• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10b
• /
• pp.571-572
• /
• 1998

인터넷의 급속한 보급과 웹 인터페이스를 기반으로 하는 사내 전산 시스템인 인트라넷(Intranet) 어플리케이션 개발이 보편화되고 있다. 그러나 인트라넷 도입에는 기존 시스템 및 데이터베이스와의 연동, 사내의 고유한 업무흐름(Workflow), 성능 및 보안 요구사항이 있어 패키지 형태의 인트라넷 제품은 그 확장성와 적용성에 한계를 가지고 있다. 본 논문에서는 인트라넷 어플리케이션 개발에 재사용될 수 있는 공통 기능 모듈들을 재사용 신기술인 '객체지향 프레임워크' 방식을 적용함으로써, 기업에서 인트라넷 어플리케이션을 개발할 때에 비용이나 기간을 단축하여 높은 효율을 갖고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.402-404
• /
• 2000

웹에 기반한 메일 서비스의 급속한 성장으로 인하여 전자 메일은 인터넷을 이용하는 많은 사용자들의 주요 정보 교환수단이 되었다. 현재의 웹에 기반한 메일 시스템에서 SMTP 프로토콜을 이용하여 메일을 전송할 경우, 전송되는 메시지는 아무런 보안 조치도 취해지지 않은 상태로 전송된다. 그러므로 네트워크에 연결된 내,외부의 침입자에 의하여 정보가 도청될 경우 쉽게 정보가 해석될 수 있는 문제점이 있다. 본 논문에서는 웹 상에서의 메일 서비스로 전자메일을 전송할 경우 데이터부분을 암호화하여 전송함으로써 외부의 침입자에 의해 전송데이터가 가로채지더라도 해독하지 못하도록 하였으며 받은 전자메일에 대하여 원래의 데이터로 복호화 할 수 있는 웹 기반 메일 시스템을 개발하였다. 이를 위하여 보안기능이 강화된 MIME 인코딩 알고리즘을 제안하고 이를 응용한 웹 기반 메일 서비스 및 클라이언트 어플리케이션을 구현하여 실제로 데이터 도청 시 메일 메시지가 보호될 수 있음을 보였다.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.101-106
• /
• 2023

Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.

• 한국IT서비스학회:학술대회논문집
• /
• 2006.11a
• /
• pp.475-479
• /
• 2006

소프트웨어 어플리케이션들이 점차 다양한 응용분야에서 광범위하게 사용됨에 따라 소프트웨어 품질의 중요성이 높아지고 있다. 특히 웹기반 소프트웨어는 전통적 소프트웨어에 비해 보다 높은 품질 수준을 요구하고 보안이 중요시되며 시스템 통합과 유지보수 및 재사용에 대한 품질 요소가 중요시 된다. 웹기반 소프트웨어의 품질을 객관적이고 정량적으로 명세하고 평가하기 위하여, 객관적인 근거를 제시할 수 있는 지표로서 평가 항목들이 정의되어야 한다. 본 논문은 웹기반 소프트웨어의 품질 평가를 위한 모델을 제안하고 평가항목 및 평가방법과 절차를 제시하고자한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1135-1138
• /
• 2008

현대에서 보안의 중요성은 나날이 증가하고 있는 가운데 내부 데이터베이스의 보안을 유지하기 위해 외부망과 단절된 업무망을 유지하는 곳이 많다. 인터넷의 발달에 따른 사용자의 편의성과 각종 어플리케이션의 통합과 이 기종 플랫폼에 따른 기업간 협업문제를 해결하는데 웹서비스가 이상적인 모델로 인정받고 있다. 따라서 단절된 내부망과 외부망과의 연결이 불가피하다. 이에 따라 본 논문에서는 내부망의 보안을 위해 FC채널을 이용하여 네트워크의 연결 없이 웹 서비스가 가능한 모델을 설계하고 구현하였다.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.41-49
• /
• 2008

Other server based-application and the need of more complex interaction is required with functional strengthening and variational uses of mobile device. And mobile environments make a problem of continuous of web-service by making a problem of instance cutting between web-server and mobile device which acts as a client because of mobility. Therefore, this paper embodies a framework which keeps security and connectivity between HTTP based web-service and mobile device, and is for connection to web-service of mobile device which uses WAP in a standard protocol based mobile environment of mobile web-service for continuous web-service. This paper is analyzed in the same standard condition to compared functional delay which is based on HTTP and WAP access, and data transmission volume. Also it investigates improvement of execution overhead which is brought by interaction process.