Jung-Ho Eom

Active Cyber Attack Model for Network System's Vulnerability Assessment

In this paper, we architected active cyber attack model for assessing network systems vulnerability. As simulating cyber attack model in network system, we can identify the weakest point and inspect security policy. It also improved the capability of information collection and attack action, as using autonomous agents. Attack action agents which introduced attack a set of sequence number can reduce transmission overhead and hide attack scenarios information. We built attack scenario for attack process and technique of attack action agents. It is composed of attack pattern and tree. Action controller uses nodes attack success percent(ASP) to choose the second best attack scenario after the first attack was failed. ASP is calculated with the ratio of all achieved events until the sub-node over all nodes of the attack tree.

Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security

We presented risk assessment methodology focused on business-process oriented asset evaluation and qualitative risk analysis method. The business process-oriented asset evaluation is to evaluate assets value by the degree of asset contribution related to business process. Namely, assets value is different according to the importance of department to which asset belongs, the contribution of assets business, and security safeguard, etc. We proposed new assets value evaluation applied to the weight of above factors. The weight is decided by evaluation matrix by Delphi team. We assess risk by qualitative method applied to the improved international standard method which is added the effectiveness of operating safeguard at information system. It reflects an assumption that they can reduce risk level when existent safeguards are established appropriately. Our model derives to practical risk assessment method than existent risk assessment method, and improves reliability of risk analysis.

Dangerous Wi-Fi access point: attacks to benign smartphone applications

Personalization by means of third party application is one of the greatest advantages of smartphones. For example, when a user looks for a path to destination, he can download and install a navigation application with ease from official online market such as Google Play and Appstore. Such applications require an access to the Internet, and most users prefer Wi-Fi networks which are free to use, to mobile networks which cost a fee. For this reason, when they have no access to free Wi-Fi networks, most smartphone users choose to try to use unknown Wi-Fi access points (AP). However, this can be highly dangerous, because such unknown APs are sometimes installed by an adversary with malicious intentions such as stealing information or session hijacking. Today, smartphones contains all kinds of personal information of the users including e-mail address, passwords, schedules, business document, personal photographs, etc., making them an easy target for malicious users. If an adversary takes smartphone, he will get all of information of the users. For this reason, smartphone security has become very important today. In wireless environments, malicious users can easily eavesdrop on and intervene in communication between an end-user and the internet service providers, meaning more vulnerability to man-in-the-middle attacks. In this paper, we try to reveal the risk of using unknown APs by presenting demonstration results. The testbed is composed of two smartphones, two APs, and one server. The compromised AP forwards messages of victim smartphone to the fake server by using domain name system spoofing. Thus, the application that is running on the victim smartphone transfers HTTP request to the fake server. As a result, this application displays the abnormal pop-up advertisement, which contains malicious codes and links. Our demonstration shows that merely connecting to compromise APs can make a malicious behavior even the applications are benign.

Energy-efficient distance based clustering routing scheme for wireless sensor networks

Clustering scheme enabling the efficient utilization of the limited energy resources of the deployed sensor nodes can effectively prolong the lifetime of wireless sensor networks. The most common technique in famous clustering schemes is a probabilistic clustering scheme based on a randomized cluster-head rotation for distributing the energy consumption among nodes in each cluster. Because most of those schemes utilize mainly the residual energy of each node as the criterion of cluster-head election, those schemes have demerit which the unbalanced energy consumption among cluster-heads is occurred. To overcome this demerit, we consider a distance from the base station to cluster-heads as well as the residual energy as the criterion of cluster-head election for balanced energy consumption among cluster-heads. Our scheme provides fully distributed manner by utilizing local information and good energy-efficiency by load balanced clustering scheme. Through simulation experiments, we showed that the proposed scheme is more effective than LEACH and EECS in prolonging the lifespan of wireless sensor networks.

Energy-efficient distance based clustering routing scheme for long-term lifetime of multi-hop wireless sensor networks

To balance energy consumption among cluster-heads in multi-hop wireless sensor networks, we propose an energy-efficient distance based probabilistic clustering scheme. Our scheme considers a distance from the sink(base station) to each node as well as the residual energy of each node as the criterion of cluster-head election. Through simulation experiments, we show that our scheme is more effective than LEACH and EEUC in prolonging the lifespan of multi-hop wireless sensor networks.

A Study on Access Control Model for Context-Aware Workflow

In this paper, we explore security considerations on context-aware workflow systems. We also present the Workflow-aware Context-Role Based Access Control (WCRBAC) model that is a new access control model suitable for context-aware workflow systems. The WCRBAC model enables security administrator to configure authorization policy considering both the security-related context information and the workflow-related data, as well as organizations structural information.

Two-Dimensional Qualitative Asset Analysis Method based on Business Process-Oriented Asset Evaluation

In this paper, we dealt with substantial asset analysis methodology applied to twodimensional asset classification and qualitative evaluation method according to the business process. Most of the existent risk analysis methodology and tools presented classification by asset type and physical evaluation by a quantitative method. We focused our research on qualitative evaluation with 2-dimensional asset classification. It converts from quantitative asset value with purchase cost, recovery and exchange cost, etc. to qualitative evaluation considering specific factors related to the business process. In the first phase, we classified the IT assets into tangible and intangible assets, including human and information data asset, and evaluated their value. Then, we converted the quantitative asset value to the qualitative asset value using a conversion standard table. In the second phase, we reclassified the assets using 2-dimensional classification factors reflecting the business process, and applied weight to the first evaluation results. This method is to consider the organization characteristics, IT asset structure scheme and business process. Therefore, we can evaluate the concrete and substantial asset value corresponding to the organization business process, even if they are the same asset type.

A Framework of Static Analyzer for Taint Analysis of Binary Executable File

In this paper, we proposed a tool framework of static analyzer for taint analysis of binary executable file. Dynamic taint analysis is becoming principal technique in security analysis. In particular, proposed system focuses on tracing a dynamic taint analysis. Moreover, most existing approaches are focused on data-flow based tainting. The modules of this paper use two kinds of input file type which are taint_trace file and binary executable file. Proposed system analyzes the result of dynamic taint analysis and makes control flow graph. Our proposed system is divided by three modules; taint reader, crash analyzer and code tracker. Trace reader converts trace file into readable/traceable information for a manual analyzer. Crash analyzer find out a vulnerability that is a causative factor in accrued crash. Code tracker supports a variety of binary executable file analysis. In this paper, we suggest a tool framework for dynamic taint analysis.

The quantitative overhead analysis for effective task migration in biosensor networks.

We present a quantitative overhead analysis for effective task migration in biosensor networks. A biosensor network is the key technology which can automatically provide accurate and specific parameters of a human in real time. Biosensor nodes are typically very small devices, so the use of computing resources is restricted. Due to the limitation of nodes, the biosensor network is vulnerable to an external attack against a system for exhausting system availability. Since biosensor nodes generally deal with sensitive and privacy data, their malfunction can bring unexpected damage to system. Therefore, we have to use a task migration process to avoid the malfunction of particular biosensor nodes. Also, it is essential to accurately analyze overhead to apply a proper migration process. In this paper, we calculated task processing time of nodes to analyze system overhead and compared the task processing time applied to a migration process and a general method. We focused on a cluster ratio and different processing time between biosensor nodes in our simulation environment. The results of performance evaluation show that task execution time is greatly influenced by a cluster ratio and different processing time of biosensor nodes. In the results, the proposed algorithm reduces total task execution time in a migration process.

Qualitative initial risk analysis for selecting risk analysis approach suitable for IT security policy

In this paper, we presented a qualitative initial risk analysis for selecting risk analysis approach suitable for security efforts where an organization is really need. An initial risk analysis is important to identify which risk analysis method is appropriate for each information system. If an organization conducts a baseline approach in information system which has very high value and risk, it could be result in significant harm or damage to an organization. In other case, it will be wasted security budget by spending a cost of detailed risk analysis. So, we presented practical qualitative initial risk analysis using matrix scaling method for selecting appropriate approach. Our method applied evaluation items reflecting business process and qualitative asset value. Our method indicates concrete evaluation method and result by assessing with investment expense, the usage of information system, distribution, security level, safeguard, etc.