• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.15-22
• /
• 2002

Java applet, executed in user's web browsers which is via proxy server on web sever, can approach client files or resources, so it is necessary to secure against malicious java applet. Currently, the previous security countermeasures against malicious java applet use two ways: one is making a filter system to detect malicious java applet hewn in proxy, the other is that establishes another security java virtual machine. However, the first one can not detect unknown malicious java applet, and the other one nay increase loads, because it decides whether there is malicious or not after implementing java applet on proxy server. In this paper, after inserting monitoring function to java applet on proxy server using java-methods substitution and transfer it to user to detect malicious java applet, we propose a technique for detecting malicious java applet that can detect the unknown malicious java applet with reducing loads

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.217-223
• /
• 2012

By using the network, the robot can provide the anytime and anywhere various services. There is the advantage that it can provide the real time service by using the network description but the network robot has the network security vulnerability. Therefore, in the network robot environment, the authentication framework which can be satisfied the security function has to be established. In this paper, the security vulnerability which it can be generated in the network robot environment is analyze and the plan for reaction is prepared. And the authentication framework controlling the network robot safely was proposed.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.3-9
• /
• 2022

Recently, as the environment of the 4th industrial revolution has arrived, the opening, sharing and convergence of data are actively being achieved in any organization. However, the opening and sharing of data inevitably leads to security vulnerability and there is ambivalence that is a threat that can affect the existence of an organization operated in the 4th industrial revolution environment. Especially security issues in the organization of the military can be a threat to the state, not the military itself, so it is always necessary to maintain a high level of security discipline. In this paper, 14 variables were selected through structural equation model applying theory of planned behavior, deterrence and protection motivation to find out the security level development measures by extracting factors that can affect security level. As a result, the theory of planned behavior that the security knowledge embodied through the usual security regulation education and evaluation affects the behavior was adopted, and the theory of deterrence and protection motivation showed the significance of the rejection level. In addition, it was confirmed that the variables that have the greatest impact on the military security level through the measured values of the three-year security audit were commanders and mental security. In conclusion, in order to improve the security level, it is suggested that security education, definite reward and punishment, and security system upgrading should be firmly established and mental security posture should be secured.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.10-14
• /
• 2019

The number of security incidents is increasing as the Internet of Things(IoT) is distributed widely. The security incidents of IoT can cause financial damages. Moreover, It can become direct threats to humans. In order to prevent these problems, the security installation for IoT devices is important. This paper describes the definition of IoT devices, security incident case, architecture, and the security threats that can occur when a device is connected to network without security installation.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.1-7
• /
• 2001

This paper design a role-based access control model that can resolves the complicated problems of access control requirements. In this paper, we designed an access control model which can control a permission making use up role-based access control, can guard the confidentiality, integrity and availability of information and can control illegal information flow. The designed access control model can protect resources from unauthorized accesses based on the role, multi-level security policies of security level, integrity level and ownership.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.69-79
• /
• 2013

Recently, many enterprises are suffering from advanced types of malware and their variants including intelligent malware that can evade the current security systems. This addresses the fact that current security systems have limits on protecting advanced and intelligent security threats. To enhance the overall level of security, first of all, it needs to increase detection ratio of each security solution within a security system. In addition, it is also necessary to implement internetworking between multiple security solutions to increase detection ratio and response speed. In this paper, we suggest a collaborative security response method to overcome the limitations of the previous Internet service security solutions. The proposed method can show an enhanced result to respond to intelligent security threats.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.8
• /
• pp.1015-1024
• /
• 2001

As the internet environment has been rapidly changed, the scale of internet network that needs to be managed has been magnified. In this way, the recognition for the importance of security became extensive, and numerous security systems for the protection of internal information were introduced. But decentralized security systems because of there use of different user interfaces undergo difficulties in effective security management as well as prompt coping when an obstacle happens causing a corpulence of in the security management part. In this paper, I propose an integrated security management system which can grasp the situation of each system and manage every system in the center so that we can consistently and integrally manage every system. Integrated security management system with multi agents has the advantages of prompt coping with obstacles, and the minimization of weaknesses that different security solutions have, and of consistent control and management for decentralized security systems.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.3
• /
• pp.73-80
• /
• 2018

Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.