DOI QR코드

DOI QR Code

A Study on Secure Digital Convergence Curation System to WebShell

웹셀에 안전한 디지털 융합 큐레이션 시스템에 관한 연구

  • Received : 2015.05.14
  • Accepted : 2015.08.20
  • Published : 2015.08.31

Abstract

In the knowledge and information society which came into being with the advancements made in information and communication technology, there is an increasing perception of the importance of having knowledge and therefore being able to appropriately respond to the rapidly-changing society. Along with this, for the paradigm that stresses creativity and character, there must accompany advanced ways of conducting education which are capable of supporting changes in the educational objectives and contents. With respect to this, there is a need for sustained and long-term research into ways of utilizing SNS and ICT in the field of education. Accordingly, in this paper, a digital curation system was developed for educational contents that aim to develop one's creativity and character. Recently, web hacking is taking place actively. In this paper, a digital curation system that is secure against WebShell - one of the web hacking methods - is analyzed, as well as how to appropriately deal with this type of an attack.

정보통신기술 발달과 함께 도래한 지식정보사회는 급변하는 사회에 대처할 수 있는 지식의 중요성이 부각되고 있다. 이와 더불어 창의성과 인성을 강조하는 패러다임에서 교육 목표와 내용의 변화를 뒷받침 할 수 있는 교육 방법의 선진화를 위해 소셜 네트워크 서비스(SNS: Social Network Service)를 활용한 ICT 기술을 적용한 연구가 지속적, 장기적으로 요구되는 실정이다. 이에 부합되는 창의 인성 교육을 확대 적용, 분석을 통해 창의 인성 교육에 기반한 디지털 큐레이션 시스템을 구축하였다. 이 디지털 큐레이션 시스템은 최근 들어 웹 해킹들이 급증하는 시점에서 웹 해킹 중 하나인 WebShell에 안전하다. 본 논문에서는 웹 해킹 중 하나인 WebShell에 안전한 디지털 큐레이션 시스템을 분석하고 WebShell에 대한 대응 방안에 대하여 분석한다.

Keywords

References

  1. In-hyu Jung, Soo-jin Jun, "Study in Image-Based Social Curation Interface Improvement to Build Self Identity", pp. 164-167, 2013.
  2. Steven Rosenbaum, Curation: A Breakthrough from the Age of Info-Glut, Myungjin Publishing Co., Seoul, 2011.
  3. Fischman W, Solomon B, Greenspan D, Gardner H, Making good: how young people cope with moral dilemmas at work. Cambridge: Harvard University Press. 2004.
  4. Haesung Lee, Joonhee Kwon "The Survey about the Personalized Curation in the Age of Big Data", JAITC, pp. 124-126, 2013,
  5. Department of Education, Creativity and personality education plan. Seoul: Department of Education. 2009
  6. N. Kim, Elementary school teachers' conception and management conditions on creativity and character education. Master's Thesis, Ewha Womans University. 2012.
  7. Open Web Application Security Project(OWASP), "OWASP Top 10 for 2013", 12 June, 2013.
  8. Mirtalebi, A.; Khayyambashi, M.R., "Enhancing security of Web service against WSDL threats," Emergency Management and Management Sciences (ICEMMS), 2011 2nd IEEE International Conference on , vol., no., pp. 920-923, Aug. 2011
  9. Darrell M. Kienzle and Matthew C. Elder. Recent worms: A survey and trends. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, Washington, DC, pp. 40-49, October 2003.
  10. David Moore, Vern Paxson, Stefan Savage, Colleen Shannon and Stuart Staniford, and Nicholas Weaver. Inside the slammer worm. IEEE Security and Privacy, 1(4), pp. 33-39, July 2003.
  11. Prabhat K. Singh and Arun Lakhotia. Analysis and detection of computer viruses and worms: An annotated bibliography. ACM SIGPLAN Notices, 37(2) pp. 29-35, February 2002.
  12. Shaikh, F.B.; Haider, S., "Security threats in cloud computing," Internet Technology and Secured Transactions (ICITST), 2011 International Conference, vol., no., pp.214-219, Dec. 11-14, 2011.
  13. C. Kaufman, M. Spiciner, and R. Perlman, Network Security Private Communication in a PUBLIC World, 2nd Edition, Englewood Cliffs, NJ : Prentice Hall, 2002.
  14. D.-Y. Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," J. of the Korea Institute of Electronic Communication Sciences, vol.9, no.1, 2014, pp. 137-142. https://doi.org/10.13067/JKIECS.2014.9.1.137
  15. D.-K. Kang, M.-Y. Hyun, and C.-S. Kim, "Cyber trap : Unknown Attack Detection System based on Virtual Honeynet," J. of the Korea Institute of Electronic Communication Sciences, vol.8, no.6, 2013, pp. 863-871. https://doi.org/10.13067/JKIECS.2013.8.6.863
  16. Buehrer. G, Weide. B. W, Sivilotti. P A, "sing Parse Tree Validation to Prevent SQL Injection Attacks" In Proceedings of the 5th international Workshop on Software Engineering and Middleware, pp. 105-113, 2005.
  17. Wei. K, Muthuprasanna. M, Kothari. S, "reventing SQL injection attacks in stored procedures" Software Engineering Conference 2006. Australian, pp. 18-21, 2006.