• Journal of Information Processing Systems
• /
• v.20 no.2
• /
• pp.173-184
• /
• 2024

The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

• The Korean Society of Law and Medicine
• /
• v.15 no.1
• /
• pp.211-237
• /
• 2014

Because of unpredictability and high possibility of abnormal results by clinical trials compared to general medical behaviors, a procedure for ensuring with sufficient explanations by investigators must be secured. Therefore, in a sequence of clinical trials, what kinds of scope, stage, and method of explanations provided by investigators, including doctors or researchers, to trial subjects are closely related to the compensation for damages by violation of liability for explanation. In case of application of clinical trials to patients who have critical illness such as cancer, issues of "Quality of Life" regarding trial subjects, cancer patients, should be discussed. Especially, in case of clinical trials for terminal cancer patients, the right of subjects' self-determination, which is a fundamental principle in medical behaviors, should be discussed. The right of self-determination includes participation in clinical trials for the possibility of life-sustaining even a little bit, or no participation in clinical trials in order to have a time for completing the rest of his life. Like this, if the extent and scope of explanations related to the issues of "Quality of Life" are raised as main issues, the evaluation of "Quality of Life", should be a prerequisite. In many occasions, realistically, despite bad results such as deaths or serious adverse drug reactions after clinical trials, it may not be easy for compensating to trial subjects or their survivors, who requested civil compensation for damage. Futhermore, in abnormal results after concealment of clinical trials or performance of clinical trials without permission, and in the case of trial subjects' failures of proving proximate cause between the clinical trials and abnormal results, problematic results such as no protection to the trial subjects could be occurred. In performing clinical trials, investigators should provide sufficient explanations for trial subjects and secure voluntary informed consents from the trial subjects. Therefore, clinical trials without trial subjects' permissions and the informed consent process violate trial subjects' rights of self-determination, and the investigators shall be liable for compensation for damages. Then, issues might be addressed are what are essential contents of patients' "rights of self-determination" infringed by clinical trials without subjects' permissions. Two perspectives about patients' rights of self-determination might be considered. One perspective regards physical distress of patients (subjects) from therapies without sufficient explanations as the crux of the matter. The other perspective regards infringement of human dignity caused by being subjects without permission as the crux of the matter irrespective of risks' big and small influences. This research follows perspective of the latter. Forming constant fiduciary relation between investigators (doctors) and subjects (patients) pursuant medical contracts, and in accordance with this fiduciary relation, subjects, who are patients, have expectations of explanations and treatments by the best ways. If doctors and patients set this forth as a premise, doctors should assume civil liability when doctors infringe patients' expectations.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.39 no.3
• /
• pp.90-96
• /
• 2002

RBAC(Role-Based Access Control) is an access control method based on the user's role and it provides more flexibility on the various computer and network security fields. But, RBAC models consider only users for roles or permissions, so for the purpose of exact access control within real application systems, it is necessary to consider additional subjects and objects. In this paper, we propose an Extended RBAC model, $ERBAC_3$, for access control of multi-level security system by adding users, subjects, objects and roles level to RBAC, which enables multi-level security control. 

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.617-623
• /
• 2018

This study focuses on detection of malicious code through AndroidManifest permissoion feature extracted based on Android static analysis. Features are built on the permissions of AndroidManifest, which can save resources and time for analysis. Malicious app detection model consisted of SVM (support vector machine), NB (Naive Bayes), Gradient Boosting Classifier (GBC) and Logistic Regression model which learned 1,500 normal apps and 500 malicious apps and 98% detection rate. In addition, malicious app family identification is implemented by multi-classifiers model using algorithm SVM, GPC (Gaussian Process Classifier) and GBC (Gradient Boosting Classifier). The learned family identification machine learning model identified 92% of malicious app families.

• Journal of Internet Computing and Services
• /
• v.17 no.1
• /
• pp.91-99
• /
• 2016

A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.

• The KIPS Transactions:PartC
• /
• v.13C no.6 s.109
• /
• pp.725-732
• /
• 2006

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2591-2611
• /
• 2020

Botnets have become one of the most significant threats to Internet-connected smartphones. A botnet is a combination of infected devices communicating through a command server under the control of botmaster for malicious purposes. Nowadays, the number and variety of botnets attacks have increased drastically, especially on the Android platform. Severe network disruptions through massive coordinated attacks result in large financial and ethical losses. The increase in the number of botnet attacks brings the challenges for detection of harmful software. This study proposes a smart framework for mobile botnet detection using static analysis. This technique combines permissions, activities, broadcast receivers, background services, API and uses the machine-learning algorithm to detect mobile botnets applications. The prototype was implemented and used to validate the performance, accuracy, and scalability of the proposed framework by evaluating 3000 android applications. The obtained results show the proposed framework obtained 98.20% accuracy with a low 0.1140 false-positive rate.

• Journal of the Korean Society of Clothing and Textiles
• /
• v.39 no.4
• /
• pp.477-491
• /
• 2015

This study analyzes Chinese dresses featured in propaganda posters since the mid-$20^{th}$ century as well as explores the political characteristics of dress. This study used an in-depth interview method to investigate information from 10 Chinese familiar with public awareness and donning practices of the Chinese from 1949 to present. Interviews and analysis provided the following conclusions. First, Zhongshan-zhuang, Liening-Zhuang and Bulaji were widely worn in the Reconstruction because of the revolutionary spirit; in addition, Huayishang also became simultaneously popular as a means to reflect the new aspects of socialism. Second, Jufu/Junbianfu were the most common dresses during the period of Cultural Revolution because the government used various mechanisms to control public opinion. Third, Western fashion began to enter the Chinese market and suit wearing by the Chinese became a symbol of the Reformation and Open-door policy. Traditional dress is no longer a symbol of Feudalism and is a part of Chinese culture that has been reaccepted in the Reformation and Open-door times. Finally, during these 60 years, Chinese dress has obvious political characteristics, but began to change. The changes of political characteristics were, de-politicization expressed by the introduction of Western ready-made, permissions for traditional dress and diversification/ individualization.

• KIISE Transactions on Computing Practices
• /
• v.22 no.9
• /
• pp.441-448
• /
• 2016

RBAC(Role-Based Access Control), which is widely used in Medical Information Systems, is vulnerable to illegal access through abuse/misuse of permissions. In order to solve this problem, treatment based risk assessment of access requests is necessary. In this paper, we propose a risk evaluation method based on treatment information. We use network analysis to determine the correlation between treatment information and access objects. Risk evaluation can detect access that is unrelated to the treatment. It also provides indicators for information disclosure threats of insiders. We verify the validity using large amounts of data in real medical information systems.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.