• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

• Annual Conference of KIPS
• /
• 2018.10a
• /
• pp.260-263
• /
• 2018

현재까지 공항에서의 체크인 시스템은 기본적으로 서버-클라이언트(Server-Client)방식으로 구동되어져왔다. 서버-클라이언트 방식에서 서버는 단일실패지점이기 때문에 천재지변이나 공격자에 의해 서버마비와 같은 문제가 생기면 체크인 시스템 전체가 마비될 수 있다. 뿐만 아니라 실제 해커에 의해 항공사 중앙 서버가 공격을 받게 되면, 서버가 관리하는 항공사 데이터들의 무결성이 훼손될 수도 있다. 따라서 단일 실패지점에 대한 위협을 제거함과 동시에 저장된 데이터들의 무결성을 유지하는 방법을 논의할 필요가 있다. 그 중 하나로 블록체인 기술을 이용한 탈중앙화 시스템(Decentralized System) 모델을 적용하는 방법이 있다. 본 논문에서는 스마트 계약을 이용한 블록체인 기반 공항 체크인 시스템에 대한 모델을 제안한다.

• Annual Conference of KIPS
• /
• 2007.05a
• /
• pp.1017-1020
• /
• 2007

컴퓨터의 생활 전반에 걸친 영향으로, 컴퓨터는 우리 생활 속에서 빼놓을 수 없는 하나의 정보 매체로 자리 매김 되었다. 하지만 그 이면에는 컴퓨터를 이용한 전산망 침해 행위, 전자기록 위.변조, 각종 음란물 유통, 바이러스 제작 유포 등 많은 위험들이 우리를 위협하고 있다. 그래서 컴퓨터를 사용한 범죄 행위를 탐지하는 방법에 대한 관심이 높아지고 있다. 또한 각종 범죄 행위는 인터넷을 통한 범죄가 늘고 있어, 네트워크 정보를 통한 포렌식에 관한 연구가 활발하다. 하지만, 매일 많은 양의 패킷을 분석하는 것은 많은 전문 인력과 비용이 소요된다. 본 논문에서는 의사결정나무를 이용한 패킷분석을 통하여 네트워크 포렌식의 정보를 추출하는 방법을 제안한다.

• Journal of Information Technology Applications and Management
• /
• v.23 no.1
• /
• pp.79-96
• /
• 2016

As numerous security breaches on a variety of information assets such as personal information, corporate secrets, computer servers, and networks have occurred, information security has emerged as a critical social issue. However, researches on economically rational information security decision-making have been few. Such researches are especially rare in South Korea where information security is considered to be a discipline of engineers. This study aims to identify the preferred themes and methodologies of information security economics research in the field of information systems by reviewing papers published in Management Information Systems Quarterly (MISQ), Information Systems Research (ISR), European Journal of Information Systems (EJIS), Management Science (MS), and Information and Management (I&M). We hope that the results of the study will be helpful in rational managerial or policy decision-making for practitioners and suggest future research topics for researchers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1099-1105
• /
• 2017

Enterprises use different accounting programs to process vast amounts of accounting data. Due to the characteristic of the accounting program, in addition to the accounting data used by the accounting program, there is a variety of information to help detect accounting fraud. Existing forensic accounting techniques have limited scope of analysis because they analyze only accounting data like accounting ledger without using such information. When you do accounting fraud detection, information obtained from characteristics of accounting program can be used to obtain various information that can not be obtained by accounting data analysis alone. In this paper, we try to contribute to effective accounting fraud investigation by suggesting a technique to effectively detect accounting fraud by using other data obtained from characteristics of accounting program used in Windows system.

• Korean Security Journal
• /
• no.9
• /
• pp.201-235
• /
• 2005

This study is designed to contribute for development of Private Security Business by fact-finding in instruction and training of private security guard serviced in this realm and domestic and foreign guard service and modeling effective and rational instruction and training program based on drawn problem. For this study, basically I collected and analyzed documents, theses, and papers of the inside and outside of the country. For practical use of data, I used materials of private security related institutes and police agency. And for private security educating training programs of the inside and outside of the country, I collected materials on internet, and with the help of police agency and interpol. For korean private security company's educating training programs, I made a study with the interview of private security company's businessmen. This study's conclusion is as follows. In a domestic private security enterprise, when set theory instruction minimize instruction and training program and must set up instruction and training program as practical affairs center enemy instruction, and theory instruction must be composed for instruction me that it is connected to practical affairs instruction too. The instruction course of private security guard instruction and training program composed with a security outline, a security plan, an information-gathering, civilian expenses, a security way, terror and terrorism, a related law, security trial, electronic security, a security analysis technique, company introduction, instruction and training program about a professional tube with theory instruction. Practical affairs instruction composed with the selection and a preventive security, close contact attendance security, vehicle security, security driving the security martial arts and self-protection liquor, first aid, security equipment, a gun and shooting, a security protocol, customer satisfaction, facilities security and expenses, a fire fighting instruction, teamwork training, explosive and a dangerous substance, physical strength, a documentation practical affairs, service, instruction and training program about foreigh language instruction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1071-1082
• /
• 2021

COVID-19 has changed a lot in our daily lives, where school classes and remote classes have been combined or converted to remote classes. Many students spent more time online, and cyberbullying, such as indiscriminate disclosure of their personal information, bullying of their classmates online, increased. In this paper, we propose an online education program as a countermeasure against cyberbullying. This program is designed for elementary, middle, and high school students and can also be used for informatics or ethics classes in the 2015 curriculum. The proposed program is divided into four major themes: 'Cyberbullying,' 'Information Security,' 'Cyber Crime,' and 'Language Violence,' and is divided into a total of ten topics according to its connection. It was organized to teach the topics evenly by grade. Also, the program's feasibility was verified by experts on the selection of educational contents and organizing of contents. In the future, it will be necessary to apply for this program and conduct an effectiveness analysis to measure whether it has effectively contributed to the decrease in cyberbullying rates among students and the improvement of coping skills.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.501-511
• /
• 2018

The purpose of this study is to develop the performance evaluation indicator of information security training program for developing the next generation of top security leaders. Through literature review and focus group interview, we derived the performance areas and indicators based on the logic model. We conducted AHP(Analytic Hierarchy Process) questionnaire to calculate the weight of the derived indicators, and developed the performance indicator based on the survey results. Performance indicators were composed of 18 indicators in four main categories.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.549-562
• /
• 2017

In recent years, as the proportion of mobile banking has become bigger with daily usage of mobile banking, security threats are also increasing according to the feeling. Accordingly, the domestic banking system introduces security solution programs in the banking application and sets security check points to ensure the stability of the application in order to check whether it is always executed. This study presents a vulnerability of inactivity bypassing mobile vaccine program operation checkpoints using the intermediate language statically and dynamically analysis when decompiling the android banking applications of major banks in Korea. Also, through the results, it identifies possible attacks that can be exploited and suggest countermeasures.

• Annual Conference of KIPS
• /
• 2008.11a
• /
• pp.1533-1536
• /
• 2008

악성 봇이 현대 인터넷 보안의 큰 위협으로 등장함에 따라, 이러한 봇을 탐지하기 위한 많은 연구가 진행되고 있다. 하지만 악성 봇은 꾸준히 진화하여 탐지방법을 무력화시키고 있으며, 최근 HTTP를 이용한 악성 봇의 등장으로 그 탐지와 대응이 더욱 어려워지고 있다. 게다가 웹기반 서비스들의 증가로 HTTP를 이용하는 패킷은 통신량의 대부분을 차지하고 있으며, 이들에 대한 분석은 큰 부하를 발생시키게 된다. 이러한 문제를 해결하기 위해서는 악성 봇넷을 효과적으로 탐지하기 위한 효율적인 매져들을 선택하여야 하며, 본 논문에서는 대표적인 HTTP 기반 악성 봇넷인 크라켄(Kraken) 봇넷의 특성을 분석하였다.