• The KIPS Transactions:PartC
• /
• 제12C권5호
• /
• pp.643-648
• /
• 2005

Intranet system for use within an organization, usually a corporation, is to basically pass through user authentication, but information can be leaked, modified, and deleted by malevolent users who disguise an authorized user or due to user's mistakes in using various functions of web browser. Thus, there is a need for measures to protect the information from illegal use, transformation through partial modification, and illegal leakage such as fraudulent use. This paper presents a flexible Web Security Access Control system based ACM which Provide efficient suity Policy to Protect information in intranet. This Web Security Access Control system not only enhances security by Performing encryption/decryption of information in intranet but also, for sharing confidential information among departments, performs effective and useful access control by assigning different authority to the secured web page. And, by controlling the functions of client PC in various ways, information leakage on malicious purpose or by mistake can be prevented.

• Convergence Security Journal
• /
• 제18권3호
• /
• pp.37-44
• /
• 2018

Today we live in a flood of web sites and access numerous websites through the Internet to obtain various information. However, unless the security of the Web site is secured, Web site security can not be secured from various malicious attacks. Hacking attacks, which exploit Web site security vulnerabilities for various reasons, such as financial and political purposes, are increasing. Various attack techniques such as SQL-injection, Cross-Site Scripting(XSS), and Drive-By-Download are being used, and the technology is also evolving. In order to defend against these various hacking attacks, it is necessary to remove the vulnerabilities from the development stage of the website, but it is not possible due to various problems such as time and cost. In order to compensate for this, it is important to identify vulnerabilities in Web sites through web vulnerability checking and take action. In this paper, we investigate web vulnerabilities and diagnostic techniques and try to understand the priorities of vulnerabilities in the development stage according to the actual status of each case through cases of actual web vulnerability diagnosis.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2012년도 제46차 하계학술발표논문집 20권2호
• /
• pp.403-406
• /
• 2012

인터넷이 확산과 더불어 보안의 문제도 증가하고 있다. 이로 인해 네트워크 보안과 서비스에 대한 관리자의 책임 또한 더욱더 중요시 되고 있다. 본 논문에서는 웹로그를 분석하여 웹호스팅 환경에서 장시간 사용되지 않아 보안성이 약한 사용자 계정을 관리자로 하여금 시스템 보안의 틈새를 찾고 이를 해결할 수 있는 방안을 제시하였다. 이를 위해 WLA(Web Log Analyzer)를 구현하여 웹서버가 수행될 때 기록되는 각각의 로그를 분석한다. 그 결과 웹호스팅을 사용한 계정 이름의 수를 포함한 UUL(Used User List)를 구축하고 일정기간 사용하지 않는 호스팅 서비스 이용자를 찾아내고, 관리할 수 있게 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 한국정보처리학회 2003년도 추계학술발표논문집 (하)
• /
• pp.1969-1972
• /
• 2003

최근 이 기종 시스템 및 애플리케이션의 상호호환을 위해 웹 기반 서비스에 대한 관심이 고조되어가고 있다. 웹의 편리함과 동시에 누구에게나 접근 가능한 웹의 개방성은 보안에 대한 문제점을 야기시키는데, 웹서비스 보안기술은 이에 대한 해결책을 제시하고 있다. 본고에서는 웹서비스 보안기술에 대해 살펴보고, 웹서비스 보안 기술의 취약점 및 이를 보완할 수 있는 향상방안에 대해 기술하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• 제25권6호
• /
• pp.73-79
• /
• 2020

Nowadays, with the rapid spread of streaming services in the internet world, security vulnerabilities are also increasing rapidly. For streaming security, this paper proposes a PN(pseudo-random noise) distributed structure-based security processor for web streaming contents(SP-WSC). The proposed SP-WSC is basically a PN distributed code algorithm designed for web streaming characteristics, so it can secure various multimedia contents. The proposed SP-WSC is independent of the security vulnerability of the web server. Therefore, SP-WSC can work regardless of the vulnerability of the web server. That is, the SP-WSC protects the multimedia contents by increasing the defense against external unauthorized signals. Incidentally it also suggests way to reduce buffering due to traffic overload.

• Proceedings of the Korean Information Science Society Conference
• /
• 한국정보과학회 2002년도 가을 학술발표논문집 Vol.29 No.2 (1)
• /
• pp.598-600
• /
• 2002

Web Services가 차세대 e-Business를 주도할 것으로 많은 주목을 받으면서 XML(extensible Markup Language)을 기반으로 하여 폭넓게 성장해 가고 있다. 하지만 안전한 서비스의 측면에서 Web Services 는 폐쇄환경에서는 존재하지 않았던 새로운 보안 고려사항들을 부각시키고 있다. 이에 대한 해결을 위해 본 논문에서는 XML을 기반으로 하는 Web Services의 특성에 맞추어, 플랫폼 독립적이며 언어 중립적인 특징을 유지한 XML-Signcryption을 제안하는데, 이것은 논리적으로 한번에 전자 서명과 암호화를 함께 수행하도록 하여 기존의 서명 후 암호화에서 요구되는 계산 비용보다 더 적은 비용을 가지고 있는 Zheng의 Signcryption 기법을 XML 보안에 응용한 것이다. 본 논문에서 처음으로 XML 구문 형식을 따라 XML-Signcryption이란 명칭으로 설계하여 제안하는 XML-Signcryption은 암호화와 전자서명을 따로 구현한 W3C(World Wide Web Consortium)의 XML-Encryption이나 XML-Signature 스펙과 비교해, 전자서명과 암호화의 두 가지 보안 메커니즘을 위한 각각의 구현을 따로 할 필요 없이 한번에 할 수 있다는 면에서 개발자들에게 편리성을 제공할 뿐만 아니라 계산 비용 측면에서도 효율적인 장점을 제공한다.

• Convergence Security Journal
• /
• 제15권7호
• /
• pp.9-19
• /
• 2015

The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 한국정보통신학회 2014년도 춘계학술대회
• /
• pp.261-263
• /
• 2014

The public services without going through the web is now about to become impossible. To solve these kinds of security issues about the web, the government announced that a secure coding for web server is mandatory since 2012. In the domestic market, the web firewall has been promoted and widely sold as one of the best solutions for the existing web problems. In this study, with providing the effective way operator can apply security policies for the web firewall, more stable web services can be presented.

• Convergence Security Journal
• /
• 제15권4호
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• Journal of the Korea Society for Simulation
• /
• 제17권3호
• /
• pp.53-62
• /
• 2008

This paper proposes a new implementational model based on the security model of Oracle for Web ontology. Recently, several access control models using relational database security model for access control to Web ontology have been developing, and one of the most representative access control model is the RAC model. However, the RAC model is based on the standard security model, and thus it does not provide a implementational model for practical relational database management systems. In this paper, we propose an implementational model based on Oracle which is widely used and providing various security policies. This paper shows the implementation and experimental evaluation. Especially, the proposed model uses the VPD security model of Oracle and support high application and usability.