• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1110-1116
• /
• 2015

This paper analyzes global research trend on information security. All technical fields based on information requires security so that discovering technologies (technical terms) which are developing newly or dramatically is able to guide the future direction of the field of information security. In this paper, the ultimate of this research is to figure out the technologies related to information security and to forecast the future through understanding their trends. The paper, as a beginning for the analysis on macroscopic viewpoint, contains measurement of yearly relatedness between technical terms from 2001 to 2014 by using temporal co-occurrence and interpretation of its meaning through comparing the relatedness with trends of top-related technical terms. And to conclude, we could find that Android platform, Big data, Internet of things, Mobile technologies, and Cloud computing are emerging technologies on information security.

• Journal of KIISE
• /
• v.42 no.4
• /
• pp.487-495
• /
• 2015

Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.257-262
• /
• 2015

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.157-162
• /
• 2004

A development of PP/ST is essential in CC environment. And, the KOREA is expected that PP/STs demand increases explosively by joining to CCRA hereafter. Specially, PP/ST development experience of the KOREA is lacking. So, development of security environment(assume, threat, policy) and security objective contents refer only PP/ST Guide(ISO/IEC PDTR 15446) are very difficult. In this paper, we propose a web service based common security environment and security objective repository model that make developers can run PP/ST creation to be simple. Through proposed model, developers who development experience is lacking are expected to achieve PP/ST development to be simple.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.31-38
• /
• 2024

Recent expansion in cloud service usage has heightened the importance of cloud security. The purpose of this study is to analyze current research trends in the field of cloud security and to derive implications. To this end, R&D project data provided by the National Science and Technology Knowledge Information Service (NTIS) from 2010 to 2023 was utilized to analyze trends in cloud security research. Fifteen core topics in cloud security research were identified using LDA topic modeling and ARIMA time series analysis. Key areas identified in the research include AI-powered security technologies, privacy and data security, and solving security issues in IoT environments. This highlights the need for research to address security threats that may arise due to the proliferation of cloud technologies and the digital transformation of infrastructure. Based on the derived topics, the field of cloud security was divided into four categories to define a technology reference model, which was improved through expert interviews. This study is expected to guide the future direction of cloud security development and provide important guidelines for future research and investment in academia and industry.

• Journal of Information Technology Applications and Management
• /
• v.26 no.5
• /
• pp.13-25
• /
• 2019

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.6
• /
• pp.857-860
• /
• 2021

The 21st century society has entered the fourth industrial society of machine to machine from the information society of human to machine. Accordingly, countries around the world are always operating efficient crisis management systems that can quickly respond to disasters or crises. As cyber attacks such as cyber warfare are actually progressing, countries around the world are conducting defense training in response to cyber attacks, and reflecting the results of simulation attacks in improving or building security systems. In this paper, we would like to consider the future cyber training development guide by comparing and analyzing the trends of cyber training in domestic and foreign countries.

• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.287-293
• /
• 2016

Wireless sensor networks (WSNs) have many applications and are deployed in a wide variety of areas. They are often deployed in potentially adverse or even hostile environment so that there are concerns on security issues in these WSNs. Recently, an anonymous user authentication and key agreement scheme (AUAKAS) was proposed based on symmetric cryptosystem in WSNs. It is claimed in AUAKAS that it assures security against different types of attacks including impersonation attacks. However, this paper shows that AUAKAS does not cope from user impersonation attack and gateway impersonation attack from the legally registered user on the gateway. The security analysis could guide the required features of the security scheme to be satisfied.

• Proceedings of the KIEE Conference
• /
• 2008.10b
• /
• pp.209-210
• /
• 2008

In the case of unauthorized individuals, systems and entities or process threatening the instrumentation and control systems of nuclear facilities using the intrinsic vulnerabilities of digital based technologies, those systems may lose their own required functions. The loss of required functions of the critical systems of nuclear facilities may seriously affect the safety of nuclear facilities. Consequently, digital instrumentation and control systems, which perform functions important to safety, should be designed and operated to respond to cyber threats capitalizing on the vulnerabilities of digital based technologies. To make it possible, the developers and licensees of nuclear facilities should perform appropriate cyber security program throughout the whole life cycle of digital instrumentation and control systems. Under the goal of securing the safety of nuclear facilities, this paper presents the KINS' regulatory position on cyber security program to remove the cyber threats that exploit the vulnerabilities of digital instrumentation and control systems and to mitigate the effect of such threats. Presented regulatory position includes establishing the cyber security policy and plan, analyzing and classifying the cyber threats and cyber security assessment of digital instrumentation and control systems.

• Nuclear Engineering and Technology
• /
• v.52 no.5
• /
• pp.995-1001
• /
• 2020

With the development of digital instrumentation and control (I&C) devices, cyber security at nuclear power plants (NPPs) has become a hot issue. The Stuxnet, which destroyed Iran's uranium enrichment facility in 2010, suggests that NPPs could even lead to an accident involving the release of radioactive materials cyber-attacks. However, cyber security research on industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems is relatively inadequate compared to information technology (IT) and further it is difficult to study cyber-attack taxonomy for NPPs considering the characteristics of ICSs. The advanced research of cyber-attack taxonomy does not reflect the architectural and inherent characteristics of NPPs and lacks a systematic countermeasure strategy. Therefore, it is necessary to more systematically check the consistency of operators and regulators related to cyber security, as in regulatory guide 5.71 (RG.5.71) and regulatory standard 015 (RS.015). For this reason, this paper attempts to suggest a template for cyber-attack taxonomy based on the characteristics of NPPs and exemplifies a specific cyber-attack case in the template. In addition, this paper proposes a systematic countermeasure strategy by matching the countermeasure with critical digital assets (CDAs). The cyber-attack cases investigated using the proposed cyber-attack taxonomy can be used as data for evaluation and validation of cyber security conformance for digital devices to be applied, and as effective prevention and mitigation for cyber-attacks of NPPs.