• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• The Korean Society of Law and Medicine
• /
• v.20 no.1
• /
• pp.109-132
• /
• 2019

Recently, medical accidents related to surgical procedures have increased. In addition, the media reported that some of these accidents were involved in health crimes. Patient-advocate groups have called for mandatory establishment and management of CCTV in operating rooms. There is a lot of discussion among the interested parties, so it is necessary to review the relevant laws and regulations. The purpose of this study is to identify the characteristics of CCTV in operating rooms and to review legislations related to establishment and management of the CCTV in operating rooms. Medical institutions use CCTV for management of facilities and patient safety and install it in operating rooms optionally. The Constitution guarantees the privacy and the privacy of correspondence of every citizen, but it can be limited by the law for public welfare. Currently, however, there is no existing law about establishment and management of the CCTV in operating rooms and it can be defect of legal system. Under the current legislations, it is likely that the Self-determination can be violated due to the characteristic of healthcare provider when CCTV is mandatorily installed in operating room. In addition, the regulations on access and leakage of confidential information known by operator are insufficient. So that, the safety of the visual data might be threatened. Furthermore, unless the period and the place of storage of the visual data are clearly defined, it is highly unlikely to meet the original purpose of patient safety and prevention of medical accidents. This study is meaningful as there is few previous study on this topic although the need for legal review about this is growing and several bills are being proposed. It is expected that the results of this study can be utilized as basic data for enactment or amendment of the laws and regulations about establishment and management of CCTV in operating rooms.