• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.3
• /
• pp.97-104
• /
• 2015

This paper will feature designs for security vulnerability based on MS-SQL Database and OLE connectivity by checking the MS-SQL database password policy, the user account password access attempts, a user without password, and password does not be changed for a period of time. This paper uses the MS-SQL database and C++ linkage in order to use the OLE DB function. The design module should judge presence or absence of security vulnerability by checking database password policy, the user account password access attempts, a user without password, password does not be changed for a period of time. The MS-SQL database password associated with a feature, judging from the many features allows you to check for security vulnerability. This paper strengthen the security of the MS-SQL database by taking the advantage of the proposed ability.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.10
• /
• pp.3138-3147
• /
• 2000

EC(Electronic Commerce) which is cone the virtual space through Internet, has the advantage of time and space. On the contrary, it also has weak point like security probelm because anybody can easily access to the system due to open network attribute of Internet. Theretore, we need the solutions that protect the EC security problem for safe and useful EC activity. One of these solution is the implemonlation of a strong cipher algorithm. YK2(YoungKu Kang) cipher algorithm proposed in this paper is advantage for the EC security and it overcomes the limit of the current 6/1 bits block cipher algorithm using 128 bits key length for input, output, encryption key and 32 rounds. Moreover, it is degigned for the increase of time complexity and probability calculation by adapting more complex design for key scheduling regarded as one of the important element effected to enciyption.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.33-44
• /
• 2021

Data outsourcing utilizing the Cloud faces a problem of the third-party exposure, modulation, and reliability for the provided computational delegation results. In order to solve those problematic security issues, homomorphic encryption(HE) which executes calculation and analysis on encrypted data becomes popular. By extension, a new type of HE with a authentication functionality, homomorphic authenticated encryption(HAE) is suggested. However, a research on the HAE is on the initial stage. Furthermore, based on a message authenticated scheme with HE, the method and analysis to design is still absent. This paper aims to analyze an HAE, with a generic combination of a message authenticated scheme and a HE, known as "Encrypt with Authentication". Following a series of analysis, we show that by adopting a unforgeable message authenticated scheme, the generically constructed HAE demonstrated an unforgeability as well. Though, a strong unforgeability is not the case. This paper concludes that although indistinguishable HE can be applied to design the HAE, a security issue on the possibility of indistinguishability is still not satisfied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.83-92
• /
• 2009

As the innovative internet technologies and multimedia are being rapidly developed, malicious codes are a remarkable new growth part and supplied by various channel. This project presents a classification methodology for malicious codes in Windows OS (Operating System) environment, develops a test classification system. Thousands of malicious codes are brought in every day. In a result, classification system is needed to analyzers for supporting information which newly brought malicious codes are a new species or a variety. This system provides the similarity for analyzers to judge how much a new species or a variety is different to the known malicious code. It provides to save time and effort, to less a faulty analysis. This research includes the design of classification system and test system. We classify the malicious codes to 9 groups and then 9 groups divide the clusters according to the each property.

• Asia-Pacific Journal of Business
• /
• v.11 no.3
• /
• pp.243-260
• /
• 2020

Purpose - This paper aims to investigate the properties of crude oil based derivative security (DLS) focusing on step-down type for comprehensive understanding of its risk. Design/methodology/approach - Kernel estimation is conducted to figure out statistical feature of the process of oil price. We simulate oil price paths based on kernel estimation results and derive probabilities of hitting the barrier and early redemption. Findings - The amount of issuance for crude oil based DLS is relatively low when base prices are below $40 while it is high when base prices are around $60 or $100, which is not consistent with kernel estimation results showing that oil futures prices tend to revert toward $46.14 and the mean-reverting speed is faster as oil price is lower. The analysis based on simulated oil price paths reveals that probability of early redemption is below 50% for DLS with high base prices and the ratio of the probability of early redemption to the probability of hitting barrier is remarkably low compared to the case for DLS with low base prices, as the chance of early redemption is deferred. Research implications or Originality - Empirical results imply that the level of the base price is a crucial factor of the risk for DLS, thus introducing a time-varying knock-in barrier, which is similar to adjust the base price, merits consideration to enhance protection for DLS investors.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.39 no.6
• /
• pp.477-482
• /
• 2021

The integrated underground space map system provides information on infrastructure that requires security, but to prevent rupture accidents during excavation work at the underground construction site, it must provide information on all underground facilities on the site. Providing additional information other than the object of interest to the user is a factor that increases the risk of information leakage of security data. In this paper, we design the visualization filtering method that when visualizing the integrated underground space map in the field, the visualization of entire underground facilities of interest to workers is performed, but visualization of other underground facilities is minimized to minimize the risk of security data information leakage. To this end, a visualization area of a certain distance for each of the underground facilities of interest was created, and an integrated visualization filter was created with spatial union operation. When the integrated underground map is output on the screen, only the objects located within the filter area are visualized using the generated filter information, and objects that exist outside are not visualized, thereby minimizing the provision of information to the user.

• Steel and Composite Structures
• /
• v.42 no.1
• /
• pp.91-106
• /
• 2022

Concrete-filled square stainless steel tubes (CFSSST), which possess relatively large flexural stiffness, high corrosion resistance and require simple joint configurations and low maintenance cost, have a great potential in constructional applications. Despite that the use of stainless steel may result in high initial cost compared to their conventional carbon steel counterparts, the whole-life cost of CFSSST is however considered to be lower, which offers a competitive choice in engineering practice. In this paper, a comprehensive experimental and numerical program on 24 CFSSST stub column specimens, including 3 austenitic and 3 duplex stainless steel square hollow section (SHS) stub columns and 9 austenitic and 9 duplex CFSSST stub columns, has been carried out. Finite element (FE) models were developed to be used in parametric analysis to investigate the influence of the tube thickness and concrete strength on the ultimate capacities more accurately. Comparisons of the experimental and numerical results with the predictions made by design guides ACI 318, ANSI/AISC 360, Eurocode 4 and GB 50936 have been performed. It was found that these design methods generally give conservative predictions to the ultimate capacities of CFSSST stub columns. Improved calculation methods, developed based on the Continuous Strength Method, have been proposed to provide more accurate estimations of the ultimate resistances of CFSSST stub columns. The suitability of these proposals has been validated by comparison with the test results, where a good agreement between the predictions and the test results have been achieved.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.21-26
• /
• 2023

The development and distribution approach of applications is transitioning from a monolithic architecture to microservices and containerization, a lightweight virtualization technology, is becoming a core IT technology. However, unlike traditional virtual machines based on hypervisors, container technology does not provide concrete security boundaries as it shares the same kernel. According to various preceding studies, there are many security vulnerabilities in most container images that are currently shared. Accordingly, attackers may attempt exploitation by using security vulnerabilities, which may seriously affect the system environment. Therefore, in this study, we propose an efficient automated deployment pipeline design to prevent the distribution of container images with security vulnerabilities, aiming to provide a secure container environment. Through this approach, we can ensure a safe container environment.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 1999.04a
• /
• pp.380-380
• /
• 1999

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.