• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1151-1163
• /
• 2022

As wireless communication functions begin to be installed in vehicles, cyberattacks that exploit vulnerabilities in wireless communication functions are increasing. To respond to this, UNECE enacted the UN R156 regulation to safely distribute the software installed in the vehicle by using the wireless communication function. The regulations specify the requirements necessary to safely distribute the software for vehicles, but only the abstract requirements are presented without information on the components and detailed functions necessary to develop and implement the requirements. Therefore, in this paper, we propose a security evaluation standard that can evaluate whether a safe SUMS is built using threat modeling, a method for systematically analyzing security threats.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.209-221
• /
• 2023

Due to the rapid spread of the COVID-19 virus in December 2019, the working environment was rapidly converted to telecommuting. However, since the defense industry is an organization that handles technology related to the military, the network separation policy is applied, so there are many restrictions on the application of telecommuting. Telecommuting is a global change and an urgent task considering the rapidly changing environment in the future. Currently, in order for defense companies to implement telecommuting, VPN, VDI, and network interlocking systems must be applied as essential elements. Eventually, some contact points will inevitably occur, which will increase security vulnerabilities, and strong security management is important. Therefore, in this paper, attack types are selected and threats are analyzed based on the attack tactics of the MITER ATT&CK Framework, which is periodically announced by MITER in the US to systematically detect and respond to cyber attacks. Then, by applying STRIDE threat modeling, security threats are classified and specific security requirements are presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.73-86
• /
• 2007

Numerous types of models have been developed in recent years in response to the cyber threat posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical modeling techniques such as Epidemic, AAWP (Analytical Active Worm Propagation Modeling) and LAAWP (Local AAWP). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the entire nv4 network and fail to consider the effects of countermeasures, making it difficult to analyze the extent of damage done by them and the effects of countermeasures in a specific network. This paper extends the equations and parameters of AAWP and LAAWP and suggests ALAAWP (Advanced LAAWP), a new worm simulation technique that rectifies the drawbacks of existing models.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.533-540
• /
• 2016

It is important to establish the environment for cyber warrior training, testing support and effectiveness analysis in order to cope with sharply increasing cyber threat. However, those practices cannot be easily performed in real world and are followed with many constraints. In this paper, we propose a live/virtual M&S-based system for training/testing and constructive M&S-based system for effectiveness analysis to provide an environment similar to real world. These can be utilized to strengthen the capability to carry out cyber war and analyze the impact of cyber threat under the large-scale networks.

• Journal of the Korea Convergence Society
• /
• v.10 no.9
• /
• pp.47-53
• /
• 2019

This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.61-74
• /
• 2004

Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2019.05a
• /
• pp.158-158
• /
• 2019

Recent studies show the possibility of more frequent extreme events as a result of the changing climate. These weather extremes, such as excessive rainfall, result to debris flow, river overflow and urban flooding, which post a substantial threat to the community. Therefore, an effective flood model is a crucial tool in flood disaster mitigation. In recent years, a number of flood models has been established; however, the major challenge in developing effective and accurate inundation models is the inconvenience of running multiple models for separate conditions. Among the solutions in recent researches is the development of the combined 1D-2D flood modeling. The coupled 1D-2D river flood modeling allows channel flows to be represented in 1D and the overbank flow to be modeled over two-dimension. To test the efficiency of this approach, this research aims to assess the capability of HEC-RAS model's implementation of the combined 1D-2D hydraulic simulation of river overflow inundation, and compare with the results of GERIS and FLUMENS 2D flood model. Results show similar output to the flood models that had used different methods. This proves the applicability of the HEC-RAS 1D-2D coupling method as a powerful tool in simulating accurate inundation for flood events.

• Journal of Distribution Science
• /
• v.14 no.6
• /
• pp.53-63
• /
• 2016

Purpose - This study examines the effects of the influence strategies on sales representative and headquarter trust, and investigates how sales representative trust plays a mediating role in the relationship between influence strategies and headquarter trust. For these purposes, a structural model which consists of several constructs was developed. In this model, influence strategies that consist of relational influence strategies (information exchange, recommend, promise) and mandatory influence strategies (legal plea, request, threat) were proposed to affect the sales representative trust and in turn, increase the headquarter trust. Thus, this study proposed that sale representative trust plays a core mediating role in the relationship between relational and mandatory influence strategies and headquarter trust in B2B food materials distribution context. Research design, data, and methodology - For these purposes, the authors collected the data from 208 B2B specialized complex agents. We used the 2,200 B2B specialized complex agents which trade with CJ, Ottogi, and Daesang firms and supply food materials to restaurant, school cafeteria, supermarket and traditional market as a sample frame. Once we identified 330 B2B specialized complex agent owners, CEOs, and/or Directors who had agreed to participate in this study, we dropped off a questionnaire at each B2B specialized complex agent and explained the purpose of this study. The survey was conducted from October 1, 2015 to December 15, 2015. A total of 230 questionnaires were collected. Of these collected questionnaires, 28 questionnaires excluded since they had not been fully completed. The data were analyzed using frequency test, reliability test, measurement model analysis, and structural equation modeling with SPSS and SmartPLS 2. Results - First, information exchange, recommendation, and promise of relational influence strategies had positive effects on sales representative trust. The threat of mandatory influence strategies had a negative effect on sales representative trust, but legal plea and request did not have a significant effect on sales representative trust. Second, information exchange and recommendation of relational influence strategies had positive effects on headquarter trust, but promise did not. Also, legal plea, request, and threat of mandatory influence strategies did not have a significant effect on headquarter trust. Third, this findings show that sales representative trust plays a partial mediator between information exchange and headquarter trust, and threat and headquarter trust, and a full mediator between promise and headquarter trust, and recommendation and headquarter trust. Conclusions - The aim of this study was to examine the effects how diverse dimensions of relational and mandatory influence strategies relate to sales representative trust and headquarter trust. To do so, we integrated the influence strategies and the trust transfer theory to hypothesize that various influence strategies increase sales representative and headquarter trust. The findings of this study suggest that headquarter firms should establish and enforce proper influence strategies guidelines to make clear what proper actions sales representatives should implement in relationship with B2B specialized complex agents. Also, relational and mandatory influence strategies must be regarded as a long-term and ongoing strategy that eventually build a long-term orientation with B2B specialized complex agents and guarantee a company's sustainable growth and success.