Young Gab Kim

A security risk analysis model for information systems

Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.

Bundle authentication and authorization using XML security in the OSGi service platform

OSGi service platform is the core platform of a gateway in the home network. One of the most important issues is security in the home network because the usage scope of the home network is related to a personal living space. However, the solutions related to the security are in their infancy, and if we apply the existing security techniques as they are, security management is not efficient because the properties of OSGi environments are dynamic and open. Nowadays XML is most flexible and undependable language in presenting the data and is being used in diverse fields. Following this trend several services present their own data using XML in the OSGi service platform environment. To take advantage of this, it is possible to manage the security effectively and extensibly. Hence, in this paper, we suggest an efficient mechanism to solve security issues such as service bundle authentication and authorization using XML security, XML signature and XACML.

Characteristic Properties of Fluorescent Lamps Operated Using Capacitively Coupled Electrodes

Characteristic properties of fluorescent lamps operated by capacitively coupled external electrodes have been investigated. External electrode fluorescent lamps (EEFLs) are typically operated at low currents less than 10 mA and high voltages of about 1.5 kV. Luminance of up to 20,000 cd/m2 with efficiency of above 40 lm/W is achieved in EEFLs driven by square pulses of the driving voltage with frequencies lower than 100 kHz. It is also found that the brightness and efficiency of external electrode fluorescent lamps depend on the electrode length and the ambient temperature.

A message conversion system, XML-based metadata semantics description language and metadata repository

Metadata can be used to precisely represent data semantics. It can also serve to improve data sharing and exchange. Because the various types of metadata are created in different ways, they can suffer from a problem of inconsistency. Recently, metadata gateway methods have been researched to solve this problem. However, the performance of the existing approaches based on metadata schemas is poor and their maintenance (adaptation of metadata changes) is time consuming. In this paper, a novel message conversion system is proposed, which functions by separating the heterogeneous mapping information from the mapping rules of the metadata, in order to overcome the drawbacks of the existing metadata gateway methods. The proposed system controls the standardized data elements dynamically based on the Metadata Registry (MDR), which is one of the most important elements of the ISO/IEC 11179 standard. The problems associated with adding supplementary metadata are resolved, since the standard provides for incorporating additional data elements created in the future. MSDL is defined as a protocol which can be used for exchanging messages between heterogeneous systems, and which ensures that all of the systems have their own independent metadata schemas.

Dynamic Activation of Role on RBAC for Ubiquitous Applications

In ubiquitous environment, users can access information anytime and anywhere via personal portable devices such as a cellular phone or a PDA. Therefore, unlike traditional approaches for access control, access control model should consider users situation information such as location, time, and system resources. In this paper, SA-RBAC (situation-aware RBAC) model, which dynamically grants roles (or permissions) to users, especially using dynamic activation of role on the RBAC, is proposed. The proposed SA-RBAC can be applied to various ubiquitous applications.

An enterprise architecture framework based on a common information technology domain (EAFIT) for improving interoperability among heterogeneous information systems

Recent developments in information systems (ISs) have resulted in a critical need for integration and retention of heterogeneous ISs in various domains, using their commonalities. Stovepipe systems have been developed because of inconsistencies in planning architecture among stakeholders. Several countries are currently adopting enterprise architecture (EA) systems, such as Zachman AF (ZF), C4ISR AF, SBA, and FEAF, in order to solve various IS problems in the field of information technology, but enterprise architecture framework (EAF) legacy systems can be inadequate to solve problems arising from stovepipe systems. An EAF is required to satisfy aspects of both EA and system architecture (SA) inside a common information technology (IT) domain. This paper proposes a new enterprise architecture framework that will resolve the problems inherent in previous frameworks and their features.

Embedded system architecture for an WLAN-based dual mode mobile phone

This paper presents new embedded system architecture (ESA) for improving the voice quality in a WLAN/Cellular dual-mode mobile phone. The proposed architecture is based on a dual-core scheme and its main functional blocks are composed of VoIP Remote Procedure Call (VRPC), an audio bridging scheme, and a Server-Assisted Call Management (SACM) algorithm. In order to illustrate the aims of the proposed approach, prototype systems are implemented, and evaluated by measuring average Mean Opinion Score (MOS), and Mouth-To-Ear (M2E) delay. The experimental results show that the proposed approach results in greatly improved voice quality.

A probabilistic approach to estimate the damage propagation of cyber attacks

With rapid development in the Internet technology, business management in an organization becomes dependent on network dependency and cohesiveness in a critical information and communications infrastructure. However, the occurrence of cyber attacks has increased, targeted against vulnerable resources in information systems. Hence, in order to protect private information and computer resources, risk analysis and damage propagation need to be studied. However, the existing models present mechanisms for risk management, and these models can only be applied to specified threats such as a virus or a worm. Therefore, a probabilistic model for damage propagation based on Markov process is proposed, which can be applied to diverse threats in information systems. The proposed model enables us to predict the occurrence probability and occurrence frequency of each threat in the information systems.

Simulation of Risk Propagation Model in Information Systems

The existing risk propagation models are limited and inadequate in analyzing cyber attacks caused by various threats in information systems, because it has focus on only a specific threat such as a virus or a worm. Therefore, risk propagation model based on the Markov process is proposed, which can be applied to diverse threats in information systems. The proposed model enables us to predict the occurrence probability and occurrence frequency for each threat in the information system. In this paper, in order to verify the proposed model, the simulations are performed using several scenarios.

EAFoC: enterprise architecture framework based on commonality

The recent rapid development in information systems (ISs) has resulted in a critical need for integration and interoperability between heterogeneous ISs in various domains, using specific commonalities. However, stovepipe systems have been caused due to inconsistencies in planning IS architecture among stakeholders. So far, there has been no research on an enterprise architecture framework (EAF) that can satisfy with the coefficient factors of system architecture (SA) and enterprise architecture (EA). This paper proposes a new EAF that can resolve the problems inherent in existing legacy EAFs and their features. EAFoC (Enterprise Architecture Framework based on Commonality) is based on commonality that can be satisfied as the coefficient factors in both SA and EA within a common information technology (IT) domain. Thus, it should be possible to integrate an established heterogeneous framework for each stakeholder’s view. Consequently, the most important contribution of this paper is to establish the appropriate EAFoC for the development of consistent IS architecture, smooth communication among stakeholders, systematic integration management of diversified and complicated new IT technologies, interoperability among heterogeneous ISs, and reusability based on commonality with other platforms.