• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.03 seconds

A Study on the Function Development of Security System Using USB (USB를 활용한 보안 시스템 기능개발에 관한 연구)

  • Bak, Ji ye;Lee, Deok Gyu
    • Annual Conference of KIPS
    • /
    • 2020.11a
    • /
    • pp.472-474
    • /
    • 2020
  • in order to minimize damage from increasing personal information leakage and cyber risks, a new authentication system plan was devised that can be used in combination with existing authentication methods for the purpose of improving security. A more closed and extreme authentication method was established by installing a self-made security module using USB that can be easily utilized, enabling only individuals with registered USB to freely use information.

Type based Access Control Model and Application of Rehabilitation Psychology Analysis System (재활심리분석시스템의 타입기반 접근제어 모델 및 응용)

  • Kim, Young-Soo;Kim, Jung-Dae
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.9
    • /
    • pp.2082-2090
    • /
    • 2013
  • As rehabilitation psychology analysis system which manages examination information becoming more popular, interoperability, portability and security are becoming major concerns of modern computing. We propose a security model on the type information based access control system for rehabilitation psychology analysis that can enhance both security and availability by separating the functions delivered from object-oriented databases to solve these problems. We apply the access control model specifically to enhancement of security system and also perform a test to verify the security and availability of our model.

Security Analysis of Partially Hidden Password Systems Resistant to Shoulder Surfing Attacks

  • Seong, Jin-Taek
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.1
    • /
    • pp.17-26
    • /
    • 2020
  • As more users use mobile devices, shoulder surfing attacks have emerged as an important issue in security. According to research report, in fact, the result showed that about 30% of smartphone users are hit by shoulder surfing attacks. To this end, in this paper, we consider a shoulder surfing attack and propose a partially hidden password system to resistant to its attack. In order to help readers understand, we describe the proposed password system in more detail using one simple example. The core idea behind the proposed system is to place the user's password randomly in the specified grid instead of entering a password directly. As a result, even if an attacker makes a shoulder surfing attack to observe the password, the user can hide the preset password and defend against the attack. We also show how the security of the password system proposed in this paper is improved. In addition, even if there are consecutive shoulder surfing attacks, the security of the proposed password system is robust.

Comparative Analysis of Methodology for Improving Information Security Consulting for SMEs in Korea (중소기업 정보보호 컨설팅 개선을 위한 방법론 비교 분석)

  • Jang, Sang-Soo
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.8
    • /
    • pp.1-6
    • /
    • 2020
  • The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

Information Security Activity of Analysis Phase in Information Security Model in Accordance with SDLC

  • Shin, Seong-Yoon;Lee, Tae-Wuk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.11
    • /
    • pp.79-83
    • /
    • 2016
  • In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

A Study on the Methods of Fault Analysis for Security Improvement of National Education Information System(NEIS) (교육행정정보시스템의 보안성 개선을 위한 결함 분석 방법에 관한 연구)

  • Lyu, Min-Wan;Park, Man-Gon
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.12
    • /
    • pp.1970-1979
    • /
    • 2017
  • Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

An Implementation Method of Improved Document DRM for Preventing Information Leakage using RBAC Approach (RBAC을 이용한 정보유출 방지를 위한 보안성이 강화된 문서 DRM 구현)

  • Choi, Young Hyun;Eom, Jung Ho;Chung, Tai Myoung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.4
    • /
    • pp.57-66
    • /
    • 2011
  • We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.

Development of Mobile Monitoring System for Home Security (홈 시큐리티를 위한 모바일 모니터링 시스템 개발)

  • Wang, Jong Soo;Seo, Doo Ok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.1
    • /
    • pp.43-49
    • /
    • 2009
  • Network industry is complex combined with various fields of industry, such as communication, broadcast, construction, and home appliances. Moreover, it's fairly lucrative since the growth industry makes lots of added values, interacting with the others. The network industry, usually called 'Ubiquitous', connects some home appliances and makes an integrated system that you can use them with whenever and wherever. A demand for network security, however, has skyrocketed due to the relatively low safety. It's been expected that the market of home security is going to be grown up nearly 30 percent every year. Recently, analog surveilance cameras have been replaced with digital ones, and they will be providing stronger security services taking advantage of mutual interaction with related industies. In this paper, a mobile monitoring system for home security is proposed, which makes it possible to supervise all home appliances wherever you're, using the conventional wired/wireless network infra.

A Design of RBAC_Linux for Linux Security Systems (리눅스 보안 시스템을 위한 RBAC_Linux 설계)

  • 오석균;김성열
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.4 no.4
    • /
    • pp.137-142
    • /
    • 1999
  • This paper applies role-based access control(RBAC) policy for solving security problems when it will be operated business of many field on the Linux sever environments and designed RBAC_Linux security systems that it is possible to manage security systems on the Linux environments. In this paper, the RBAC_Linux is security system which is designed for applicable on the Linux enviroment The applying RBAC model is based on RBAC96 model due to Sandhu et al. Therefor, the using designed RBAC_Linux security system on the Linux sever system have the advantage of the following: it can be implemented sever system without modifying its source code, high migration, easy and simple of secure managing.

  • PDF

The Brainwave Analyzer of Server System Applied Security Functions (보안기능을 강화한 뇌파 분석 서버시스템)

  • Choi, Sung-Ja;Kang, Byeong-Gwon;Kim, Gui-jung
    • Journal of Digital Convergence
    • /
    • v.16 no.12
    • /
    • pp.343-349
    • /
    • 2018
  • Electroencephalograph(EEG) information, which is an important data of brain science, reflects various levels of information from the molecular level to the behavior and cognitive stages, and the explosively amplified information is provided at each stage. Therefore, EEG information is an intrinsic privacy area of an individual, which is important information to be protected. In this paper, we apply spring security to web based system of spring MVC (Model, View, Control) framework to build independent and lightweight server system with powerful security system. Through the proposal of the platform type EEG analysis system which enhances the security function, the web service security of the EEG information is enhanced and the privacy of the EEG information can be protected.