• Title/Summary/Keyword: Security controls

Search Result 201, Processing Time 0.03 seconds

A Study on Developing Assessment indicators for Cyber Resilience (사이버 레질리언스 평가지표 개발에 관한 연구)

  • Kim, Sujin;Kim, Jungduk
    • Journal of Digital Convergence
    • /
    • v.15 no.8
    • /
    • pp.137-144
    • /
    • 2017
  • Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.

A Comparative Study on Information Security Management Activity of Public Sector in USA & Korea (미국과 우리나라의 정보보안관리 활동 비교연구)

  • Kim So-Jeong
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.69-74
    • /
    • 2006
  • USA is strengthening the information sanity by managing federal agency's information and information system systematically. For this purpose, US government put the Federal Information Security Management Act into the E-Government Act of 2002. According to the FISMA, it is required to have information security management plan for ail federal agencies. In addition that, Inspector Generals of these agencies should assess the status of their agency and report the result to the office of Management and Budget. Collecting all the reports from each agency, OMB should report to GAO on general status of information security of federal agency. It is helpful to provoke the information security as a necessary activity to realize the E-government. Comparing these efforts with our system will give us good implications to get more idea to secure our information system.

Smart grid and nuclear power plant security by integrating cryptographic hardware chip

  • Kumar, Niraj;Mishra, Vishnu Mohan;Kumar, Adesh
    • Nuclear Engineering and Technology
    • /
    • v.53 no.10
    • /
    • pp.3327-3334
    • /
    • 2021
  • Present electric grids are advanced to integrate smart grids, distributed resources, high-speed sensing and control, and other advanced metering technologies. Cybersecurity is one of the challenges of the smart grid and nuclear plant digital system. It affects the advanced metering infrastructure (AMI), for grid data communication and controls the information in real-time. The research article is emphasized solving the nuclear and smart grid hardware security issues with the integration of field programmable gate array (FPGA), and implementing the latest Time Authenticated Cryptographic Identity Transmission (TACIT) cryptographic algorithm in the chip. The cryptographic-based encryption and decryption approach can be used for a smart grid distribution system embedding with FPGA hardware. The chip design is carried in Xilinx ISE 14.7 and synthesized on Virtex-5 FPGA hardware. The state of the art of work is that the algorithm is implemented on FPGA hardware that provides the scalable design with different key sizes, and its integration enhances the grid hardware security and switching. It has been reported by similar state-of-the-art approaches, that the algorithm was limited in software, not implemented in a hardware chip. The main finding of the research work is that the design predicts the utilization of hardware parameters such as slices, LUTs, flip-flops, memory, input/output blocks, and timing information for Virtex-5 FPGA synthesis before the chip fabrication. The information is extracted for 8-bit to 128-bit key and grid data with initial parameters. TACIT security chip supports 400 MHz frequency for 128-bit key. The research work is an effort to provide the solution for the industries working towards embedded hardware security for the smart grid, power plants, and nuclear applications.

A RodSecurityRobot Model (로드경비로봇 모델 연구)

  • Yang, Keyong-ae;Shin, Seung-Jung
    • The Journal of the Convergence on Culture Technology
    • /
    • v.4 no.4
    • /
    • pp.401-406
    • /
    • 2018
  • According to the National Security Service of the National Police Agency, intrusion into empty houses increased form 2013 to 2016. Consequentially this statistics seemed that house intrusion, burglary is increasing. Also according to the statistics of Public Prosecutors'Office, a total 203,573 theft crimes occurered in 2016, of which 18.9% were theft after intruding. By reson of this is most frequent case of intrusion and theft, we have been studing the RodSecurityRobot model to enhance security in many factories to manage. In order to care for security to the high place, we have propsed a road guard robot model which controls the ground in cooperation with the robot that manages the ground by using the drones. The robot and the drone move together to autonomy to avoid objects. And they check time interval. they also goes to the charger to charge when there is no battery.

A CASA-Based Dynamic Access Control Scheme for Ubiquitous Environments (유비쿼터스 환경을 위한 CASA 기반의 동적 접근 제어 기법)

  • Kim, Kyoung-Ja;Chang, Tae-Mu
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.4
    • /
    • pp.205-211
    • /
    • 2008
  • Conventional context-aware service models permit the access of resources only by user authentication, but the ubiquitous environments where the context information around users is changing frequently require the resource access control according to the rapid changes. This paper proposes a scheme to control access permission of resource dynamically as context information of user changes. Our access control model is based on traditional CASA (Context-Aware Security Architecture), but can restrict the access of the user already has been authorized. With the real-time checking of context information, our scheme gives different access controls according to changes in environmental information, and provides more secure services than conventional context-aware models.

  • PDF

Estimating Economic Loss by S/W Vulnerability (S/W 취약점으로 인한 손실비용 추정)

  • Kim, Min-Jeong;Yoo, Jinho
    • The Journal of Society for e-Business Studies
    • /
    • v.19 no.4
    • /
    • pp.31-43
    • /
    • 2014
  • These days a lot of cyber attacks are exploiting the vulnerabilities of S/W. According to the trend of vulnerabilities is announced periodically, security directions are suggested and security controls are updated with this trend. Nevertheless, cyber attacks like hacking during the year 2011 are increased by 81% compared to 2010. About 75% of these cyber attacks are exploiting the vulnerabilities of S/W itself. In this paper, we have suggested a VIR model, which is a spread model of malware infection for measuring economic loss by S/W vulnerability, by applying the SIR model which is a epidemic model. It is applied to estimate economic loss by HWP(Hangul word) S/W vulnerabilities.

A Study of Patient's Privacy Protection in U-Healthcare (유헬스케어에서 환자의 프라이버시 보호 방안 연구)

  • Jeong, Yoon-Su;Lee, Sang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.913-921
    • /
    • 2012
  • On the strength of the rapid development and propagation of U-healthcare service, the service technologies are full of important changes. However, U-healthcare service has security problem that patient's biometric information can be easily exposed to the third party without service users' consent. This paper proposes a distributed model according authority and access level of hospital officials in order to safely access patients' private information in u-Healthcare Environment. Proposed model can both limit the access to patients' biometric information and keep safe system from DoS attack using time stamp. Also, it can prevent patients' data spill and privacy intrusion because the main server simultaneously controls hospital officials and the access by the access range of officials from each hospital.

Automatic Detection and Analysis of Desktop Bus'(D-Bus) Privilege Bypass in Tizen (타이젠 용 데스크톱 버스 (D-Bus) 권한 우회 취약점 분석 및 자동 탐지)

  • Kim, Dongsung;Choi, Hyoung-Kee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1023-1030
    • /
    • 2020
  • Wearable devices, such as a smart watch and a wrist band, store owner's private information in the devices so that security in a high level is required. Applications developed by third parties in Tizen request for an access to designated services through the desktop bus (D-Bus). The D-Bus verifies application's privileges to grant the request for an access. We developed a fuzzing tool, so-called DAN (the D-bus ANalyzer), to detect errors in implementations for privilege verifications and access controls within Tizen's system services. The DAN has found a number of vulnerable services which granted accesses to unauthorized applications. We built a proof-of-concept application based on those findings to demonstrate a bypass in the privilege examination.

MyData Personal Data Store Model(PDS) to Enhance Information Security for Guarantee the Self-determination rights

  • Min, Seong-hyun;Son, Kyung-ho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.2
    • /
    • pp.587-608
    • /
    • 2022
  • The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

Cost Based Vulnerability Control Method Using Static Analysis Tool (정적 분석 툴을 이용한 비용 기반의 취약점 처리 방안)

  • Lee, Ki Hyun;Kim, Seok Mo;Park, Young B.;Park, Je Ho
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.5 no.3
    • /
    • pp.139-144
    • /
    • 2016
  • When, Software is developed, Applying development methods considering security, it is generated the problem of additional cost. These additional costs are caused not consider security in many developing organization. Even though, proceeding the developments, considering security, lack of ways to get the cost of handling the vulnerability throughput within the given cost. In this paper, propose a method for calculating the vulnerability throughput for using a security vulnerability processed cost-effectively. In the proposed method focuses on the implementation phase of the software development phase, leveraging static analysis tools to find security vulnerabilities in CWE TOP25. The found vulnerabilities are define risk, transaction costs, risk costs and defines the processing priority. utilizing the information in the CWE, Calculating a consumed cost in a detected vulnerability processed through a defined priority, and controls the vulnerability throughput in the input cost. When applying the method, it is expected to handle the maximum risk of vulnerability in the input cost.