• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.161-168
• /
• 2007

Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.8
• /
• pp.963-980
• /
• 2002

Software reengineering is making various research for solutions against problem of maintain existing systems. Reengineering has a meaning of development of software on exizting systems through the reverse engineering auf forward engineering. Most of the important concepts used in reengineering is composition that is restructuring of the existing objects. Is there a compiler that can compile a program written in a traditional procedural language (like C or Pascal) and generate a Java bytecode, rather than an executable code that runs oかy on the machine it was compiled (such as an a.out file on a Unix machine)\ulcorner This type of compiler may be very handy for today's computing environment of heterogeneous networks. In this paper we present a software system that does this job at the binary-to-binary level. It takes the compiled binary code of a procedural language and translates it into Java bytecode. To do this, we first translate into an assembler code called Jasmin [7] that is a human-readable representation of Java bytecode. Then the Jasmin assembler converts it into real Java bytecode. The system is not a compiler because it does not start at the source level. We believe this kind of translator is even more useful than a compiler because most of the executable code that is available for sharing does not come with source programs. Of course, it works only if the format of the executable binary code is known. This translation process consists of three major stages: (1) analysis stage that identifies the language constructs in the given binary code, (2) initialization stage where variables and objects are located, classified, and initialized, and (3) mapping stage that maps the given binary code into a Jasmin assembler code that is then converted to Java bytecode.