Kab-seung Kou

Survey and Analysis on Security Control Schemes for Operational System Evaluation

In developed countries, there are many concerns for security management by development of Information security system. And there is evaluate information security product or system for safe management. Therefore, some each advanced countries are achieving information security activity, and evaluate CMVP (cryptographic module validation program), CC (common criteria) and ISMS (information security management system). And evaluation activity for operating system evaluation do that all. Also operational systems are lots of schemes for operational system assurance actability. And we see duplication and inefficiency about various information assurance schemes for operational system. Thus, we need survey and analysis on security control schemes in information assurance criteria for operational system evaluation.

Modeling and Analysis of CC-Based Security Assurance for Composed Systems

The Common Criteria (CC) has been focused on single product that is consisted of one software component. Evaluation modeling of composed product, which is consisted of two or more evaluated or unevaluated component, is needed. In this paper, we survey and classify evaluation criteria for information security system and product in context of CC evaluation scheme. We define 5 types of assurance, and propose composition models. Conventional criteria for composed product are surveyed and analyzed.

Comparative Study on Information Schema Evaluation

In these days, many organizations try to manage their information system in safe way due to more rapidly change in information system environment. Appropriate development and evaluation are necessary in order to manage safe information system. The information guarantee of information system is gained through effective and appropriate information security management. In this paper, we survey and analyze for information security system in each criteria

Intrusion Tolerance Model for Electronic Commerce System

While security traditionally has been an important issue in information systems, the problem of the greatest concern today is related to the availability of information and continuity of services. Since people and organizations now rely on distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are becoming more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.

Survey and Analysis on Security Control Schema in Information Assurance Criteria

In each organization, there are many concerns for security management by development of information system. And organization used information assurance system for safe management. Information assurance is a lot of criteria. And we see duplication and inefficiency about various information assurance criteria. Thus, we need survey and analysis on security control schema in information assurance criteria