• International journal of advanced smart convergence
• /
• v.5 no.4
• /
• pp.54-56
• /
• 2016

Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• Korean Security Journal
• /
• no.10
• /
• pp.53-77
• /
• 2005

This thesis analyzes the effectiveness of master's transformational and transactional leadership on organizational commitment as well as job satisfaction of private security, scrutinizes the difference in master's leadership according to social-demographic group. The sum of this thesis is as follows. To begin with, analyzed the difference of leadership style according to social-demographic characteristics of private security, it showed that monthly income is over 2.5 million won as well as people over 30 years old have higher transformational leadership than the others. That is, the older people's age is and the more someone gains his living, the higher he esteems and trusts his master who has charisma, personal concern and shows intellectual stimulus. And examined thoroughly the difference of organizational commitment as well as job satisfaction in accordance with social-demographic characteristics of private security, people who are 20-25 years old, are college graduates and employees who have worked for 2-3 years do well calculational commitment. It means that the younger he is and the lower academic background is, the higher calculational commitment is by the profit and loss which affects them. Secondly, inquired into consequence of leadership style on job satisfaction. Leadership of intellectual stimulus has negative effect on job satisfaction, whereas it has positive effect on conditional compensation. Exactly, if the master exhibits leadership that stimulate to improve an initiative, it reduces the job satisfaction. On the contrary, for the reason that his master indicates leadership that accompanies conditional compensation, job satisfaction tends to increase. Finally, judged from the effects of leadership style on organizational commitment, the charisma, the lower factor of transformational leadership affects to emotional commitment positively and then, it shows that employees tend to become attached to the organization and have a sense of oneness with it, if their master is able to show charismatic leadership. In conclusion, the private security companies pursue employees whose school career and payment is lower because of incidence in labor expense related with the profit and loss. Owing to it, employees are not satisfied with their job much. And also there is the change in increasing rate of job satisfaction according to business performance of the conditional compensation, i.e. a consideration, a promotion, etc., and the calculational commitment. Therefore, the university should try to focus on the researches for cultivate more professional manpower for business, the companies must try to make better deal, offer welfare for their employees to develop of the private security industry, to rise the job satisfaction of private security. And then, investigation to find private security's own level ought to be done by organic industry-academic cooperation of university and industries.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Korean Institute of Interior Design Journal
• /
• v.22 no.4
• /
• pp.121-129
• /
• 2013

This study was aimed at determining the characteristics of circular multi-family housing under the assumption that the shape of a residential building affects local identity. A total of six case studies were included in this study, three case studies on idle historical industrial facilities turned into residential buildings and another three on multi-family housing located in newly developed residential complexes. The study drew its conclusions as follows. First, the design of circular multi-family housing was intended to maximize security and defense from the outside in older times. This was later developed as the terrace house style with geometric urban squares designed under the urban planning of the Baroque period. This evolved high-density housing with a courtyard in the center offering a green open space, with the aim of restoring a sense of humanity. Second, the six case studies on circular multi-family housing were analyzed from the viewpoint of each factor of local identity, including historical and cultural, landscape, and community. Third, the historical and cultural elements of circular multi-family housing are found in some unused historical industrial facilities remodeled into residential buildings. They provide new capabilities and shapes desired by society at a given time, while maintaining familiar styles and elements of history, integrating a legacy of the past into the present. Fourth, circular multi-family housing with unique shapes and structures often become landmarks of a region with their distinctive appearance against a uniform urban environment and the monotonous scenery of residential complexes. They also show a high level of visual awareness with the distinctive shapes made possible when new elements are added to a historical exterior. Finally, circular multi-family housing with courtyards in the center prompt social contact between inhabitants, especially with dormitories and rental houses for the low-income bracket, which provide a small individual units with high use common space. Circular multi-family housing are planned in a manner similar to a small village or a city. They are designed to enhance sense of community, allocating various public amenities and provide cultural and commercial spaces on the ground floor and courtyard areas.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.2
• /
• pp.127-145
• /
• 2017

The purpose of this study is to empirical case study for the instructional design of flipped classroom by job-capability advancement of IT business majors. A student of IT business school has learned a lot of management educations for four years. But, they don't recognize a connection between school education and business practice. A subject based on the humanities, and social sciences consisted of mostly the memorization. The undergraduate class lack a practice's curriculum by a creative-oriented lesson rather than memorization-oriented. In particular, An IT business is now recognized as a significance emerging IT investment, the Internet of Things, information security, big data and strategy's ERP. For these reasons, it is important for an instructional design for understanding business practices of the students. Accordingly, Flipped classroom with participatory class be needed increasingly for students' practical sense. We will propose a design method of flipped classroom for inspiring business education. In this, new instructional design overturned traditional teaching method. After the student conducts a prior learn at home, school will accomplish a problem solving through question and answer. This design effected a boredom suppress and creative enforcement of student and an intimacy increase of instructor. In addition, A participatory class and reciprocal peer tutoring will be possible by a spontaneous self-directed learning of student. We were designed course of project type based on big data theory and application to target the fourth-year course. In conclusion, the new instruction provided a help to learning synergy between student and lecturer. During the lessons, the student showed improvement of business sense and enhanced problem solving capability. The lecturer has the intimacy through communication interaction with students.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.57-64
• /
• 2022

This scientific article is devoted to the study of the legal significance of such a category of legal status of the purchaser of another's thing, as its good faith. The essence of this phenomenon has been studied, it has been established that the criterion of good faith attaches significant importance to the claims of the participants of these relations for the acquisition or preservation of private property rights. The paper emphasizes that, in addition to the importance of good conscience at the time of possession of another's thing, which gives legal certainty the possibility of registration of the title and is part of the actual composition for the acquisition of property or the right of ancient possession, bona fides also characterizes the behavior of the occupier. In this case, good conscience only has some legal consequences when it is opposed to subjective law. Under such conditions, it acquires direct legal significance, including as a condition for the acquisition and protection of rights. Good faith possession of another's property is an internal indicator of the subject's awareness of a certain property status. This sense, the article assesses this status from the standpoint of the scientific concept of the visibility of law. According to this theory, prescription is also considered as a consequence of the appearance of law, however, because it arises and lasts against the will of the parties and despite their awareness of this fact. Therefore, bona fide continuous and open possession of property as one's own, during the acquisition period, was most significantly associated with the appearance of property. Therefore, the concept of good faith, in the sense of personal perception of real values, is closely related to the principle of protection of the appearance of law, as it is aimed at understanding it by third parties. The paper notes certain differences in the application of the theory of the appearance of the right in the acquisition of property by a bona fide purchaser from an unauthorized alienator and the acquisitive prescription. It is emphasized that such a mechanism must be used in presuming the attitude to the thing as its own, by the holder of movable property. But there should be exceptions to the rule, in particular, if the owner has grounds for vindication of the thing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.6
• /
• pp.1462-1470
• /
• 2013

This paper proposes an SWAD-KNH(Sybil & Wormhole Attack Detection using Key, Neighbor list and Hop count) technique which consists of an SWAD(Sybil & Wormhole Attack Detection) module detecting an Worm attack and a KGDC(Key Generation and Distribution based on Cluster) module generating and an sense node key and a Group key by the cluster and distributing them. The KGDC module generates a group key and an sense node key by using an ECDH algorithm, a hash function, and a key-chain technique and distributes them safely. An SWAD module strengthens the detection of an Sybil attack by accomplishing 2-step key acknowledgement procedure and detects a Wormhole attack by using the number of the common neighbor nodes and hop counts of an source and destination node. As the result of the SWAD-KNH technique shows an Sybil attack detection rate is 91.2% and its average FPR 3.82%, a Wormhole attack detection rate is 90%, and its average FPR 4.64%, Sybil and wormhole attack detection rate and its reliability are improved.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.14 no.4
• /
• pp.91-100
• /
• 2019

Many university students try to start up a lot because of career uncertainty, and this study reflected this environmental situation. The subject of the study is the degree to which subjective norms of university students affect the start-up intention. In addition, we looked at the mediated effects of self-efficiency and the moderated effects of security competence. To verify the hypothesis of the study, 201 university students in Seoul were asked about the relevant variables. And based on prior theory, hypotheses and questionnaires were made. In addition, the validity, reliability and correlation analysis of each variable were conducted. Multiple regression analysis was used for hypothesis analysis. As a result, subjective norms have a positive effect on the start-up intention. Next, self-efficiency was found to be mediating the relationship between subjective norms and start-up intentions. Finally, when subjective norms affect the start-up intention, security competence showed negative moderate effect. The implications of this study are as follows: First, a positive perception of start-up by those around them is needed when it comes to raising the intention of starting a business. This positive perception also affects the confidence and sense of challenge in start-up and affects their start-up intention. However, if career anchor prefer stable employment for the organization, it can be seen that they negatively affect the start-up intention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.65-75
• /
• 2011

Power Line Communication (PLC) is a system for carrying data on a conductor used for electric power transmission. Recently, PLC has received much attention due to connection efficiency and possibility of extension. It can be used for not only alternative communication, in which communication line is not sufficient, but also for communication between home appliances. Korea Electronic Power Cooperation (KEPCO) is constructing the system, which automatically collects values of power consumption of every household. Due to the randomness and complicated physical characteristics of PLC protocol (KS X4600-1), it has been believed that the current PLC is secure in the sense that it is hard that an attacker guesses or modifies the value of power consumption. However, we show that the randomness of the protocol is closely related to state of the communication line and thus anyone can easily guess the randomness by checking the state of the communication line. In order to analyze the security of PLC, we study the protocol in detail and show some vulnerability. In addition, we suggest that PLC needs more secure protocol on higher layers. We expect that the study of PLC help in designing more secure protocol as well.