• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.179-190
• /
• 2020

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.

• 전자공학회논문지 IE
• /
• v.43 no.1
• /
• pp.46-51
• /
• 2006

Recently, smart card system which is known as easy to portable and also safe from physical, electrical, and software attack is observed to manage information that becomes the target of security in safety. And java card graft upon java technology to smart card platform is having very good advantage with object-oriented techniques and also, java card have the open type OS that can show the same action in different hardware characteristic which allows various application programs. In this paper, we introduced independent execution characteristic of java platform because being set to each smart card was uncomfortable till now and we designed access control member card that allows several administrators in different access privilege by single card using java card. Several administrators can approach to various information of file type that is included on issued card to user by using different PIN. In the proposed method, confirmation of personal information, administration contents update, demand by contents, is possible by single card. At this moment, wish to do safer user certification that improve security limitation which is from PIN, used for user certification, and signature data. In the proposed method, as design and implementation of utilization technology of java card, biometrics, user certification which uses multi PIN, provide that more safety and conveniently.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.413-422
• /
• 2003

An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1519-1527
• /
• 2007

In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2001.05a
• /
• pp.79-82
• /
• 2001

이동코드는 자바 애플릿(applet)이나 스크립트와 같이 원격지에서 실행가능한 코드로서 현재 웹브라우저를 통하여 쉽게 수행 가능하다. 이러한 프로그램은 누구나 작성할 수 있고 브라우저를 수행할 수 있는 어떤 컴퓨터에서도 수행 가능하다. 즉, 자바 애플릿과 같이 운영체제나 하드웨어에 관계없이 어떤 플랫폼에도 동일 코드가 수행될 수 있다. (일반적으로 에이전트도 이동 코드라고 부르지만 여기서는 포함시키지 않는다.) 인터넷에서 어떤 컴퓨터에서도 공통적인 스크립트를 수행할 수 있다는 것은 편리함, 가능성에서 많은 장점을 가지고 있지만 보안 관점에서 보면 이러한 공통의 스크립트를 수행할 수 있는 인터프리터는 매우 위험하다. 또한 이러한 인터프리터가 브라우저의 한 부분이기 때문에 위험은 더욱 증가한다. 이동 코드 인터프리터에서 어떤 버그가 존재할 경우 이것을 이용한 악성 사용자가 프로그램을 특정 컴퓨터에서 수행시켜 접근 권한을 쉽게 얻거나 시스템을 파괴할 수 있다. 일반 사용자들이 주로 사용하는 윈도95 같은 운영체제에서는 이러한 공격을 막을 보호대책이 없고 심지어 UNIX에서도 사용자의 권한을 가지고 이동 코드가 수행되기 때문에 사용자의 파일을 조작하거나 정보가 유출될 수 있다. 또한, 이동코드가 서로 다른 수행환경을 이동할 경우, 악성 이동코드로부터 영향을 받을 수 있는 수행환경의 보호와 악성 호스트 및 수행환경에 의해 이동코드가 파괴되는 경우도 있다. 위와 같은 이동 코드의 위험으로부터 발생할 수 있는 보안문제점들의 실제 피해 사례 및 시스템을 보호하기 위해 사용되어온 몇 가지 기법을 제시하였다.사업을 통하여 경남지역 산업단지에 입주한 기업체의 정보 활용을 극대화하여 지역경제 발전에 기여함과 동시에 국내 지역정보화 시범모델로서 위상을 확립하고자 한다.을 기업의 타인자본비용과 자기자본비용의 조합인 기회자본비용으로 할인함으로써 현재의 기업가치를 구할 수 있기 때문이다. 이처럼 기업이 영업활동이나 투자활동을 통해 현금을 창출하고 소비하는 경향은 해당 비즈니스 모델의 성격을 규정하는 자료도로 이용될 수 있다. 또한 최근 인터넷기업들의 부도가 발생하고 있는데, 기업의 부실원인이 어떤 것이든 사회전체의 생산력의 감소, 실업의 증가, 채권자 및 주주의 부의 감소, 심리적 불안으로 인한 경제활동의 위축, 기업 노하우의 소멸, 대외적 신용도의 하락 등과 같은 사회적·경제적 파급효과는 대단히 크다. 이상과 같은 기업부실의 효과를 고려할 때 부실기업을 미리 예측하는 일종의 조기경보장치를 갖는다는 것은 중요한 일이다. 현금흐름정보를 이용하여 기업의 부실을 예측하면 기업의 부실징후를 파악하는데 그치지 않고 부실의 원인을 파악하고 이에 대한 대응 전략을 수립하며 그 결과를 측정하는데 활용될 수도 있다. 따라서 본 연구에서는 기업의 부도예측 정보 중 현금흐름정보를 통하여 '인터넷기업의 미래 현금흐름측정, 부도예측신호효과, 부실원인파악, 비즈니스 모델의 성격규정 등을 할 수 있는가'를 검증하려고 한다. 협력체계 확립, ${\circled}3$ 전문인력 확보 및 인력구성 조정, 그리고 ${\circled}4$ 방문보건사업의 강화 등이다., 대사(代謝)와 관계(關係)있음을 시사(示唆)해 주

• Journal of The Korean Association For Science Education
• /
• v.42 no.1
• /
• pp.77-96
• /
• 2022

This study investigated how collaborative reflection between novice secondary science teachers promoted the development of teaching professionalism. We intentionally selected research participants who shared sufficient rapport. Data were collected by videotaping the classes taught by participants, pre-talk, post-interviews and nine collaborative reflection processes. All data were transcribed and analyzed. Results indicated that all three teachers showed changes in teaching practice. Minyoung's practice involved a teacher-led lecture, but through collaborative reflection, she could create a learning environment to enhance students' power and ownership in her class. Emphasizing academic rigor, Soyoung used to teach content outside the scope of the curriculum, but through collaborative reflection, she became more considerate of students' understanding. Finally, in Jiyeon's classes inquiry activities and theoretical explanations were separated from each other. However, she repeated her efforts to improve her class after collaborative reflection, allowing students to construct explanations through activities. In this study, three factors that promoted the development of teachers' pedagogical content knowledge through collaborative reflection were identified. First, the different teaching orientations of the three teachers who participated in this study, promoted sharing of opinions through collaborative reflection. Second, reflection based on teaching practice enabled practical feedback on the class, which enhanced the development of teachers' pedagogical content knowledge. Third, the equal status and formation of rapport between the three teachers created an environment for productive reflection. These results suggest that future teacher education programs should target communities that can promote collaborative reflection based on teachers' teaching practice.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.391-398
• /
• 2001

To design and develop secure operating systems, the BLP (Bell-La Padula) model that represents the MLP (Multi-Level Policy) has been widely adopted. However, user\`s security level in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user, process) ordered pair and by defining the process reliability. Moreover, when the leveled programs which exist as objects in a disk are executed by a process and have different level from the process level, the security level decision problem occurs. This paper presents an extended BLP (E-BLP) model in which process reliability is considered and solves the security level decision problem. And this model is implemented into the Linux kernel 2.4.7.

• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.175-191
• /
• 2011

With the MICE(Meeting, Incentive travel, Convention, Exhibition) industry coming into the spotlight, there has been a growing interest in the domestic exhibition industry. Accordingly, in Korea, various studies of the industry are being conducted to enhance exhibition performance as in the United States or Europe. Some studies are focusing particularly on analyzing visiting patterns of exhibition visitors using intelligent information technology in consideration of the variations in effects of watching exhibitions according to the exhibitory environment or technique, thereby understanding visitors and, furthermore, drawing the correlations between exhibiting businesses and improving exhibition performance. However, previous studies related to booth recommendation systems only discussed the accuracy of recommendation in the aspect of a system rather than determining changes in visitors' behavior or perception by recommendation. A booth recommendation system enables visitors to visit unplanned exhibition booths by recommending visitors suitable ones based on information about visitors' visits. Meanwhile, some visitors may be satisfied with their unplanned visits, while others may consider the recommending process to be cumbersome or obstructive to their free observation. In the latter case, the exhibition is likely to produce worse results compared to when visitors are allowed to freely observe the exhibition. Thus, in order to apply a booth recommendation system to exhibition halls, the factors affecting the performance of the system should be generally examined, and the effects of the system on visitors' unplanned visiting behavior should be carefully studied. As such, this study aims to determine the factors that affect the performance of a booth recommendation system by reviewing theories and literature and to examine the effects of visitors' perceived performance of the system on their satisfaction of unplanned behavior and intention to reuse the system. Toward this end, the unplanned behavior theory was adopted as the theoretical framework. Unplanned behavior can be defined as "behavior that is done by consumers without any prearranged plan". Thus far, consumers' unplanned behavior has been studied in various fields. The field of marketing, in particular, has focused on unplanned purchasing among various types of unplanned behavior, which has been often confused with impulsive purchasing. Nevertheless, the two are different from each other; while impulsive purchasing means strong, continuous urges to purchase things, unplanned purchasing is behavior with purchasing decisions that are made inside a store, not before going into one. In other words, all impulsive purchases are unplanned, but not all unplanned purchases are impulsive. Then why do consumers engage in unplanned behavior? Regarding this question, many scholars have made many suggestions, but there has been a consensus that it is because consumers have enough flexibility to change their plans in the middle instead of developing plans thoroughly. In other words, if unplanned behavior costs much, it will be difficult for consumers to change their prearranged plans. In the case of the exhibition hall examined in this study, visitors learn the programs of the hall and plan which booth to visit in advance. This is because it is practically impossible for visitors to visit all of the various booths that an exhibition operates due to their limited time. Therefore, if the booth recommendation system proposed in this study recommends visitors booths that they may like, they can change their plans and visit the recommended booths. Such visiting behavior can be regarded similarly to consumers' visit to a store or tourists' unplanned behavior in a tourist spot and can be understand in the same context as the recent increase in tourism consumers' unplanned behavior influenced by information devices. Thus, the following research model was established. This research model uses visitors' perceived performance of a booth recommendation system as the parameter, and the factors affecting the performance include trust in the system, exhibition visitors' knowledge levels, expected personalization of the system, and the system's threat to freedom. In addition, the causal relation between visitors' satisfaction of their perceived performance of the system and unplanned behavior and their intention to reuse the system was determined. While doing so, trust in the booth recommendation system consisted of 2nd order factors such as competence, benevolence, and integrity, while the other factors consisted of 1st order factors. In order to verify this model, a booth recommendation system was developed to be tested in 2011 DMC Culture Open, and 101 visitors were empirically studied and analyzed. The results are as follows. First, visitors' trust was the most important factor in the booth recommendation system, and the visitors who used the system perceived its performance as a success based on their trust. Second, visitors' knowledge levels also had significant effects on the performance of the system, which indicates that the performance of a recommendation system requires an advance understanding. In other words, visitors with higher levels of understanding of the exhibition hall learned better the usefulness of the booth recommendation system. Third, expected personalization did not have significant effects, which is a different result from previous studies' results. This is presumably because the booth recommendation system used in this study did not provide enough personalized services. Fourth, the recommendation information provided by the booth recommendation system was not considered to threaten or restrict one's freedom, which means it is valuable in terms of usefulness. Lastly, high performance of the booth recommendation system led to visitors' high satisfaction levels of unplanned behavior and intention to reuse the system. To sum up, in order to analyze the effects of a booth recommendation system on visitors' unplanned visits to a booth, empirical data were examined based on the unplanned behavior theory and, accordingly, useful suggestions for the establishment and design of future booth recommendation systems were made. In the future, further examination should be conducted through elaborate survey questions and survey objects.