• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.031 seconds

Security Management for Electronic Data Interchange (EDI를 위한 정보보호 관리)

  • 권태경;강지원;윤명근;송주석;강창구
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.7 no.2
    • /
    • pp.123-138
    • /
    • 1997
  • In this paper, we design a model of security management in the EDI(Electronic Data Interchange) system implemented on the basis of ITU-T X.400 series. First of all, we defined requirements and functions for providing the security management facility in the EDI system which manipulates a lot of commercial documents. The model to satisfy the requirements is also designed for SEDI (Secure EDI) system which provides security services.

The Mobile Security Diagnostic System against Smart-phone Threat (스마트폰 악성코드 대응을 위한 모바일 보안 진단 시스템)

  • Cheon, Woo-Bong;Lee, Jung-Hee;Park, Won-Hyung;Chung, Tai-Myoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.537-544
    • /
    • 2012
  • With wireless network infrastructure, the number of smart-phone users is remarkably increasing in the world and the amounts of damage due to the smart-phone malwares are also raised. Many security solutions for wireless network have come into the market but these solutions are for companies or large enterprises, therefore, the public users of smart-phone don't feel easy to select as their solutions and it is difficult to detect unknown malwares. In this paper, we propose the mobile security diagnostic system for public smart-phone users, which provides functions like smart-phone system check, comparison with blacklist of applications and collecting malwares.

Quantitative Scoring Criteria on the Importance of Software Weaknesses (소프트웨어 보안약점의 중요도에 대한 정량 평가 기준 연구)

  • Ahn, Joonseon;Bang, Ji-Ho;Lee, Eunyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1407-1417
    • /
    • 2012
  • In order to protect a software system from security attacks, it is important to remove the software security weaknesses through the entire life cycle of software development. To remove the software weaknesses more effectively, software weaknesses are prioritized and sorted continuously. In this paper, we introduce the existing scoring systems for software weakness and software vulnerability, and propose a new quantitative standard for the scoring system, which helps evaluate the importance of software weakness objectively. We also demonstrate the practicability of the proposed standard by scoring 2011 CWE/SANS Top 25 list with the proposed standard and comparing it to the original score of MITRE.

A Privacy-aware Graph-based Access Control System for the Healthcare Domain

  • Tian, Yuan;Song, Biao;Hassan, M.Mehedi.;Huh, Eui-Nam
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.10
    • /
    • pp.2708-2730
    • /
    • 2012
  • The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

A Study on Cyber Security Threat and Security Requirements for Industrial Wireless Communication Devices (산업용 무선통신기기 사이버 보안위협 및 보안요구사항에 관한 연구)

  • Lee, Jiseop;Park, Kyungmi;Kim, Sinkyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.757-770
    • /
    • 2020
  • Industrial Control System(ICS) is a system that measures, monitors, and controls various distributed assets, and is used in industrial facilities such as energy, chemical, transportation, water treatment, and manufacturing plants or critial infrastructure. Because ICS system errors and interruptions can cause serious problem and asset damage, research on prevention and minimization of security threats in industrial control systems has been carried out. Previously wireless communication was applied in limited fields to minimize security risks, but the demand for industrial wireless communication devices is increasing due to ease of maintenance and cost advantages. In this paper, we analyzed the security threats of industrial wireless communication devices supporting WirelessHART and ISA100.11a. Based on the analysis results, we proposed the security requirements for adopting and operating industrial wireless communication devices. We expect that the proposed requirements can mitigate security threats of industrial wireless devices in ICS.

Minimization of Security Policies in Database Security System applying Role-Based Access Control (역할기반 접근 제어를 적용한 데이터베이스 보안 시스템에서의 보안 정책 최소화)

  • Jung Min-A;Lee Kwang-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.6
    • /
    • pp.1364-1370
    • /
    • 2005
  • There are many security models for database systems using policy-based access control. RBAC (Role-based Access Control) is used for complementing MAC (Mandatory Access Control) and DAC (Discretionary Access Control) and is for performing flexibly security policies meet applied environment. We implemented the database security system that applies DAC, MAC, and RBAC to meet security requirements of users. However, security policies are constructed redundantly whenever security policies are needed to each user in this system. Even though the proposed security system can flexibly control more complicated 'read' access to various data sizes for individual users, it is obvious that there is a possibility that a new policy can be a duplication of existing policies. In this paper, we introduce the problem of policy duplication and propose the policy management module. With this proposed module, constructed policies are checked for duplication and deleted or merged with existing policies.

Development of Hardware In the Loop System for Cyber Security Training in Nuclear Power Plants (원자력발전소 사이버보안 훈련을 위한 HIL(Hardware In the Loop) System 개발)

  • Song, Jae-gu;Lee, Jung-woon;Lee, Cheol-kwon;Lee, Chan-young;Shin, Jin-soo;Hwang, In-koo;Choi, Jong-gyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.867-875
    • /
    • 2019
  • Security awareness and training are becoming more important as cyber security incidents tend to increase in industrial control systems, including nuclear power plants. For effective cyber security awareness and training for the personnel who manage and operate the target facility, a TEST-BED is required that can analyze the impact of cyber attacks from the sensor level to the operation status of the nuclear power plant. In this paper, we have developed an HIL system for nuclear power plant cyber security training. It includes nuclear power plant status simulations and specific system status simulation together with physical devices. This research result will be used for the specialized cyber security training program for Korean nuclear facilities.

The Automatic Extraction System of Application Update Information in Android Smart Device (안드로이드 스마트 기기 내의 애플리케이션 업데이트 정보 자동 추출 시스템)

  • Kim, Hyounghwan;Kim, Dohyun;Park, Jungheum;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.2
    • /
    • pp.345-352
    • /
    • 2014
  • As the utilization rate of smart device increases, various applications for smart device have been developed. Since these applications can contain important data related to user behaviors in digital forensic perspective, the analysis of them should be conducted in advance. However, lots of applications get to have new data format or type when they are updated. Therefore, whether the applications are updated or not should be checked one by one, and if they are, whether their data are changed should be also analyzed. But observing application data repeatedly is a time-consuming task, and that is why the effective method for dealing with this problem is needed. This paper suggests the automatic system which gets updated information and checks changed data by collecting application information.

A Study of Countermeasure against Security Risk of Fintech Services for Financial Innovation (금융혁신을 위한 핀테크 서비스의 보안 리스크 대응방안 연구)

  • Park, Jeong-Kuk;Kim, Injai
    • Knowledge Management Research
    • /
    • v.16 no.4
    • /
    • pp.35-45
    • /
    • 2015
  • Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

Incorporating RSA with a New Symmetric-Key Encryption Algorithm to Produce a Hybrid Encryption System

  • Prakash Kuppuswamy;Saeed QY Al Khalidi;Nithya Rekha Sivakumar
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.196-204
    • /
    • 2024
  • The security of data and information using encryption algorithms is becoming increasingly important in today's world of digital data transmission over unsecured wired and wireless communication channels. Hybrid encryption techniques combine both symmetric and asymmetric encryption methods and provide more security than public or private key encryption models. Currently, there are many techniques on the market that use a combination of cryptographic algorithms and claim to provide higher data security. Many hybrid algorithms have failed to satisfy customers in securing data and cannot prevent all types of security threats. To improve the security of digital data, it is essential to develop novel and resilient security systems as it is inevitable in the digital era. The proposed hybrid algorithm is a combination of the well-known RSA algorithm and a simple symmetric key (SSK) algorithm. The aim of this study is to develop a better encryption method using RSA and a newly proposed symmetric SSK algorithm. We believe that the proposed hybrid cryptographic algorithm provides more security and privacy.