• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.033 seconds

A Study for Enterprise Type Realtime Information Security Management System (기업의 상시 보안관리 체계 연구)

  • Noh, Shi-Yeong;Lim, Jong-in
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.617-636
    • /
    • 2017
  • Many businesses have adopted the standard security management structure such as ISO27001 and K-ISMS for strengthening business's security management structure to protect their core information assets and have acquired partial output from such effort. However, many risk factors such as recent advances in Information Technology and evolution of intrusion methods have increased exponentially requiring the businesses to response even more quickly with better accuracy. For such purpose, a study of 'Real Time Security Management Structure for Business' based on security management process optimization, defining a set of security index for managing core security area and calculation of risk indices for precognition of intrusion risk area has been made. Also, a survey on opinions of an expert panel has been conducted. The effectiveness of studied structure was analyzed using AHP method as well. Using this study, security personnels of a company can improve efficiency of the preemptive responsive and quicker measure from the current security management structure.

Analyses of Design for Software Security and Web Component (웹 컴포넌트 및 소프트웨어 보안 설계에 대한 분석)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.05a
    • /
    • pp.591-594
    • /
    • 2008
  • This paper explores how to characterise security properties of software components, and how to reason about their suitability for a trustworthy compositional contract. Our framework provides an explicit opportunity for software composers as well as software components to test a priori security properties of software components in a system composition. The proposed framework uses logic programming as a tool to represent security properties of atomic components and reason about their compositional matching with other components.

  • PDF

Design of Management System for Secure EDI Subsystem (SEDI의 정보보호 서비스 모듈 관리 시스템 설계)

  • 강지원;권태경;송주석;강창구
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1996.11a
    • /
    • pp.238-247
    • /
    • 1996
  • 본 논문에서는 ITU-T X.800 권고안의 요구 기능을 중심으로 SEDI(Secure EDI) 시스템의 정보보호 서비스 모듈들을 관리하기 위한 시스템 구조를 설계하였다. 관리자인 ESM(EDI Security Management) 모듈과 관리 대행자인 SMA(Security Management Agent) 모듈을 새롭게 설계하였다. 특히, ESM과 SMA 간의 관리 정보의 교환때문에 전체적인 성능 저하가 발생하지 않도록 SMA에 필터링 기능을 제안하였다.

  • PDF

Design and Implementation of an End-To-End Security System On WAP (WAP에서의 종단간 보안 시스템 설계 및 구현)

  • 조영수;김명균
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.232-236
    • /
    • 2001
  • 본 논문에서는 WAP 포럼에서 제시하고 있는 무선 인터넷 솔루션인 WAP에서의 보안 메커니즘인 WTLS(Wireless Transport Layer Security), WIM (WAP Identity Module), WMLScript Crypto Library, WPKI(WAP Public Key Infrastructure)에 대해 살펴보고, WAP 게이트웨이를 사용하는 네트워크의 구조적 형태에서 발생되는 종단간 보안 서비스의 문제점에 대해 논의한 후 WAP 환경에서 종단간 보안 서비스를 제공할 수 있는 보안 시스템을 설계 및 구현하고자 한다.

  • PDF

Web Server Cluster's Load Balancing for Security Session

  • Kim Seok-Soo
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.2
    • /
    • pp.93-95
    • /
    • 2005
  • In order to create security session, security keys are preconfigured between communication objects. For this purpose, Handshake Protocol exists. The pre-master secret key that is used in this process needs to interpreted by a server to create master secret key, whose process requires a big calculation, resulting in deteriorating system's transmission performance. Therefore, it is helpful in increasing transmission speed to reuse secret keys rather than to create them at every connection.

Opposition to BOF in ARM architecture based Linux system (ARM 아키텍처 기반의 리눅스 시스템에서 BOF에 대한 대응)

  • Nam, TaekJun;Kang, JungMin;Jang, InSook;Lee, Jinseok
    • Annual Conference of KIPS
    • /
    • 2004.05a
    • /
    • pp.1165-1168
    • /
    • 2004
  • 본 논문은 임베디드 장비에 사용되는 코어중 시장의 약 70% 이상을 점유하고 있는 ARM(Advanced RISC Machine) 코어에서의 BOF(Buffer OverFlow)에 대해서 논하고자 한다. 먼저, ARM 아키텍처에서 함수 호출시 스택의 변화에 대해서 기술하고 이 환경에서 시스템 공격 기법 중 가장 빈번한 BOF가 어떻게 이루어지는가에 대해서 설명한다. 그리고 ARM 아키텍처만이 가지는 특징을 이용하여 이에 대처하는 방법을 제안 한다.

  • PDF

A Risk Analysis Model for Information System Security (정보시스템 보안을 위한 위험분석 모델)

  • Kim, Kang;Park, Jin-Sub;Kim, Bong-Hoi
    • Journal of the Korea Society of Computer and Information
    • /
    • v.7 no.3
    • /
    • pp.60-67
    • /
    • 2002
  • Existing as a reverse function in the information age, the security threats against the information system is increasing day by day and a systematic security management to this is being considered more and more important. The most important thing on security management is a risk analysis to understand the cause of the threat and to set up a countermeasure. Therefore, to increase security the proposed model will advise on the set up of the security policy and for a set up of an economic security countermeasure we have increased the reliability on the risk calculation stage. Especially, on the countermeasure stage we have requested a security level on the asset in order to examine the mutual reliance between assets, and differing from the standard model, we have improved the proposed model so that the materializing of the proposed countermeasure has been made to identify the restricted items for each asset and in order to not materialize superficial countermeasures and to make sure to materialize an economic countermeasure.

  • PDF

A Distributed Implementation Algorithm for Physical Layer Security Based on Untrusted Relay Cooperation and Artificial Noise

  • Li, Xiangyu;Wang, Xueming;Xu, Xiangyang;Jin, Liang
    • ETRI Journal
    • /
    • v.36 no.1
    • /
    • pp.183-186
    • /
    • 2014
  • In this letter, we consider a cooperation system with multiple untrusted relays (URs). To keep the transmitted information confidential, we obtain joint channel characteristics (JCCs) through combining the channels from the source to the destination. Then, in the null space of the JCCs, jammers construct artificial noise to confuse URs when the source node broadcasts its data. Through a distributed implementation algorithm, the weight of each node can be obtained from its own channel state information. Simulation results show that high-level security of the system can be achieved when internal and external eavesdroppers coexist.

An Implementation of E-Mail System with Certification of Delivery based on Java (자바 기반의 배달증명이 가능한 전자메일 시스템 구현)

  • Woo, Joon;Ha, Young-Guk;Lim, Shin-Young;Lee, Jae-Kwang
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.11S
    • /
    • pp.3289-3298
    • /
    • 1999
  • E-mail system is the most important service that enterprises and normal users in internet use. However, because a data security is not satisfied yet, and E-mail system with security service is essential. In this paper, We implemented the E-mail system with Certification of Delivery that was not provided in prior mail system with basic security services and can prove that sender's document is properly sent to the intended receipt. And an implementation of the system used Java Cryptography API.

  • PDF

Design of Intrusion Detection System using System Call Trace of Privilege Process : Immune System Approach (특권 프로세서의 시스템 호출 추적을 사용하는 침입탐지시스템의 설계 : 면역 시스템 접근)

  • 이종성
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.1
    • /
    • pp.39-52
    • /
    • 2000
  • 컴퓨터망의 확대 및 컴퓨터 이용의 급격한 증가에 따른 부작용으로 컴퓨터 보안 문제가 중요하게 대두되고 있다. 이에 따라 침입자들로부터 침입을 줄이기 위한 침입탐지시스템에 관한 연구가 활발하다. 본 논문에서는 컴퓨터 면역 시스템을 바탕으로 한 새로운 IDS 모델을 제안하고, 이를 설계하고 프로토타입을 구현하는 그 타당성을 보인다. 제안한 모델에서 IDS들은 여러 컴퓨터에 분산되고, 분산된 IDS들 중 어느 하나가 특권 프로세스(Privilege process)에 의해 발생된 시스템 호출 순서 중 비정상적인 시스템 호출을 탐지한 경우 이를 다른 IDS들과 서로 동적으로 공유하여 새로운 침입에 대한 면역력을 향상시킨다.