• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.21 no.9
• /
• pp.95-100
• /
• 2007

The importance of communication security is increased in the power industry. The representative communication network of power industry is the SCADA(Supervisory Control and Data Acquisition) systems. The SCADA system has been used for remote measurement and control in the power industry. Recently, many studies of SCADA network security have been carried out around the world. In this paper, we introduce recent security issues in the SCADA network and propose the application of a symmetric encryption method to the Korea SCADA network.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.57-66
• /
• 2011

We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2178-2181
• /
• 2003

Active networks allow active node’s functionality to be extended dynamically through the use of active extensions. This flexible architecture facilitates the deployment of new network protocols and services. However, the active nature of a network also raises serious safety and security concerns. These concerns must be addressed before active networks can be deployed. In this paper we look at how we can control active extension’s access to different active nodes. Specifically, the authentication between active nodes is very important in this case. We use unique identity each node has for transferring access policies between active nodes. In this paper, we suggest a new method of transferring access policies performing authentications using identities between active nodes.

• Korean Security Journal
• /
• no.4
• /
• pp.319-341
• /
• 2001

Most of protecting security activity is carried out by manpower partly by security equipment. The protecting security market and the area of protecting security activity is increasing in spite of change of economic and social environment situation. For more effective protecting security activity, the coordination of electronic equipment and manpower is required. So some application method is suggested throughout the thesis, which is especially focused on new approaching method. The integration of intrusion detecting system, C.C.TV system and Access control system is introduced for general application in chapter III, and some application systems are proposed for protecting security activity in chapter IV. But the security equipment is only aid for manpower, so manpower and equipment should be coordinated well.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• KSCI Review
• /
• v.14 no.2
• /
• pp.109-115
• /
• 2006

In this paper, we proposed service security model and remote management service on OSGi computing environment. The model is used to make access control decisions like permission-based security inside the java2 platform. In model, policies are defined using a flat text file and include bundles. It method granted flexibility and extendability of access control of bundles and services. Also, we proposed service architecture efficiently for remote management service.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.40-52
• /
• 2024

Cyber-Physical Systems (CPS) are introduced as complex, interconnected systems that combine physical components with computational elements and networking capabilities. They bridge the gap between the physical world and the digital world, enabling the monitoring and control of physical processes through embedded computing systems and networked communication. These systems introduce several security challenges. These challenges, if not addressed, can lead to vulnerabilities that may result in substantial losses. Therefore, it is crucial to thoroughly examine and address the security concerns associated with CPS to guarantee the safe and reliable operation of these systems. To handle these security concerns, different existing security requirements methods are considered but they were unable to produce required results because they were originally developed for software systems not for CPS and they are obsolete methods for CPS. In this paper, a Security Requirements Engineering Methodology for CPS (CPS-SREM) is proposed. A comparison of state-of-the-art methods (UMLSec, CLASP, SQUARE, SREP) and the proposed method is done and it has demonstrated that the proposed method performs better than existing SRE methods and enabling experts to uncover a broader spectrum of security requirements specific to CPS. Conclusion: The proposed method is also validated using a case study of the healthcare system and the results are promising. The proposed model will provide substantial advantages to both practitioners and researcher, assisting them in identifying the security requirements for CPS in Industry 4.0.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.515-528
• /
• 2012

The aim of this article is to provide a study on the issue of inventory inaccuracy and to show the manner in which RFID technology can improve the inventory management performance. The objective of inventory control is to monitor the stock flow of merchandises in order to understand the operating profit and loss. A proper mechanism of inventory control could be made to help the profitability. As RFID is applied to inventory control, it can improve efficiency, enhance accuracy and achieve security. In this paper, we introduce the evolution of different mechanisms of inventory control with RFID system-counting method, collect-all method, and continuous monitoring method. As for improving the accuracy of inventory check during business hours, continuous monitoring is the solution. We introduce the infrastructure of the RFID inventory management system based on M2M architecture can make the inventory be efficiently monitored with instant warnings.

• The Journal of the Korea Contents Association
• /
• v.22 no.2
• /
• pp.71-79
• /
• 2022

Currently, even if control and mock hacking are performed for the security of web servers, vulnerabilities continue to occur and be hacked. To solve this problem, we have developed a secure web server that can control all web communication using sockets between L4 and L5. And when giving HTTP responses, we proposed a method of combining files and headers in advance. As a result, both security and speed could be improved. Therefore, in this paper, we proposed the reason why vulnerabilities occur even if control and mock hacking occur, a solution to it, and a security web server development method that can maintain security up to DB.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1077-1088
• /
• 2019

As the cyber threats of nuclear power plants become more necessary to systematically prepare against the cyber attack, the international community and the domestic government are urged to apply proper security controls for Critical Digital Assets (CDA) through cyber security regulatory guidelines. In this study, we suggests the application of security controls to develop the regulatory requirements of the graded approach through the analysis of domestic and foreign cyber security regulation guidelines and best practices for digital assets directly related to nuclear accidents. In order to apply the regulatory requirements based on the consequence(impact of infringement) of the regulated facility, which is a basic consideration of the graded approach, we will classify two methods and describe details of each method. By reanalyzing existing security controls, it is introduced that the method of demanding digital assets directly related to accident to enhance security controls required for existing CDA or develop additional security controls and requiring minimum security controls for CDA that are not directly related to accident.