• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.443-454
• /
• 2020

The JavaScript engine is a module that receives JavaScript code as input and processes it, among many functions that are loaded into web browsers and display web pages. Many fuzzing test studies have been conducted as vulnerabilities in JavaScript engines could threaten the system security of end-users running JavaScript through browsers. Some of them have increased fuzzing efficiency by guiding test coverage in JavaScript engines, but no coverage guided fuzzing of optimized, dynamically generated machine code was attempted. Optimized JavaScript codes are difficult to perform sufficient iterative testing through fuzzing due to the function of runtime guards to free the code in the event of exceptional control flow. To solve these problems, this paper proposes a method of performing fuzzing tests on optimized machine code by avoiding deoptimization. In addition, we propose a method to measure the coverage of runtime-guards by the dynamic binary instrumentation and to guide increment of runtime-guard coverage. In our experiment, our method has outperformed the existing method at two measures: runtime coverage and iteration by time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.445-446
• /
• 2021

Union file system is a technology that can be used as a single file system by integrating various files and directories. It has the advantage of maintaining the source file/directory used for integration, so it is used in many applications like container platform. When using the union file system, the user accesses the write-able layer, to which the security technology provided by the operating system can be applied. However, there is a disadvantage in that it is difficult to apply a separate security technology to the source file and directory used to create the union file system. In this study, we intend to propose an access control mechanism to deny security threats to source file/directory that may occur when using the union file system. In order to verify the effectiveness of the access control mechanism, it was confirmed that the access control mechanism proposed in this study can protect the source file/directory while maintaining the advantages of the union file system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.277-280
• /
• 2015

자본주의는 시장 경제를 토대로 하고 있다. 시장 경제는 주식시장이 핵심이며, 주식시장의 위험회피를 위한 파생시장은 결국 자본주의의 가장 근본적인 요소이다. 다양하고 복잡한 파생시장에서 시스템 트레이딩의 중요성은 나날이 커지고 있으며, 감정을 극복하고 전략적인 매매를 하기 위한 최선의 방법이기도하다. 한국의 시스템 트레이딩은 전통적인 TS와 최신기술로 탄생한 Multicharts가 있다. Multicharts는 틱 단위의 신호데이타를 분석하여 실시간 거래를 할 수 있는 뛰어난 시스템이지만 아직 스마트폰 에이전트가 없다. PC에서는 Multicharts의 모든 기능을 수행할 수 있지만 관리자가 어디에서나 상황을 체크하고 제어할 수 있다면 훨씬 효과적인 운용이 가능할 것이다. PC에 기록되는 신호정보와 거래정보를 스마트폰으로 확인하고, 전략 실행을 스마트폰에서 제어하는 것만 가능해도, 보다 여유롭고 효율적인 파생거래를 할 수 있다. 이를 위해 안드로이드 폰과 PC간의 보안 연결을 설정하고 데이터 동기화를 구축하며, 이벤트 처리를 구현했다. 그리고 다수의 샘플 전략을 이용하여 스마트폰 UI를 구성하고 이의 효율성을 테스트하였다.

• Journal of Internet of Things and Convergence
• /
• v.7 no.1
• /
• pp.71-77
• /
• 2021

As the IOT technology has developed, it becomes more big issues about IOT device security. An account management is a nerve-in-the-box routine job for the system administrator and users who manage the several hundreds IOT devices(IP camera, Home IOT, the various measuring equipment). This study is to propose the account management system by the hierarchical design and it is efficient for the user to manipulate the account management. The designed system supports 6 functions for the account management and apply the advanced technologies for the existed system. After the performance of the designed system is validated successfully by the authoritative test, the designed system is applied for the relative fields. And it is on going for the development of the smart account management system by applying the AI technique.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.13-19
• /
• 2019

This paper analyzed the SCMS and pilot policy, which is pursued by the U.S. government in connected vehicles. SCMS ensures authentication, integrity, privacy and interoperability. The SCMS Support Committee of U.S. government has established the National Unit SCMS and is responsible for system-wide control. Of course, it introduces security policy, procedures and training programs making. In this paper, the need for SCMS to be applied to C-ITS was discussed. The structure of the SCMS was analyzed and the U.S. government's filot policy for connected vehicles was discussed. The discussion of the need for SCMS highlighted the importance of the role and responsibilities of SCMS between vehicles and vehicles. The security certificate management system looked at the structure and analyzed the type of certificate used in the vehicle or road side unit (RSU). The functions and characteristics of the certificates were reviewed. In addition, the functions of basic safety messages were analyzed with consideration of the detection and warning functions of abnormal behavior in SCMS. Finally, the status of the pilot project for connected vehicles currently being pursued by the U.S. government was analyzed. In addition to the environment used for the test, the relevant messages were also discussed. We also looked at some of the issues that arise in the course of the pilot project.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.141-153
• /
• 2012

In the recent years, various researches on the use cases of the cloud computing service have been achieved for its standardization. Notwithstanding, we need more additory effort to refine the operating mechanisms on the cloud computing environment. In this paper, we suggest an operating mechanism on IaaS cloud computing environment that is related to the integrated security management system. By using CloudStack 2.2.4 toolkit, we have built a test-bed for IaaS cloud computing service i.e., SWU-IaaS cloud computing environment. Through operating this hierarchical SWU-IaaS cloud computing environment, we have derived the attributes and the methods of its components. Its scenarios can be described in case of both normal state and abnormal state. At the end, a special scenario has been described when it receives a security event from the integrated security management system.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.253-255
• /
• 2006

국방정보보호 통합관리 기술을 개발하기 위한 테스트베드 구축에서 중요한 부분 중에 하나인 정보보호 가상망 모델링 시뮬레이션 시스템을 개발하였다. 본 시스템은 실재 망과 유사한 정보보호 환경을 제공하기 위하여 정보보호 환경을 구성하는 정보보호 객체(호스트, 네트워크, IDS, IPS, FW, VW 등)를 모의하고 망의 트래픽(평상시, 사이버 공격 시)을 모의하는 등의 기능을 제공하고 외부의 보안관제 체계 및 모의 공격기와 연동하는 인터페이스를 제공하여 외부 침입탐지체계의 성능을 검증하거나 취약점 분석을 위한 환경을 제공한다.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.33-39
• /
• 2022

Recently, cyberattacks on infrastructure have been continuously occurring with the starting of neutralizing the user authentication function of information systems. Accordingly, the vulnerabilities of system are increasing day by day, such as the increase in the vulnerabilities of the encryption system. In this paper, an alternative technique for the symmetric key algorithm has been developed in order to build the encryption algorithm that is not easy for beginners to understand and apply. Vigenere Cipher is a method of encrypting alphabetic text and it uses a simple form of polyalphabetic substitution. The encryption application system proposed in this study uses the simple form of polyalphabetic substitution method to present an application model that integrates the three steps of encryption table creation, encryption and decryption as a framework. The encryption of the original text is done using the Vigenère square or Vigenère table. When applying to the automatic generation of secret keys on the information system this model is expected that integrated authentication work, and analysis will be possible on target system. ubstitution alphabets[3].

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.1C
• /
• pp.74-79
• /
• 2006

When DRM systems are built on a specific computing platform and a coding algorithm, the interoperability among them will be improbable. For enhanced compatibility, MOSES has been developed such that it has a structure that can be decomposed into independent modules for interoperability with other DRM systems with IPMP functionality. In MOSES, security in contents transaction is provided by JPWallet which controls licenses with key management. In this paper, we present the structure of JPWallet and how the keys are handled between contents servers and contents-consuming clients. The PDA-based codes from the prototype MOSES system have been ported into PC-based codes and tested for compatibility. Analysis of JPWallet, which is the core of MOSES, will contribute to the standardization of domestic IPMP systems compatible with global standards.