Security technologies based on a home gateway for making smart homes secure

Kim, Geon Woo,Lee, Deok Gyu,Han, Jong Wook,Lee, Seung Hyun,Kim, Sang Wook Emerald Group Publishing Limited 2009 INTERNET RESEARCH Vol.19 No.2

<B>Purpose</B> - The purpose of this paper is to identify security technologies that are essential in making home network systems secure and to describe specialized security mechanisms for the home network and the relationships among them. <B>Design/methodology/approach</B> - The research model is designed to support three functions: authentication, authorization, and security policy. Authentication is tested in several methodologies such as id/pw, certificate, or bio; authorization is tested using RBAC methodologies; and security policy is specified using newly-designed script language, such as xHDL. <B>Findings</B> - The findings for "authentication" suggest that home network users can access services conveniently and securely. In addition, the findings for "security policy" suggest that security policy for home network requires specialized rather than general specification. <B>Practical implications</B> - The paper identifies three security functions essential for home network: authentication that supports most existing authentication mechanisms, so as to maximize user accessibility; authorization that is middleware-independent and beyond the physical transport layer; and security policy optimized for the home network environment. <B>Originality/value</B> - The paper focuses on an implementation-based security model for the home network. Though interest and research in home network security are increasing, only limited authentication applications have been adopted in real deployment up to now. This paper introduces an integrated security model and emphasizes safety and convenience so as to promote reliability in home network services.

군 구성원의 심리적 요인, 보안 스트레스, 보안행동의도 간 관계에 관한 연구

박의천 미래군사학회 2022 한국군사학논총 Vol.11 No.2

Recently, in order to respond to various security threats, the focus is on physical and technical security. However, security incidents are increasing. Accordingly, it is recognized that the root cause of the increase in security accidents is human 'psychology'. This study empirically analyzed how psychological factors of Planned Behavior Theory and Protection Motive Theory, which are social science theories dealing with human psychology, affect Security Behavior Intention. In addition, the stress control effect was investigated in their relationship. For this purpose, controlled regression analysis and continuous moderation effect analysis methods were used. Looking at the research results, First, it was found that Security Behavior Intention was significantly affected in the order of Security Belief, Security Severity, Perceived Norm, Security Efficiency, and Security Effectiveness. Second, it was found that Security Stress modulates the relationship between Perceived Norms, Security Vulnerabilities, and Security Behavioral Intentions. Through these conclusions, By extracting psychological factors that have a significant effect on compliance with security regulations, it provided an opportunity to secure the credibility of people centered approach to security accident prevention. It is also expected to provide a basis for expanding academic research models on security. 최근 각종 보안위협에 대응하기 위해 물리적이고 기술적인 보안에 주안점을 두고 있다. 그러나, 보안사고는 증가하고 있다. 이에, 보안사고가 증가하는 근본적인 원인이 인간의 ‘심리’라고 인식하게 된다. 인간의 심리를 다루는 사회과학이론인 계획행동이론과 보호동기이론의 심리적 요인이 보안행동의도에 어떠한 영향을 미치는지 실증 분석하였다. 또한, 이들의 관계에서 스트레스 조절효과를 규명하였다. 이를 위해 통제회귀분석과 연속형 조절효과 분석방법을 이용하였다. 연구결과를 살펴보면, 첫째, 보안신념, 보안심각성, 인지된 규범, 보안효율성, 보안효능감 순으로 보안행동의도에 유의미한 영향을 미치는 것으로 나타났다. 둘째, 보안 스트레스가 인지된 규범, 보안취약성과 보안행동의도 간의 관계를 조절하는 것으로 나타났다. 이러한 결론을 통해, 보안규정을 준수하는데 유의미한 영향을 주는 심리적 요인을 추출함으로써 보안사고 예방에 대한 인간 중심의 접근방법의 신뢰성을 확보하는 계기를 마련하였다. 또한, 보안에 대한 학술적인 연구모델을 확장하는데 기초를 제공할 것으로 기대한다.

流擔保契約

강태성 한국민사법학회 2005 民事法學 Vol.29 No.-

The security-elimination contract is what can eliminates the security being existed. Namely, It means what can eliminates the performance- method of this security. But, in korea this term of security-elimination contract is scarcely in use. The term of pledge-elimination contract and mortgage-elimination contract are only in use. In this study, I admit the term of the security-elimination contract, discourse upon this contract in detail. And, I debate many issue-points on several security-elimination contract. In the following sentences, the security-elimination contract shall be called s-e-contract. Ⅰ. The Compass of S-E-Contract I give a example which belong to this contract, does not belong to this contract. Ⅱ. The Relation between S-E-Contract and Security Creation Contract 1. S-e-contract is not the accessory of the contract that creates a security real right. S-e-contract is independent. 2. In case s-e-contract is invalid, is the security-creation-contract also invalid? my point of view is negative. Ⅲ. Performance Based on S-E-Contract 1. Is this performance the performance of security real right? Common views and judical precedents are negative, but my point of view is negative. 2. The security real right is not lapsed by the performance based on s-e-contract. Ⅳ. Form and lapse of the Security-Elimination Right The security-elimination right is formed by the s-e-contract and this contract is formed by mutual agreement. The security-elimination right does not lapse by lapse of the security right. Ⅴ. Several S-E Contracts I debate issue-points on several security-elimination contract. Namely, pledge-elimination contract, mortgage-elimination contract, contract that can eliminates provisional-registration-security, contract that can eliminates transfer for security, chonsegwon-elimination contract.

Towards A Requirements Model of System Security Using International Standards

Kenza Meridji,Khaled AlMakhadmeh,Khalid T. Al-Sarayreh,Anas Abuljadayel,Mohammad Khalaf 보안공학연구지원센터 2015 International Journal of Software Engineering and Vol.9 No.4

Currently, security requirements are defined at system levels in software engineering projects as system quality requirements. Later on system engineers must identify such system requirements into software requirements. It will be assigned to system software to conform to security at software and hardware requirements. For instance, a number of security requirements concepts and terms are described by IEEE, ISO and ECSS international standards and explained at different stages of requirements at the system, software and hardware levels. This paper assembles and systematizes these candidate security-related descriptions into a requirements model for the specification of software functional user requirements assigned from additional system security non-functional requirements. These models structure is made using the ISO-19761 international standard model of software requirements, which accept the new model to measure the functional size of software functionality and non-functionality of security systems.

미국 연방도산법상 장래채권 양도담보의 효력 - 미국 연방도산법 제552조 제(b)항의 해석론과 그 시사점 -

최준규 한국민사법학회 2020 民事法學 Vol.90 No.-

이 글에서 필자는 미국연방도산법상 장래채권 양도담보의 효력에 관하여 그간충분히 의식되어 오지 못한 내용을 소개하고, 이로부터 비교법적 시사점을 도출하고자 하였다. 미국법에 따르면 계약체결 후 그 계약으로부터 장차 발생하는 권리는 해당 계약의 수익(proceeds)이다. 여기서 계약은 기초자산, 그 계약으로부터 장차 발생하는권리는 기초자산으로부터 발생하는 현금흐름이라고 할 수 있다. 따라서 도산절차개시 전에 계약에 대하여 담보권을 취득한 자는 도산절차 개시 후 그 계약에 따라발생하는 채권에 대하여 담보권의 효력을 주장할 수 있다. 다만 ① 채무자가 자신의 노력과 시간을 투입하거나, 도산재단으로부터 비용을투입하여 해당 채권을 발생시킨 경우, ② 해당 채권이 채무자의 회생을 위해 필요한 경우에는, 법원이 형평을 고려하여 장래채권에 대한 담보권의 효력을 감축시킬수 있다. 그런데 이 과정에서 ① 장래채권에 대한 담보권의 효력을 아예 부정할 것인지, ② 장래채권의 가치 중 채무자가 기여한 ‘비율’만큼 담보권의 범위를 감축시킬 것인지, ③ 장래채권의 가치 중 채무자가 기여한 ‘액수’만큼을 담보권의 범위에서 공제할 것인지 불명확하다. 위와 같은 미국법의 태도는 우리법 해석론과 입법론에 관하여 다음과 같은 시사점을 준다. 첫째, 최근 우리법 해석론으로 “장래채권을 발생시키는 양도인의 계약상 지위가채무자의 재산으로부터 도산재단으로 이전된 것으로 볼 수 있는 경우에는 관리인하에서 그 계약이 이행되어 채권이 발생하는 때에도 그 채권에 대한 양도인의 사전처분은 효력이 있는 것이므로 그 채권은 양도담보목적물에 포함된다”는 견해가 주장되고 있다. 그런데 이러한 견해에 따르면 장래채권 발생에 채무자의 노력과 시간, 도산재단이 기여한 경우에도 그 대가를 특정 담보권자만 누리는 부당한 결과가 발생한다. 도산재단의 기여로 발생한 장래채권의 가치는 원칙적으로 도산재단에 귀속되어야 한다. 둘째, 도산재단의 기여로 발생한 장래채권의 가치는 도산재단에 귀속되어야 한다는 명제는 – 미국의 사례에서 확인되는 것처럼 - 그 적용과정에서 필연적으로 불명확성을 수반한다. 이러한 불명확성으로 인해 장래채권에 대한 담보거래가 ‘과도하게’ 위축될 수 있다. 이를 막기 위해서는 도산절차 개시 후 발생한 장래채권에 대하여 담보권 등의 효력이 미치는 요건을 미리 명확히 정해 둔 안전항(safe-harbor) 규정을 마련할 필요가 있다. 가령 ① 채무자의 영업재산 일체에 대하여 담보권을설정할 수 있도록 하고, 이러한 담보권자는 도산절차 개시 후 채무자의 장래의 매출채권에 대해서도 – 채무자의 시간, 노력, 도산재단 투입여부와 상관없이 - 원칙적으로 담보권의 효력을 주장할 수 있게 하는 입법을 고민할 필요가 있다. 또한 ② 양도인이 일정 규모 이상의 법인인 경우, 또는 양수인이 법이 정한 금융기관인 경우에 한정하여 장래채권 진정양도의 도산절차상 효력을 인정하는 입법을 고민할 필요가 있다. In this article, the author tried to analyze the section 552(postpetition effect of security interest) of the US Bankruptcy Code which has not received enough attention in korean comparative legal studies, and draw out implications for Korean law. Under the UCC system, the future rights arising from a contract can be the proceeds of current contract rights. The contract is the basic asset, and the future rights from the contract are the future income streams from the basic asset. Therefore according to the §552(b)(1) of the US Bankruptcy Code, the security rights in the contract which was concluded before the commencement of insolvency proceeding extend to the postpetition receivables from such contract. But under the §552(b)(1) of the US Bankruptcy Code, the court can cut off the security rights in the proceeds(=future receivables), when ① the debtor’s spending time, making efforts or the expenses from the bankruptcy estate contribute to increase the value of the proceeds or ② future receivables are necessary for the debtor’s rehabilitation. As to court’s cut-off, there exists flexibility or uncertainty.; ① The court may cut off all future receivables. On the other hand, ② the court can only reduce the security rights in the future receivables by the rate of the debtor’s or the bankruptcy estate’s contributions. ③ The court can also recognize the effect of the security rights in the future receivables up to the value of the total future receivables minus the amount of the debtor’s or the bankruptcy estate’s contributions. US Bankruptcy law’s basic position discussed above gives us the following implications regarding the interpretation of Korean law and Korean legislation. ① de lege lata : Recently, the following assertion is being made on the issue, the effect of security assignment of future claims in insolvency proceeding. “When the assignor’s contractual position that gives rise to future receivables was also transferred from the assignor's(=debtor’s) property to the bankruptcy estate, the future receivables that arose according to the trustees’s determination to assume such executory contract fall within the security interests.” But the author can not agree to this opinion, because according to this opinion the secured creditor can get the windfall gain at the expense of the bankruptcy estate, the time and efforts of the debtor. The bankruptcy estate should be used for all non-secured creditors, not for specific secured creditor. ② de lege ferenda : As we have already seen in the US cases, the proposition that the proceeds of the bankruptcy estate should be attributed to the bankruptcy estate may inevitably cause uncertainty in the application of such proposition. Whether to cut off the security interests, how much to reduce the security interests is entirely up to the discretion of the court. Such uncertainty may cause excessive chilling effect on the side of secured creditors. The bank may tend to undervalue unduly the future receivables, and may not make any loans secured by future receivables in fear of uncertainty. To prevent such negative effect, it is desirable to make a safe-harbor rule. (ⅰ) First, the author proposed the security-right system like that, the secured creditor can catch the debtor’s all operating assets under the one security right, and the debtor’s future account receivables arising after the commencement of the insolvency proceeding also fall within such security right in principle, irrespective of the debtor’s or the bankruptcy estate’s contribution to the value of future account receivables. (ⅱ) Second, the author proposed the legislation, that in case of true sale (not security assignment) of future receivables allows explicitly the effect of true sale of future claims in insolvency proceeding, if certain additional conditions are met (ex. the debtor is a corporation over certain size, or the assignee is the authorized financial...

미래 융합보안 인력양성을 위한 보안교육과정 분류체계 설계

나원철,이효직,성소영,장항배 한국전자거래학회 2015 한국전자거래학회지 Vol.20 No.3

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

Characteristics of Legal System Related to SECURITY in Republic of KOREA

Kim Tae-min,Park Heon-young J-INSTITUTE 2017 Protection Convergence Vol.2 No.1

In particular, terrorists are recently instilling fear in people with their indiscriminate attacks on unspecified number of targets who are soft targets, as well as hard targets, which suggests that we are living in an era of new terrorism. Furthermore, crimes are becoming more and more violent, intelligent, broadening, and interna-tionalized. Korea has also witnessed a rise in crimes each year. In Korea, public law enforcement organizations and private security industry operate in harmony with each other to maintain crime prevention and security. The purpose of this study was to compressively analyze and introduce the characteristics of legal system related to public law enforcement and private security, the twin pillars of security services in Korea who were responsible for security of the society and safety of citizens. In a word, Korea’s security-related legal system is characterized by dualized operation system. The legal system of public law enforcement in Korea and its characteristics are as follows. First, public law enforcement organizations in Korea operate the National Police Agency under the supervision of the Minister of Government Administration and Home Affairs to take charge of security-related works pursu-ant to the 「Government Organization Act」. In addition, Presidential Security Service was organized which undertake security duties for President, etc. Second, major laws related to the police include 「Act on the Performance of Duties by Police Officers」, 「Police Officers Act」, 「Police Act」, etc. Third, public security organizations in Korea are operated under the dualized system in which Presidential Security Service is responsible for Presidential security and police security organization taking charge of security for important personnel of the nation such as Prime Minister, etc. The legal system related to private security in Korea and its characteristics are as follows. First, legal system related to private security is dualized. Private security in Korea is operated by dualized system where registered security guards and security guards carry out security duties as prescribed in 「Registered Security Guard Act」(enacted in 1962) and 「Security Services Industry Act」(enacted in 1976), respectively. Second, security for important national facilities is dualized. Third, efforts have been made to expand 5 types of security services provided as prescribed in the 「Security Services Industry Act」 and to broaden the scope of such security services. Recently, there has been discussions on expanding the scope of security service to include private investigation service, traffic direction security service, civilian military service, etc. Fourth, security guards, stipulated in the 「Security Services Industry Act」 are operated under the dualized system where ordinary security guards are performing the duties of facility security, escort security, personal security, and machinery security and special security guards are carrying out the duties of special security services.

중국의 국가 안보전략 평가 및 대(對) 한반도 영향

조현규 ( Cho Hyeon-gyu ) 한국군사학회 2021 군사논단 Vol.107 No.-

During the Cold War, Mao Zedong and Deng Xiaoping slicked to their traditional security concept, but with the emergence of various security elements during the post-Cold War, China has actively formed national security strategy by reflecting these changes. After the end of the Cold War, new forms of security agendas such as economic development, social governance and network information have emerged, and countries around the world have begun to value non-traditional security agendas in addition to traditional ones. China has also adjusted its traditional security-oriented national security concept and shifted to a new one that values both traditional and non-traditional security. Since the founding of China, Mao Zedong’s security concept has been ‘the war is inevitable’ theory(戰爭不可避論), and after the ‘reform and opening-up’(改革開放) in 1978, Deng Xiaoping pursued ‘the war may avoid, theory(戰爭可避論) and "hide capacities and bide time’(韜光養晦) strategies in March 1997, In 1995, Jiang Zemin emphasized comprehensive security by raising The new security concept, (新女全觀), and, Hu Jintao raised a ‘Harmonious world’ theory(和諧世界論) based on The new security concept’ in September 2005, and began to pay attention to non-traditional security, especially international terrorism and domestic security. In the Xi Jinping era, ‘A holistic approach to national security’(總體國家安全觀) focused on ‘joint security, comprehensive security, cooperative security, and sustainable security’ emerged. Starting with Xi jinping’s ‘A holistic approach to national security’, the scope of China’s national security has been expanded, its concepts have been systematized, and its internal security has become equally valued as foreign security. China’s ‘A holistic national security strategy’ is based on a strong nation and a strong army, so its presence will act as a potential threat to the Korean Peninsula, causing a ‘change of security balance’. The existence of China as a strong neighboring country, can increase the possibility of friction due to potential conflict between Korea and China.

CIA-Level 기반 보안내재화 개발 프레임워크

강수영,김승주 한국정보보호학회 2020 정보보호학회논문지 Vol.30 No.5

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that “vulnerabilities are not found” is not equal to “product does not have any vulnerabilities”. So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding “security-by-design” concept from the 1980s. Security-by-design means reducing product’s complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC. 미국 정부는 1970년대 초반부터 모의해킹만으로는 제품의 보안 품질을 향상시킬 수 없다는 것을 인지하기 시작하였다. 모의해킹팀의 역량에 따라 찾을 수 있는 취약점이 달라지며, 취약점이 발견되지 않았다고 해서 해당 제품에취약점이 없는 것은 아니기 때문이다. 제품의 보안 품질을 향상시키기 위해서는 결국 개발 프로세스 자체가 체계적이고 엄격하게 관리되어야 함을 깨달은 미국 정부는 1980년대부터 보안내재화(Security by Design) 개발 방법론및 평가 조달 체계와 관련한 각종 표준을 발표하기 시작한다. 보안내재화란 제품의 요구사항 분석 및 설계 단계에서부터 일찍 보안을 고려함으로써 제품의 복잡도(complexity)를 감소시키고, 궁극적으로는 제품의 신뢰성(trustworthy)을 달성하는 것을 의미한다. 이후 이러한 보안내재화 철학은 Microsoft 및 IBM에 의해 SecureSDLC라는 이름으로 2002년부터 민간에 본격적으로 전파되기 시작하였으며, 현재는 자동차 및 첨단 무기 체계 등다양한 분야에서 활용되고 있다. 하지만 문제는 현재 공개되어 있는 Secure SDLC 관련 표준이나 가이드라인들이매우 일반적이고 선언적인 내용들만을 담고 있기 때문에 이를 실제 현장에서 구현하기란 쉽지 않다는 것이다. 따라서 본 논문에서 우리는 Secure SDLC를 기업체가 원하는 수준에 맞게 구체화시키는 방법론에 대해 제시한다. 우리가 제안하는 CIA(functional Correctness, safety Integrity, security Assurance)-Level 기반 보안내재화 프레임워크는 기존 Secure SDLC에 증거 기반 보안 방법론(evidence-based security approach)을 접목한것으로, 우리의 방법론을 이용할 경우 첫째 경쟁사와 자사간의 Secure SDLC 프로세스의 수준 차이를 정량적으로분석할 수 있으며, 둘째 원하는 수준의 Secure SDLC를 구축하는데 필요한 상세한 세부 활동 및 산출해야 할 문서 등을 쉽게 도출할 수 있으므로 실제 현장에서 Secure SDLC를 구축하고자 할 때 매우 유용하다.

기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서

이정환(Jeonghwan Lee),정병호(Byungho Jung),김병초(Byungcho Kim) 한국IT서비스학회 2013 한국IT서비스학회지 Vol.12 No.1

This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore. a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebui lding the damage. Therefore. this study demonstrates that investing in administrative security will be effective for the firm security.