 no.1
    • /
    • pp.40-46
    • /
    • 2015
  • In a mobile ad hoc network (MANET), communication between mobile nodes occurs without centralized control. In this environment the mobility of a node is unpredictable; this is considered as a characteristic of wireless networks. Because of faulty or malicious nodes, the network is vulnerable to routing misbehavior. The resource constrained characteristics of MANETs leads to increased query delay at the time of data access. In this paper, AntHocNet+ Security (ANTSEC) framework is proposed that includes an enhanced cooperative caching scheme embedded with artificial immune system. This framework improves security by injecting immunity into the data packets, improves the packet delivery ratio and reduces end-to-end delay using cross layer design. The issues of node failure and node malfunction are addressed in the cache management.

Comparative Analysis on ICT Supply Chain Security Standards and Framework (ICT 공급망 보안기준 및 프레임워크 비교 분석)

  • Min, Seong-hyun;Son, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1189-1206
    • /
    • 2020
  • Recently, ICT companies do not directly design, develop, produce, operate, maintain, and dispose of products and services, but are outsourced or outsourced companies are increasingly in charge. Attacks arising from this are also increasing due to difficulties in managing vulnerabilities for products and services in the process of consignment and re-consignment. In order to respond to this, standards and systems for security risk management of ICT supply chain are being established and operated overseas, and various case studies are being conducted. In addition, research is being conducted to solve supply chain security problems such as Software Bill of Materials (SBOM). International standardization organizations such as ISO have also established standards and frameworks for security of ICT supply chain. In this paper, we presents ICT supply chain security management items suitable for domestic situation by comparing and analyzing ICT supply chain security standards and systems developed as international standards with major countries such as the United States and EU, and explains the necessity of cyber security framework for establishing ICT supply chain security system.

Modeling and Implementation of A Dynamic Reconfiguration Framework (동적 형상조정 프레임워크의 모델링 및 구현)

  • 윤태웅;민덕기
    • Journal of the Korea Society for Simulation
    • /
    • v.12 no.3
    • /
    • pp.83-94
    • /
    • 2003
  • For 24 hours-7 days service on distributed systems, a great deal of efforts are investigated on high availability for seamless operation. In this paper, we propose a dynamic reconfiguration framework of distributed systems, called "hot-swapping" framework. This framework allows us to upgrade and exchange a number of modules of a distributed system without stopping running service as well as the system itself. In order to hide the state of service operation, the framework employes the "proxy" design pattern. Our framework provides two types of proxies: a static proxy and a dynamic proxy, Static proxies can achieve fast execution time, but they need to be changed whenever any minor change exists in the related swappable module. Meanwhile, dynamic proxies takes longer execution time, but do not need to be changed under minor changes of swappable modules. We compare performances of static and dynamic proxies and also apply the framework to a real situation with security management modules. management modules.

  • PDF

Design of Security Management Function for SNMPv3 using Role-Based Access Control Model (역할기반 접근통제 모델을 이용한 SNMPv3 보안관리기능 설계)

  • 이형효
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2001.05a
    • /
    • pp.1-10
    • /
    • 2001
  • SNMPv3 provides the security services such as authentication and privacy of messages as well as a new flexible and extensible administration framework. Therefore, with the security services enabled by SNMPv3, network managers can monitor and control the operation of network components more secure way than before. But, due to the user-centric security management and the deficiency of policy-based security management facility, SNMPv3 might be inadequate network management solution for large-scaled networks. In this paper, we review the problems of the SNMPv3 security services, and propose a Role-based Security Management Model(RSM), which greatly reduces the complexity of permission management by specifying and enforcing a security management policy far entire network.

  • PDF

Enhanced Security Scheme to Support Secure and Fast ASN-anchored Mobility in Mobile WiMAX

  • Park, Chang-Seop;Kang, Hyun-Sun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.11
    • /
    • pp.2204-2220
    • /
    • 2011
  • Without providing a proper security measure to the handover procedure in Mobile WiMAX, several security attacks can be mounted. Even though security schemes have been previously proposed for this purpose, they are still vulnerable to several security attacks due to fatal design flaws. A newly proposed security scheme in this paper is based on the framework of authentication domain and concept of handover ticket. A method of establishing security associations within the authentication domain is proposed, and a lightweight security measure to protect the management messages associated with the handover is also proposed. Especially, using the handover ticket, the new security scheme can defend against a Redirection Attack arising from a compromised base station. The new security scheme is comparatively analyzed with the previous security schemes in terms of Replay, Session Hijacking, Man-In-The-Middle, and Redirection attacks.

Research on the construction concept and general framework of Smart Water Resource

  • Tian, Yu;Li, JianGuo;Jiang, Yun-zhong
    • Proceedings of the Korea Water Resources Association Conference
    • /
    • 2015.05a
    • /
    • pp.216-216
    • /
    • 2015
  • Frequent hydro-meteorological events caused by global climate change and human exacerbate activities, make the water resource problem more complicated. The increasing speed urbanization brings a significant impact on the city flood control and security, water supply safety, water ecological security, water environment safety and the water engineering security in China, and puts forward higher requirements to urban water integrated management, undoubtedly which become the biggest obstacle for water ecological civilization construction, thus urgent requiring an advanced methods to enhance the effectiveness of the water integrated management. The other fields of smart ideas point out a development path for water resource development. The construction demand of smart water resource is expounded in the paper, combining the philosophy of modern Internet of things with the application of cloud computing technology. The concept of smart water resource is analyzed, the connotation characteristics of smart water resource is extracted, and the general model of smart water resource is refined. Then, the frame structure of smart water resource is put forward. The connotation and the overall framework of the smart water resource represent a higher level of water resource informationization development and provide a comprehensive scientific and technological support to transform water resource management from an extensive, passive, static, branch and traditional management to a fine, active, dynamic, collaborative and modern management.

  • PDF

Financial Security of Vietnamese Businesses and Its Influencing Factors

  • NGUYEN, Van Cong;NGUYEN, Thi Ngoc Lan
    • The Journal of Asian Finance, Economics and Business
    • /
    • v.7 no.2
    • /
    • pp.75-87
    • /
    • 2020
  • This paper aims to not only investigate the nature of financial security and its measurement, but also to compare financial security level in 629 listed companies divided into four different industries (materials, industrials, health care, and consumer goods) before building a theoretical framework and regression models to examine the determinants of financial security. By gathering 2,167 financial statements published in Vietnamese Stock Exchange during eight years from 2012 to 2019, with the support of STATA, the research results indicate that six different internal factors, which are liquidity, profitability, firm size, debt management ratios, asset management ratios, and cash flows, explain 77.7% the change of financial security ratio and 3.4% the change in sustainable growth ratio. Specifically, while firm size has a positive impact on sustainable growth ratio but a negative impact on financial security ratio, deb management and profitability have an insignificant influence on the financial security level. Furthermore, an increase in asset management ratios would result positively in both two dependent variables whereas a rise in sustainable growth and a decline in financial security ratio are expected to witness if there is an increase in cash flows.