Dr. Tai-Hoon Kim

DOI: https://doi.org/10.1063/1.2836139

2007-01-01

AIP Conference Proceedings

Abstract:The general systems of today are composed of a number of components such as servers and clients, protocols, services, and so on. Systems connected to network have become more complex and wide, but the researches for the systems are focused on the 'performance' or 'efficiency'. While most of the attention in system security has been focused on encryption technology and protocols for securing the data transaction, it is critical to note that a weakness (or security hole) in any one of the components may comprise whole system. Security engineering is needed for reducing security holes may be included in the software. There are very many approaches or methods in software development or software engineering. Therefore, more security-related researches are needed to reduce security weakness may be included in the software and complement security-related considerations of general software engineering.

Tai-Hoon Kim,Sansung Gongsa

2005-01-01

Abstract:The general systems of today are composed of a number of components such as servers and clients, protocols, services, and so on. Systems connected to network have become more complex and wide, but the researches for the systems are focused on the 'performance' or 'efficiency'. While most of the attention in system security has been focused on encryption technology and protocols for securing the data transaction, it is critical to note that a weakness (or security hole) in any one of the components may comprise whole system. Security engineering is needed for reducing security holes may be included in the software. There are very many approaches or methods in software development or software engineering. Therefore, more security-related researches are needed to reduce security weakness may be included in the software and complement security-related considerations of general software engineering.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Tai-hoon Kim,Seung-youn Lee

DOI: https://doi.org/10.1007/11424826_52

2005-01-01

Abstract:The general systems of today are composed of a number of components such as servers and clients, protocols, services, and so on. Systems connected to network have become more complex and wide, but the researches for the systems are focused on the ‘performance’ or ‘efficiency’. While most of the attention in system security has been focused on encryption technology and protocols for securing the data transaction, it is critical to note that a weakness (or security hole) in any one of the components may comprise whole system. Security engineering is needed for reducing security holes may be included in the IT systems. This paper proposes a method for securing the IT systems. This paper proposes IT system security evaluation and certification for achieving some level of assurance each owners of their IT systems want to get.

Tai-hoon Kim,Sun-myoung Hwang

DOI: https://doi.org/10.1007/11893004_95

2006-01-01

Abstract:It is critical to note that a weakness (or security hole) in any component of the IT systems may comprise whole systems. Applying of Security engineering and intelligent methods are needed to reduce security holes may be included in the software or systems. Therefore, more security-related intelligent researches are needed to reduce security weakness may be included in the systems. This paper proposes some intelligent methods for reducing the threat to the system by applying security engineering, and for building security countermeasure.

Yong-Tae Kim,Gil-Cheol Park,Tai-Hoon Kim,Sang-Ho Lee

DOI: https://doi.org/10.1109/iccsa.2007.55

2007-01-01

Abstract:In general, threat agents' primary goals may fall into three categories: unauthorized access, unauthorized modification or destruction of important information assets, and denial of authorized access. Security countermeasures are implemented to prevent threat agents from successfully achieving these goals. Because the general systems of today are composed of a number of components such as servers and clients, protocols, services, and so on, the possibility of success of attack may be increased. As though Systems connected to network have become more complex and wide, unfortunately, the researches for the systems are focused on the 'performance' or 'efficiency'. While most of the attention in system security has been focused on encryption technology and protocols for securing the data transaction, it is critical to note that a weakness (or security hole) in any one of the components may comprise whole system. Security engineering is needed for reducing security holes may be included in the Information systems. This paper proposes a method for securing the Information systems by evaluation of security functions of system component. This paper proposes Information system security evaluation and certification for achieving some level of assurance each owners of their Information systems want to get.

Hua-shan CHEN,Lan PI,Feng LIU,Dong-dai LIN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.03.001

2015-01-01

Abstract:With the rapid development of information technology, internet is playing an increasingly important role across the world. A trustworthy cyberspace has been closely related to national interests and has become a focus of national security and social stability. However, the past security research often focused on the solutions to speciifc threats, which sometimes was termed engineering. But we don’t have a clear understanding of many fundamental problems and universal laws of cybersecurity, that is, cybersecurity research lacks a ifrm scientiifc foundation and theoretical support. In contrast to the past engineering approach, in the recent two years, we have seen a growing push within the research community of information security to promote the study of cybersecurity as a science. This paper introduces the background of developing a science of cybersecurity, depicts the scientiifc connotation of cybersecurity and discusses ifve hard problems in the science of cybersecurity. Finally, the perspective of cybersecurity research is also proposed in this paper.

Tai-hoon Kim,Myong-chul Shin,Sang-ho Kim,Jae Sang Cha

DOI: https://doi.org/10.1007/978-3-540-30134-9_17

2004-01-01

Abstract:This paper proposes a security engineering based approach considering security when developing software. If the cases security requirements are not considered, the use of security products (as an example, firewall or intrusion detection system) may be not the secure solution. Therefore, when making some kinds of software products, security-related requirements must be considered.

M. Li,M. Tang

DOI: https://doi.org/10.15837/ijccc.2013.4.579

IF: 2.635

2013-01-01

International Journal of Computers Communications & Control

Abstract:Information security is not a new topic in academics and industry. However, through a comprehensive literature review, we found that most research in information security focus on technical perspectives including evaluation methods and mathematical approaches for securities, risk mitigation algorithms, with some research focus on economic perspective of information security and even a few talked about social engineering of information security. There is not a unique framework to integrate different types of research in information security. We believe that information security research apply the theories and methodologies in systems engineering to investigate the problems, that is, information security engineering. In this paper, we propose a conceptual framework of information security engineering. This framework explicitly illustrates the methodological system, content system, procedures and strategies for information security engineering research and practices.

Wang Eric Ke,Ye, Yunming,Xu Xiaofei,S. M. Yiu,L. C. K. Hui,K. P. Chow

DOI: https://doi.org/10.1109/GreenCom-CPSCom.2010.36

2018-01-01

Abstract:In this paper, we investigate the security challenges and issues of cyber-physical systems. (1)We abstract the general workflow of cyber physical systems, (2)identify the possible vulnerabilities, attack issues, adversaries characteristics and a set of challenges that need to be addressed; (3)then we also propose a context-aware security framework for general cyber-physical systems and suggest some potential research areas and problems. © 2010 IEEE.

Fan Yan,Yang Jian-Wen,Cheng Lin

DOI: https://doi.org/10.1109/icmtma.2015.77

2015-06-01

Abstract:The rapid development of computer network system brings both a great convenience and new security threats for users. Network security problem generally includes network system security and data security. Specifically, it refers to the reliability of network system, confidentiality, integrity and availability of data information in the system. Network security problem exists through all the layers of the computer network, and the network security objective is to maintain the confidentiality, authenticity, integrity, dependability, availability and audit-ability of the network. This paper introduces the network security technologies mainly in detail, including authentication, data encryption technology, firewall technology, intrusion detection system (IDS), antivirus technology and virtual private network (VPN). Network security problem is related to every network user, so we should put a high value upon network security, try to prevent hostile attacks and ensure the network security.

Abdul Hadi bin Abdul Rahman,Abdullah Nazir,Kim Tae Hyun,Tan Horng Yarng,Fatima-tuz-Zahra

DOI: https://doi.org/10.48550/arXiv.2012.10881

2020-12-20

Software Engineering

Abstract:Secure development process is a procedure taken by developers to ensure the programs developed are following the general security standards and will always be up to date so that the outcomes are well secured and obedient. As a software developer, it is very crucial to implement and develop a highly secured and reliable program for clients and users. In this current digital world where everything is advancing faster than we can ever think of, most of the old security policies can no longer be implemented alone. The consequences and impacts that could be brought upon a company are really huge if the software applications are not secured according to the modern trend. Therefore, in this paper research is done to asses the security integration in software development process. The concept and the purpose of this research is to provide insight about the current issues and challenges faced by most of the software developers in terms of secure software development. With a better and clearer explanation of these issues, challenges, and methodologies adopted to overcome them are discussed which can potentially provide a better and higher level of security along with better software programmers and client relationship. To comply with future demands and threats, security concerns need to be involved in all phases while developing a software system. Therefore, an effort is made to investigate and contribute to this domain through this paper.

Yang Dongsheng,Jiang Yong,Pan Ming,Wang Lei,Wu Qidi

DOI: https://doi.org/10.3969/j.issn.1007-757X.2013.06.008

2013-01-01

Abstract:Most embedded systems have high security and reliability requirements.At the same time,their hardware resources are usually limited.The processing capability of their CPUs and internal storage space are both inferior to general computer systems.This makes the design and solving of security problem for embedded systems face great challenges.This paper firstly concretely analyses security requirements from different objects and different aspects,and then does some research on embedded frame structures based on security framework.At last,the paper introduces two security technologies for embedded systems which are relatively commonly used at present.

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Xu Shouhuai,Yung Moti,Wang Jingguo

DOI: https://doi.org/10.1007/s10796-021-10134-8

2021-01-01

Information Systems Frontiers

Abstract:Cyber security (or cybersecurity) has become a fundamental issue which deeply affects citizen's lives (including their privacy), the public's economic prosperity, and national security.The high frequency of media reports on highprofile cyber attacks, which cause substantial and, at times, catastrophic damages, highlights that cyberspace is a very fragile and vulnerable ecosystem, and that our understanding of cybersecurity and our capability of defending cyberspace are far from adequate.This is true despite the numerous advancements and breakthroughs in some fields of cybersecurity.One outstanding example is cryptography, which has been built on a firm foundation in Computational Complexity Theory, starting with a number of breakthroughs, e.g.Diffie and Hellman (1976), Rivest et al. (1978), Goldwasser and Micali (1982), and Yao (1982).However, there are many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages (e.g., Harrison and Xu (2007)), or indirectly exploiting side-channel attacks (e.g., Kocher (1996)).The state-of-the-art is that we are far from being capable of adequately dealing with such attacks in

Sam Wen Ping,Jeffrey Cheok Jun Wah,Lee Wen Jie,Jeremy Bong Yong Han,Saira Muzafar

2023-11-18

Abstract:In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come security that comes with these systems are going toe to toe with new releases of security protocols to combat this exploitation to provide a secure system. The digitization of our lives proves to solve our human problems as well as improve quality of life but because it is digitalized, information and technology could be misused for other malicious gains. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. This issue can be corrected during the software development life cycle, integrating security across the development phases, and testing of the software is done early to reduce the number of vulnerabilities that might or might not heavily impact an organisation depending on the range of the attack. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle where through planning and testing is done to maximise security while maintaining functionality of the system. In this paper, we are going to discuss the recent trends in security for system development as well as our predictions and suggestions to improve the current security practices in this industry.

Cryptography and Security,Software Engineering

xue yong wan,liang zhang,wei xu,hong hui gong

DOI: https://doi.org/10.4028/www.scientific.net/AMM.599-601.1457

2014-01-01

Abstract:the computer network is widely applied to people's attention,computer network security is very important,we must take effective measures to ensure the security of computer network.This paper analyzes the implications of computer network security system and its security mechanism,and for the current network security should be involved in some of the elements is introduced.

Wayne Burleson,Kevin Fu,Denise Anthony,Jorge Guajardo,Carl Gunter,Kyle Ingols,Jean-Baptiste Jeannin,Farinaz Koushanafar,Carl Landwehr,Susan Squires

DOI: https://doi.org/10.48550/arXiv.2005.06585

2020-05-13

Computers and Society

Abstract:Protecting embedded security is becoming an increasingly challenging research problem for embedded systems due to a number of emerging trends in hardware, software, networks, and applications. Without fundamental advances in, and an understanding of embedded security it will be difficult for future engineers to provide assurance for the Internet of Things (IoT) and Operational Technology (OT) in wide ranging applications, from home automation and autonomous transportation to medical devices and factory floors. Common to such applications are cyberphysical risks and consequences stemming from a lack of embedded security. The Computing Community Consortium (CCC) held a one-day visioning workshop to explore these issues. The workshop focused on five major application areas of embedded systems, namely (1) medical/wearable devices, (2) autonomous systems (drones, vehicles, robots), (3) smart homes, (4) industry and supply chain, and (5) critical infrastructure. This report synthesizes the results of that workshop and develops a list of strategic goals for research and education over the next 5-10 years. Embedded security in connected devices presents challenges that require a broad look at the overall systems design, including human and societal dimensions as well as technical. Particular issues related to embedded security are a subset of the overall security of the application areas, which must also balance other design criteria such as cost, power, reliability, usability and function. Recent trends are converging to make the security of embedded systems an increasingly important and difficult objective, requiring new trans-disciplinary approaches to solve problems on a 5-10 year horizon.

Shen Wei

DOI: https://doi.org/10.1007/978-3-319-98776-7_98

2018-11-05

Abstract:With the development of the information technology, computer information system has played an important role in modern society. As long as any break appears in computer information system, it takes a huge effect in whole society. Based on the analysis of network information safety factors, and then put forward common computer network information safety protection strategy, and the development of the network information safety was prospected and formed the network information safety protection system. There is an important, direct and realistic significance in research about computer system security. With the development of computer and communication technology, the computer net will penetrate every field of our social life as an important method of exchanging information. So, recognizing the frangibility and potential threatens of the net and some existent security problems objectively, taking effectively security strategy and ensuring the security of the net information are the things that every country, and group and every person must envisage. From the basic concept and existent problem of the net information security, some digital security technologies, such as information cryptography technology, digital abstract, digital signature, digital envelope and digital credentials have been analyzed in the paper.

Hong-Tao Sun,Chen Peng,Peng Zhou,Zhi-Wen Wang

DOI: https://doi.org/10.1007/s40436-017-0189-2

IF: 3.837

2017-01-01

Advances in Manufacturing

Abstract:This paper focuses on the issues of the security of networked control systems by summarizing recent progress in secure control of this research and application area. We mainly discuss existing results, especially in modeling issues, of three aspects: (1) attack mechanisms and their impacts on control systems, (2) the identification and design of attacks, and (3) secure estimation and control strategies. A conclusion is drawn at the end of this paper. In addition, several promising research tendencies of the development for secure control in networked control system are presented.