• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.034 seconds

Automatic Patch Information Collection System Using Web Crawler (웹 크롤러를 이용한 자동 패치 정보 수집 시스템)

  • Kim, Yonggun;Na, Sarang;Kim, Hwankuk;Won, Yoojae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1393-1399
    • /
    • 2018
  • Companies that use a variety of software use patch management systems provided by security vendor to manage security vulnerabilities of software to improve security. System administrators monitor the vendor sites that provide new patch information to maintain the latest software versions, but it takes a lot of cost and monitoring time to find and collect patch information because the patch cycle is irregular and the structure of web page is different. In order to reduce this, studies to automate patch information collection based on keyword or web service have been conducted, but since the structure to provide patch information in vendor site is not standardized, it was applicable only to specific vendor site. In this paper, we propose a system that automates the collection of patch information by analyzing the structure and characteristics of the vendor site providing patch information and using web crawler to reduce the cost and monitoring time consumed in collecting patch information.

Design of document security to maximize knowledge value (지식가치를 극대화하기 위한 다큐먼트 보안 디자인)

  • Jang, Deok-Seong
    • 한국디지털정책학회:학술대회논문집
    • /
    • 2003.12a
    • /
    • pp.161-170
    • /
    • 2003
  • Knowledge management system building knowledge acquisition, knowledge share, and knowledge maintenance for the member of corporation is expanded throughout whole industry to cope with rapid business environment. Electronic document basing knowledge management system can copy, print, and transfer knowledge to another party, so it is being regarded as a essential infrastructure to share knowledge. However, considering most of information leakage is sprung up by insider of organization, it is considered to provide countermeasure to protect illegal use from information leakage. The purpose of this paper is to establish digital information security system through design of document and manage digital information assets safely through electronic document security system protecting illegal leakage of digital information assets.

  • PDF

To Neutralize the Security Systems, Infringement Actions by the Administrator on the Computer Networks (시스템 보안을 무력화 시키는 전산관리자의 시스템 침해 행위 연구)

  • Roo, kyong-ha;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.10a
    • /
    • pp.165-168
    • /
    • 2012
  • In this paper, to remind ourselves that exist in the world what kind of security system is also difficult to defend a system with computerized access system representative of infringement that, Computerized personnel act of infringement cases, and thus the extent of the damage and the severity Revisited, Furthermore, technical measures beyond the limits of the technical security measures in line computerized rights management representative and for infringement prevention measures in Human Resource Management through its own alternative to find.

  • PDF

Study on Information Security Management System Evaluation Methodology (국내환경에 적합한 정보보호관리체계 평가 방법론에 대한 연구)

  • Hong, Sung-Hyuk;Park, Jong-Hyuk;Seo, Jung-Taek
    • Journal of Advanced Navigation Technology
    • /
    • v.12 no.4
    • /
    • pp.384-391
    • /
    • 2008
  • These days, along with the information society, the value of information has emerged as a powerful factor for a company's development and sustainability, and therefore, the importance of the Information Security and Management System (ISMS) has emerged and become an integral part of all areas of business. In this paper, ISMS evaluation methods from around the world are compared and analyzed with the standards of various management guidelines, definitions, management of threats and vulnerability, approaches to result calculations, and the evaluation calculation indexes for domestic to propose the best method to evaluate the Information Security Management System that will fit the domestic environment.

  • PDF

A Multichannel Authentication Technique In The Internet Banking System Using OTP (OTP를 이용한 인터넷뱅킹 시스템의 다중 채널 인증 기법)

  • Yoon, Seong Gu;Park, Jae Pyo
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.131-142
    • /
    • 2010
  • Due to the development of the Internet, Internet banking that we are liberated from time and space has evolved into banking system. So modern life became comfortable. However, Dysfunction (malicious Information leakage and hacking etc.) of the Internet development has become a serious social problem. According to this, The need for security is rapidly growing. In this paper, we proposed the Internet Banking Authentication System using a dual-channel in OTP(One Time Password) authentication. This technology is that A user transfer transaction information to Bank through one Internet channel then bank transfer transaction information to user using the registered mobile phone or smart phone. If user confirm transaction information then bank request user's OTP value. User create OTP value and transfer to bank and bank authenticate them throgth the ARS. If authentication is pass then transaction permitted. Security assessment that the proposed system, the security requirement that the confidentiality and integrity, authentication, repudiation of all of the features provide a key length is longer than the current Internet banking systems, such as using encryption, the security provided by the Financial Supervisory Service Level 1 rating can be applied to more than confirmed.

The Dilemma of Parameterizing Propagation Time in Blockchain P2P Network

  • Rahmadika, Sandi;Noh, Siwan;Lee, Kyeongmo;Kweka, Bruno Joachim;Rhee, Kyung-Hyune
    • Journal of Information Processing Systems
    • /
    • v.16 no.3
    • /
    • pp.699-717
    • /
    • 2020
  • Propagation time on permissionless blockchain plays a significant role in terms of stability and performance in the decentralized systems. A large number of activities are disseminated to the whole nodes in the decentralized peer-to-peer network, thus causing propagation delay. The stability of the system is our concern in the first place. The propagation delay opens up opportunities for attackers to apply their protocol. Either by accelerating or decelerating the propagation time directly without proper calculation, it brings numerous negative impacts to the entire blockchain system. In this paper, we thoroughly review and elaborate on several parameters related to the propagation time in such a system. We describe our findings in terms of data communication, transaction propagation, and the possibility of an interference attack that caused an extra propagation time. Furthermore, we present the influence of block size, consensus, and blockchain scalability, including the relation of parameters. In the last session, we remark several points associated with the propagation time and use cases to avoid dilemmas in the light of the experiments and literary works.

A study for improving passenger service level at the airport security checks by using simulation (시뮬레이션을 이용한 공항 보안검색 시스템 개선으로 이용객 서비스 수준제고 방안 연구)

  • Choi, Sanggyun;Lee, Chulung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.3
    • /
    • pp.59-68
    • /
    • 2013
  • In this study, airport security check process is analyzed to modeling a simulation. Simulation is compared with real security system to verify. Utilizing verified simulation, spends time in the current security check is calculated and suggests alternatives. Considering the movement of passengers and security check system of all four cases the results yielded by the experiment. The results show that security check time decreased significantly to 20.8%. The simulation was developed in this study; including the introduction of a new security system at security check can be used as a decision support tool is expected.

A Study on the Implementation of Technical Security Control for Critical Digital Asset of Nuclear Facilities (원자력시설의 필수디지털자산에 대한 기술적 보안조치항목에 대한 연구)

  • Choi, Yun-hyuk;Lee, Sang-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.877-884
    • /
    • 2019
  • As technology advances, equipment installed in Nuclear facilities are changing from analog system to digital system. Nuclear facilities have been exposed to cyber threats as the proportion of computers and digital systems increases. As a result, interest in cyber security has increased and there has been a need to protect the system from cyber attacks. KINAC presented 101 cyber security controls for critical digital asset. However, this is a general measure that does not take into account the characteristics of digital assets. Applying all cyber security controls to critical digital assets is a heavy task and can be lower efficient. In this paper, we propose an effective cyber security controls by identifying the characteristics of critical digital assets and presenting proper security measures.

A Shadowing Mechanism supporting Automatic Extension of Security Scheme (보안스킴의 자동확장성을 지원하는 미행 메커니즘)

  • 장희진;김상욱
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.4
    • /
    • pp.45-54
    • /
    • 2001
  • It is necessary to control security management consistently and respond to an intrusion automatically in order to use the network securely in the single administrative domain. This paper presents a Shadowing Mechanism supporting a dynamic extension of security scheme and proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested technique. It is possible for security management system developed on the basis of the Shadowing Mechanism to make all network components working under the same security scheme. It enhances the accuracy of intrusion tracing and automatic response through dynamic extension of space and time for security management.

Secure and Efficient Identity-based Batch Verification Signature Scheme for ADS-B System

  • Zhou, Jing-xian;Yan, Jian-hua
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.12
    • /
    • pp.6243-6259
    • /
    • 2019
  • As a foundation of next-generation air transportation systems, automatic dependent surveillance-broadcast (ADS-B) helps pilots and air traffic controllers create a safer and more efficient national airspace system. Owing to the open communication environment, it is easy to insert fake aircraft into the system via spoofing or the insertion of false messages. Efforts have thus been made in academic research and practice in the aviation industry to ensure the security of transmission of messages of the ADS-B system. An identity-based batch verification (IBV) scheme was recently proposed to enhance the security and efficiency of the ADS-B system, but current IBV schemes are often too resource intensive because of the application of complex hash-to-point operations or bilinear pairing operations. In this paper, we propose a lightweight IBV signature scheme for the ADS-B system that is robust against adaptive chosen message attacks in the random oracle model, and ensures the security of batch message verification and against the replaying attack. The proposed IBV scheme needs only a small and constant number of point multiplication and point addition computations instead of hash-to-point or pairing operations. Detailed performance analyses were conducted to show that the proposed IBV scheme has clear advantages over prevalent schemes in terms of computational cost and transmission overhead.