• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.161-166
• /
• 2003

In this paper, we propose a novel method of design and implementation for the multimedia monitoring system using Web Camera. Recently WebCam is variously applied to many different areas and implemented as an improved performance using convenient functions of Web in this Internet era. Multimedia moving pictures has been popularly used in a variety of ways in different areas of monitoring systems in order to enhance the performance and the service with their data compression capability and the speed of the communication network these days. The design method of WebCam system presented in this paper might offer not only a convenient function of the monitoring system but great application capabilities. It can be used for a real time application of the multimedia picture and audio transmission so that the monitoring system can manage the security information in the sense for the reality. Tn addition, the monitoring system may be used as an inreal-time application using data storage and retrieval features of the Web. We offer both functions of monitoring in this structured form of implemented system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.427-430
• /
• 2007

우리나라가 IT 강국으로 성장할 수 있었던 배경은 여러 이유가 있지만, 그 이유들 중에서 "Web"의 탄생을 생각하지 않을 수가 없다. "Web"이라는 매개체는 서비스를 제공자들 사이에서 상호연결을 쉽게 해주고, 새로운 직업과 기회를 주었다. 하지만 접근하기 쉬운 Application과 Application들 간의 통합이 됨에 따라 보안에 대한 문제가 발생한다. 이러한 보안상의 취약점을 점검하는 도구들이 존재하고 있다. 보안상의 취약점을 예방하는 차원에서 개발되어 졌지만, 악의적인 용도로 사용되어 질 수도 있다. 악성코드의 경우 전년도 동기 대비 50.9%, 스파이웨어의 경우 9.7%정도 증가했다고 밝혔다. 본 논문은 보안 취약점 점검 도구들을 이용하여 웹 상에서 사용자의 컴퓨터 시스템에 대한 점검을 통해서 결과를 보여주는 환경을 개발한다. 또한 공개된 보안 취약점 점검 도구의 융합을 통한 통합된 보안 취약점 점검 기능을 점검하는 웹 환경을 개발한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.85-86
• /
• 2018

본 논문에서는 사이버공격의 주요 대상인 웹 애플리케이션의 보안을 위하여 취약점진단 및 제거, 이행점검의 웹 통합보안관리 플랫폼을 제안한다. 이 플랫폼은 동적진단엔진, 취약점제거보안모듈, UI를 제공하는 통합관리시스템, 진단 결과를 저장하는 결과 및 통계 DB, 와 진단을 위한 관련 정보를 저장하는 진단 및 보안정보 DB로 구성되며, 동적진단결과에 대한 상관관계분석 기능과 취약점 개선 활동 시 스마트 보안모듈을 통해 빠르고 손쉬운 취약점 제거수정, 완화할 수 있는 통합플랫폼 연구를 통하여 웹 애플리케이션보안을 효율적으로 할 수 있다.

• Electronics and Telecommunications Trends
• /
• v.11 no.4 s.42
• /
• pp.37-48
• /
• 1996

정보 검색에 주로 이용되던 웹이 편리함과 효용성이 알려지면서 전자메일, BBS, 전자상거래 등 광범위한 분야로 이용이 확대됨에 따라 보안성 문제가 제기되기 시작하였다. 본 고에서는 먼저 기존의 웹 보안 기법을 살펴보고 새롭게 요구되는 보안 서비스를 바탕으로 보안 요구사항을 도출한다. 또한 IETF(Internet Engineering Task Force) 보안그룹들, W3C(World Wide Web Consortium), 그리고 각 업체 등에서 연구되고 있는 주요 보안기법과 연구동향에 대해 기술한다.

• Journal of KIISE:Databases
• /
• v.35 no.2
• /
• pp.155-168
• /
• 2008

This paper proposes a relational security model-based RDF Web ontology access control model. The Semantic Web is recognized as a next generation Web and RDF is a Web ontology description language to realize the Semantic Web. Much effort has been on the RDF and most research has been focused on the editor, storage, and inference engine. However, little attention has been given to the security issue, which is one of the most important requirements for information systems. Even though several researches on the RDF ontology security have been proposed, they have overhead to load all relevant data to memory and neglect the situation that most ontology storages are being developed based on relational database. This paper proposes a novel RDF Web ontology security model based on relational database to resolve the issues. The proposed security model provides high practicality and usability, and also we can easily make it stable owing to the stability of the relational database security model.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.5
• /
• pp.93-99
• /
• 2004

The most important technology in the electronic commerce based on Internet is to guarantee the security of trading information exchange. Many technologies are proposed as a standard to support this security problem. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper an XML security model for web services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.35-42
• /
• 2013

Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.