• 융합보안논문지
• /
• 제14권4호
• /
• pp.61-71
• /
• 2014

최근 안드로이드 스마트폰에서 악성 앱의 출현이 증가하고 있다. 하지만 매일 많은 앱이 출현되기 때문에 이들 앱을 분석하여 악성 앱을 탐지하기에는 많은 시간과 자원이 요구된다. 이로 인해 악성 앱이 많이 확산된 후에 대처하는 상황도 적지 않다. 본 논문은 악성 앱 가능성이 높은 앱을 우선적으로 분석할 수 있도록 앱 행위를 동적으로 추적하고 고위험성의 앱을 분류하는 TAU 기법을 제안한다. 이 기법은 사용자와 스마트폰의 상호작용으로 발생하는 앱의 설치, 유포 경로 및 실행 행위를 추적한다. 이런 추적된 행위 분석하여 Drive-by download 및 Update attack 공격 가능성이 있는 앱을 분류한다. 또한 악성 앱의 유포 경로로 많이 사용되는 리패키징 여부를 판별한다. 이런 분류를 통해 고위험성의 앱에 대한 악성 코드 분석을 우선적으로 실행하게 하여 악성 앱의 유포를 빨리 막을 수 있도록 한다.

• 한국진공학회지
• /
• 제9권3호
• /
• pp.233-236
• /
• 2000

TFT-LCD(thin film transistor-liquid crystal display) 패널의 데이터 배선 재료로 사용하기 위하여 AlW(3 wt%)의 Al합금 박막을 dc 마그네트론 스퍼터링 방법으로 유리 기판에 증착하여 열처리전과 열처리 후의 박막 특성을 조사하였다. 또한 TFT-LCD의 식각 공정상에서 발생할 수 있는 chemical attack에 대한 저항성을 확인하기 위하여 순환전압전류법(cyclic voltammetry)을 사용하여 Ag/AgCl 전극에 대한 ITO와 AlW alloy의 전극 전위를 측정하였다. 증착된 박막을 $350^{\circ}C$에서 20분간 열처리하였을 때 AlW 박막은 비저항이 감소하였고 약 $11\;{\mu\Omega}cm$의 다소 높은 비저항 특성을 보였다. 주사전자현미경(SEM)과 원자힘현미경(AFM)으로 표면을 분석한 결과 좋은 힐록방지 특성을 보임을 알 수 있었다. 순환전압전류법을 사용하여 측정한 Ag/AgCl 에 대한 ITO의 전극 전위은 약 -1.8V이었고, AlW alloy의 전위 전극은 W의 wt.%가 3% 이상이었을 때, ITO의 전극 전위보다 작게 나타났다. 따라서 측정된 특성 값을 볼 때 AlW(over 3 wt.%) 박막은 data bus line으로 사용할 수 있는 것으로 나타났다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.1343-1356
• /
• 2013

Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

• 한국통신학회논문지
• /
• 제38B권12호
• /
• pp.937-943
• /
• 2013

국내 인터넷 브라우저 시장 점유율 1위인 인터넷 익스플로러의 일부 버전에서 CORS(Cross-Origin Resource Sharing)를 이용한 사용자 정보의 유출이 가능함을 확인하였다. 이는 이전의 방법과는 달리 악성 프로그램 등의 설치 없이도 로그인한 계정의 정보를 유출할 수 있으며, 이를 이용하면 보안 프로그램의 영향을 받지 않고서도 SNS와 포털 사이트의 사용자 정보 혹은 계좌 정보나 카드 사용내역까지 얻을 수 있다. 인터넷 익스플로러 뿐만 아니라 일부 모바일 브라우저에서도 CORS를 이용한 공격이 가능함을 보였다. 이 논문에서는 인터넷 익스플로러로 접속한 은행사, 카드사, SNS, 포털 사이트를 대상으로 한 CORS를 이용한 공격으로 사용자 정보의 유출은 물론 2차 공격으로 이어질 수 있는 가능성과 개선방안을 살펴본다.

• Corrosion Science and Technology
• /
• 제2권6호
• /
• pp.266-271
• /
• 2003

Safety diagnosis of various structural components and facilities is indispensable for preventing catastrophic failure of material by time-dependent and environment accelerating degradation. Also, this diagnosis of operating components should be done periodically for safe maintenance and economical repair. However, conventional standard methods for mechanical properties have the problems of bulky specimen, destructive procedure and complex procedure of specimen sampling. So, a non-destructive and simple mechanical testing method using small specimen is needed. Therefore, an advanced indentation technique was developed as a potential method for non-destructive testing of in-field structures. This technique measures indentation load-depth curve during indentation and analyzes the mechanical properties related to deformation such as yield strength, tensile strength and work-hardening index. In this paper, we characterized the tensile properties including yield and tensile strengths of the V-modified Cr-Mo steels in petro-chemical and thermo-electrical plants. And also, the effects of hydrogen-assisted degradation of the V-modified Cr-Mo steels were analyzed in terms of work-hardening index and yield ratio.

• Bulletin of the Korean Chemical Society
• /
• 제12권3호
• /
• pp.265-270
• /
• 1991

Theoretical calculations on the stabilization energies of framework atoms in hydrolyses Co(Ⅱ )-exchanged zeolite A were made using some potential energy functions and optimization program. The protons which are produced by hydrolysis of $[Co(H_2O)_n]^{2+}$ ion in large cavity showed a tendency to attack the framework oxygen atom O(1) preferentially, and the oxygen atom O(4) within OH- ion was coordinated at Al atom. The weakness of bonds between T(Si, Al) and oxygen by attack of proton and too large coordination number around small aluminum atom will make the framework of Co(Ⅱ)-exchanged zeolite A more unstable. The stabilization energy of $Co_4Na_4$-A framework (- 361.57 kcal/mol) was less than that of thermally stable zeolite A($Na_{12-}$A: - 419.68 kcal/mol) and greater than that of extremely unstable Ba(Ⅱ)-exchanged zeolite A($Ba_{6-}$A: - 324.01 kcal/mol). All the data of powder X-ray diffraction, infrared and Raman spectroscopy of Co(Ⅱ)-exchanged zeolite A showed the evidence of instability of its framework in agreement with the theoretical calculation. Three different groups of water molecules are found in hydrated Co(Ⅱ )-exchanged zeolite A; W(Ⅰ) group of water molecules having only hydrogen-bonds, W(Ⅱ) group water coordinated to $Na^+$ ion, ans W(Ⅲ) group water coordinated to Co(Ⅱ) ion. The averaged interaction energy of each water group shows the decreasing order of W(Ⅲ)>W(Ⅱ)>W(Ⅰ).

• International Journal of Computer Science & Network Security
• /
• 제22권1호
• /
• pp.269-275
• /
• 2022

Public healthcare has recently become an issue of great importance due to the exponential growth in the human population, the increase in medical expenses, and the COVID-19 pandemic. Speed is one of the crucial factors in saving life, particularly in case of heart attack. Therefore, a healthcare device is needed to continuously monitor and follow up heart health conditions remotely without the need for the patient to attend a medical center. Therefore, this paper proposes a portable electrocardiogram (ECG) monitoring system to improve healthcare for heart attack patients in both home and ambulance settings. The proposed system receives the ECG signals of the patient and sends the ECG values to a MySQL database on the IoT-cloud via Wi-Fi. The signals are displayed as an ECG data chart on a webpage that can be accessed by the patient's doctor based on the HTTP protocol that is employed in the IoT-cloud. The proposed system detects the ECG data of the patient to calculate the total number of heartbeats, number of normal heartbeats, and the number of abnormal heartbeats, which can help the doctor to evaluate the health status of the patient and decide on a suitable medical intervention. This system therefore has the potential to save time and life, but also cost. This paper highlights the five main advantages of the proposed ECG monitoring system and makes some recommendations to develop the system further.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권3호
• /
• pp.1063-1075
• /
• 2022

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권6호
• /
• pp.1689-1705
• /
• 2023

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: "white-box testing" and "black-box testing". Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.

• Wind and Structures
• /
• 제35권4호
• /
• pp.243-253
• /
• 2022

The conformal mapping method (CMM) has been broadly exploited in the study of fluid flows over airfoils and other research areas, yet it's hard to find relevant research in bridge engineering. This paper explores the feasibility of CMM in streamlined box girder bridges. Firstly, the mapping function transforming a unit circle to the streamlined box girder was solved by CMM. Subsequently, the potential flow solution of aerostatic pressure on the streamlined box girder was obtained and was compared with numerical simulation results. Finally, the aerostatic pressure attained by CMM was utilized to estimate the aerostatic coefficient and flutter performance of the streamlined box girder. The results indicate that the solution of the aerostatic pressure by CMM on the windward side is satisfactory within a small angle of attack. Considering the windward aerostatic pressure and coefficient of correction, CMM can be employed to estimate the rate of change of the lift and moment coefficients with angle of attack and the influence of the geometric shape of the streamlined box girder on flutter performance.