• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권12호
• /
• pp.5654-5668
• /
• 2018

Driven by security and real-time demands of Internet of Things (IoT), the timing of fog computing and edge computing have gradually come into place. Gateways bear more nearby computing, storage, analysis and as an intelligent broker of the whole computing lifecycle in between local devices and the remote cloud. In fog computing, the edge broker requires X-aware capabilities that combines software programmability, stream processing, hardware optimization and various connectivity to deal with such as security, data abstraction, network latency, service classification and workload allocation strategy. The prosperous of Field Programmable Gate Array (FPGA) pushes the possibility of gateway capabilities further landed. In this paper, we propose a software-defined gateway (SDG) scheme for fog computing paradigm termed as Fog Computing Zero-Knowledge Gateway that strengthens data protection and resilience merits designed for industrial internet of things or highly privacy concerned hybrid cloud scenarios. It is a proxy for fog nodes and able to integrate with existing commodity gateways. The contribution is that it converts Privacy-Enhancing Technologies rules into provable statements without knowing original sensitive data and guarantees privacy rules applied to the sensitive data before being propagated while preventing potential leakage threats. Some logical functions can be offloaded to any programmable micro-controller embedded to achieve higher computing efficiency.

• 대한임베디드공학회논문지
• /
• 제8권6호
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.

• Journal of information and communication convergence engineering
• /
• 제12권4호
• /
• pp.237-245
• /
• 2014

In this study, software-based countermeasures against a side-channel cryptanalysis of the Rabbit stream cipher were developed using Moteiv's Tmote Sky, a popular wireless sensor mote based on the Berkeley TelosB, as the target platform. The countermeasures build upon previous work by improving mask generation, masking and hiding other components of the algorithm, and introducing a key refreshment scheme. Our contribution brings improvements to previous countermeasures making the implementation resistant to higher-order attacks. Four functional metrics, namely resiliency, robustness, resistance, and scalability, were used for the assessment. Finally, performance costs were measured using memory usage and execution time. In this work, it was demonstrated that although attacks can be feasibly carried out on unprotected systems, the proposed countermeasures can also be feasibly developed and deployed on resource-constrained devices, such as wireless sensors.

• 한국정보시스템학회지:정보시스템연구
• /
• 제14권3호
• /
• pp.23-30
• /
• 2005

Computer attacks on vulnerable software are ubiquitous. Today's attacks on client PCs can be used to create armies of zombie computers that are capable of wide reach attacks on high profile businesses and governments. The simple act of patching software vulnerabilities will certainly mitigate this problem, but patching has its own set of problems. Further, it is frequently the case that patches which are available to mitigate vulnerabilities are not being made on a timely basis and sometimes are not being made at all. One solution to the patch management dilemma is outsourcing. This paper notes that outsourcing is not a carte blanche decision that can be made based on dollars, but rather that a contingency decision matrix can provide guidance on outsourcing solutions for patch management and other security components as well. The matrix recognizes that IS staff expertise and employee security awareness are two important factors in the outsourcing decision.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2019년도 추계학술발표대회
• /
• pp.968-971
• /
• 2019

본 논문에서는 정상과 봇넷 트래픽을 분류하기 위해 트래픽 데이터에서 페이로드 패턴을 추한다. 추출된 가변 길이의 패턴으로 마코브 체인 분류 모델을 학습한다. 마코브 체인 모델은 상태 변이 확률을 계산하며, 봇넷 트래픽에서 나타나는 규칙적인 패턴을 학습하기 적합하다. 모델 성능 개선을 위해서 페이로드 패턴의 최소 길이와 마코브 체인 모델의 최적 상태 수 파라미터를 찾는다. 다중 분류 실험 결과로 약 0.95의 정확도와 0.02의 오탐률을 보였다.

• Journal of Information Processing Systems
• /
• 제17권3호
• /
• pp.658-673
• /
• 2021

Data deduplication technology improves data storage efficiency while storing and managing large amounts of data. It reduces storage requirements by determining whether replicated data is being added to storage and omitting these uploads. Data deduplication technologies require data confidentiality and integrity when applied to cloud storage environments, and they require a variety of security measures, such as encryption. However, because the source data cannot be transformed, common encryption techniques generally cannot be applied at the same time as data deduplication. Various studies have been conducted to solve this problem. This white paper describes the basic environment for data deduplication technology. It also analyzes and compares multiple proposed technologies to address security threats.

• 한국소프트웨어감정평가학회 논문지
• /
• 제17권2호
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• 한국정보시스템학회:학술대회논문집
• /
• 한국정보시스템학회 2001년도 추계학술대회 발표논문집:차세대 전상거래 시대의 비즈니스전략
• /
• pp.158-165
• /
• 2001

The certification of software products can provide a greater level of acceptance and feeling of security to customers of these products. This paper presents a certification method for the quality of package software. First of all, the evaluation criteria are derived from ISO/1EC 9126 and 12119 standards, and then the evaluation module are designed considering the measurement scale type. The results can be applied to construct the certification scheme of software product quality for the commercial purpose.

• 대한안전경영과학회:학술대회논문집
• /
• 대한안전경영과학회 2002년도 춘계학술대회
• /
• pp.193-197
• /
• 2002

The certification of software products can provide a greater level of acceptance and feeling of security to customers of these products. This paper presents a certification method for the quality of package software. First of all, the evaluation criteria are derived from IS0/1EC 9126 and 12119 standards, and then the evaluation module are designed considering the measurement scale type. The results can be applied to construct the certification scheme of software product quality for the commercial purpose.

• 대한안전경영과학회지
• /
• 제4권1호
• /
• pp.93-103
• /
• 2002

The certification of software products can provide a greater level of acceptance and feeling of security to customers of these products. This paper presents a certification method for the quality of package software. First of all, the evaluation criteria are derived from ISO/IEC 9126 and 12119 standards, and then the evaluation module are designed considering the measurement scale type. The results can be applied to construct the certification scheme of software product quality for the commercial purpose.