• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.01a
• /
• pp.243-247
• /
• 2013

응용시스템 개발 과정에 있어서 중요하고 핵심을 이루는 작업은 분석과 설계 작업이며 아울러 대부분의 응용시스템은 데이터베이스 기반으로 구축된다. 또한, 응용시스템들은 외부 공격에 쉽게 노출되기 때문에 보안과 관련된 처리 과정 역시 중요하다. 하지만 이러한 보안은 대부분 개발 마지막 과정에서 고려하기 때문에 보안에 취약한 응용시스템들이 개발될 가능성이 매우 높다. 따라서 개발 초기에 보안을 반영한 분석 및 설계 과정이 매우 중요하다. Java EE는 웹 응용시스템을 위한 보안 방안을 제공하고 아울러 관계형 데이터베이스도 보안을 위하여 역할기반 접근제어를 지원하고 있지만 관계형 데이터베이스 및 Java EE의 역할기반 접근제어를 활용하는, 요구사항 수집부터 구현까지 개발 단계 전체에 걸친 일관된 개발방법론은 전무한 실정이다. 따라서 본 논문에서는 보안 요구사항을 요구사항 수집부터 분석 및 설계 그리고 마지막 구현 단계까지 반영하여 Java EE 기반의 웹 응용시스템을 개발하기 위한, 보안을 고려한 일관된 통합 분석.설계 방법론을 제안한다.

• Journal of Korean Society of Disaster and Security
• /
• v.9 no.1
• /
• pp.19-24
• /
• 2016

In this study, we conducted a study on the development of Internet of Things-based disaster response system. We researched the method of building the network-based disaster prevention system using a client machine that the sensor network and the keeper. Also, we developed the algorithm for optimal evacuation shelter based on spanning tree algorithm. The system is tested actually in Seoul Gaepo station, and we verified the usability of the system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.301-304
• /
• 2003

Recently, the development of internet remote control system has been studied lively along with fast growth of internet. In this paper, we proposed the internet-based remote control and monitoring system using java platform. The apache web server that is now used worldwide was constructed for monitoring and controlling of an machine in administrator's web browser. We solved the limitation on security which is the biggest problem of internet control system due to strong security setting in web server. As a result of experiment which is used in the proposed remote internet control system, several time-delay occurred in internet. However, correct control result could be achieved without an error. And this system monitored informations of a RPM, temperature and the other condition in almost real time.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.72-80
• /
• 2016

Recently, IM(Instant Messenger) of KakaoTalk is being used on smart devices such as smartphones. Because IM service can carry user and/or suspector's various information including life style, geographical position, psychology and crime history, forensic analysis on IM service is desirable. But, forensic analysis for KakaoTalk is not well studied yet. This paper studies a proper forensic method for KakaoTalks, finds artifacts location, reconstruct the list of contacts and the chronology of the messages that have been exchanged by users. Proposed methodology and analyzed information can provide a basic platform for forensic tool.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.8
• /
• pp.651-662
• /
• 2013

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

• Journal of Multimedia Information System
• /
• v.7 no.3
• /
• pp.215-220
• /
• 2020

Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.1C
• /
• pp.74-79
• /
• 2006

When DRM systems are built on a specific computing platform and a coding algorithm, the interoperability among them will be improbable. For enhanced compatibility, MOSES has been developed such that it has a structure that can be decomposed into independent modules for interoperability with other DRM systems with IPMP functionality. In MOSES, security in contents transaction is provided by JPWallet which controls licenses with key management. In this paper, we present the structure of JPWallet and how the keys are handled between contents servers and contents-consuming clients. The PDA-based codes from the prototype MOSES system have been ported into PC-based codes and tested for compatibility. Analysis of JPWallet, which is the core of MOSES, will contribute to the standardization of domestic IPMP systems compatible with global standards.

• Convergence Security Journal
• /
• v.7 no.1
• /
• pp.91-97
• /
• 2007

According to increasing necessaries of workflow systems, it will be useful to most Enterprises. However existing workflow systems are shared only inside of systems that use a same process definition. It is difficult to share a process definition with another enterprise using different platforms. In this paper, we used Web Service for sharing process definition. Web Service have advantage that can linked between different platforms. Therefore we developed workflow Process definition by using Web Service. Using Web Service, we can be share workflow process definition between enterprises using different platform.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.189-195
• /
• 2019

PPL advertising is growing due to the cheaper cost than other TV commercials, the familiar image construction from natural exposure in video, and the overseas marketing effects from programs export. However, it is difficult to provide additional information on PPL advertising targets in addition to short video exposure due to the restriction that they should be exposed without antagonizing viewers. This study designed a data service that supports PPL advertising, which provides additional information for PPL advertising targets. Specifically, the user scenario and user interface of the data service were designed considering the characteristics of the TV platform, the key additional information was defined by distinguishing the typical types of PPL advertisement, and the information on when PPL advertising targets should be exposed in the program was devised. We also developed a DVB-SI based method to provide the supplementary information to the data service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.135-141
• /
• 2010

This research examines technologies and systems regarding right to control information in the network era. For this purpose, It attempts an integrated analysis of technologies and systems on the basis of the tree components of cyberspace. And it examines the prior researches and cases on privacy, personal information, and right to control information with emphasis on technologies and systems of the cyberspace. To protect privacy information, it analyses vulnerability of element technology, platform service technology, and individual technology. In particular, it describes, from the perspective of right to control information, the risk and security measures for personal information to be used as relation-context in the Web 2.0 environment. The research result will assist the methodology of future researches for grand theory on privacy information and help understanding the interaction between technology and society.