Geonlyang Kim

Design and implementation of policy decision point in policy-based network

As users of network have become increasing, the supply of network-based services has activated and the necessity of a solution considering scale and speed of network for providing network-based services efficiently for users has been generated. A great deal of attention has been given recently to the concepts of the PBNM (policy-based network management) to accomplish these needs. This paper describes design and implementation of PDP (policy decision point) in a policy-based network management system. The PDP provides role-based policy decision and distribution mechanisms. The role-based policy decision and distribution mechanisms allow an administrator manage and transmit policies by roles of devices without configuring each one of network devices manually. So, it provides the administrator with the convenience.

The Secure Urgent Situation Propagation System using the Mobile Security Solution

Many organizations want to support Bring Your Own Device initiatives to allow end-users to use personally owned devices at work. Organizations face significant challenges as users increasingly provide their own devices for work. So, interests of many people have grown how to prevent the leakage of security data of their enterprises. There are the technologies for using smart mobile devices safely by separating the personal area and the business area. This paper describes the Secure Domain of the Mobile Security Solution which is designed based on the Trusted Execution Environment system architecture of the Global Platform, and it describes the architecture and the operating procedure of the Secure Urgent Situation Propagation System. The Secure Urgent Situation Propagation System uses the Mobile Security Solution having the Secure Domain isolated from the normal domain, and it provides safe storages, data cryptographic functions through Secure Functions of the Secure Domain, and so on.

Secure mobile device management based on domain separation

Recently, many people have used smart mobile devices tightly in their life. Most enterprises demand BYOD to maximize the efficiency such as productivity, cost savings. Although BYOD offers many benefits to enterprises, it also brings significant risks to them. Most enterprises have applied MDM solution for BYOD. However, the MDM solution cannot provide complete security. In this paper, we propose MSS system separating personal and business data based on the hypervisor. The MSS system offers domain isolation that business data are protected from open platform environment. We also describe secure mobile device management method with the MSS system. Finally, we describe results of the performance measurement of MSS system.

Mobile Security Solution for Sensitive Data Leakage Prevention

As the utilization of smartphone devices has increased, individual smartphone has utilized for business use in many cases nowadays, and many people have used their smartphone to work according as the Bring Your Own Device trend. So, the method that prevents the leakage of the business data is needed. In this paper, we propose Mobile Security Solution (MSS) system that the security platform is built to prevent the leakage of the sensitive data such as business data. The MSS system is a secure mobile solution that hypervisor is equipped in the mobile device, the hypervisor isolates Secure Domain (SD) from Normal Domain (ND) in the mobile device, android OS in ND and secure OS in SD run concurrently, and security platform is installed in the ND and the SD to offer the user with secure services. And we describe the architecture of MSS system based on Trusted Execution Environment (TEE) system of Global Platform. The MSS system offers a secure execution environment to save the sensitive data and to carry out the security functions securely. The end of this paper, we describe the experiment results that create the signature data, encrypt and decrypt data, insert and delete data in the MSS system.

Trusted military services based on the secure domain of the mobile security solution

The number of smartphone users has increased rapidly. The interests of many people have grown how to prevent the leakage of security data of their enterprises. There are the technologies for using smartphone devices safely by separating the personal area and the business area. The technologies to assure security when using smartphone devices with open-platform in tight security environment such as financial service, medical service, military service, and so on are needed. The Mobile Security Solution presented in this paper provides users with secure services in the open platform based smart mobile devices by building the Secure Domain that is isolated from the normal domain by applying virtualization technologies. In this paper, we describe the structure and the operation procedures of Mobile Security Solutions and the possible services of the military using the Mobile Security Solution. We also describe the enhanced security aspects in each service of them when applying Mobile Security Solutions to the military in this paper.

A secure message service using the secure domain of a mobile security solution

The various services using smart mobile devices including smartphones have increased and personal smart mobile devices have utilized for the business use in many cases. There are the technologies for using smart mobile devices safely by separating the personal area and the business area such as TEE. This paper describes a MSS(Mobile Security Solution) system which is designed based on the TEE system architecture of Global Platform. The Secure Domain of the MSS System allows the secure preservation of sensitive data and the secure execution of sensitive functions. In this paper, we describe the architecture of the MSS System and the procedure for providing a secure message service by using the Secure Domain of the MSS system.

The Implementation of Policy Management Tool Based on Network Security Policy Information Model

This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF`s PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.