• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.693-706
• /
• 2024

The browser is utilized to render web pages in programs that perform tasks such as data extraction, format conversion, and development testing on web pages. Online services that utilize browsers can cause security issues if browser information is exposed or used in an unsafe manner. This paper presents security requirements for the safe use of browsers and explains the security threats that arise if these requirements are not met. Through evaluation, the security verification of commercial web applications is conducted, and the vulnerabilities that allow browsers to be exploited as attack tools are analyzed.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.24 no.4
• /
• pp.157-170
• /
• 1999

The web-based groupware systems hold many possibilities for system developers and users. Especially, web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. However, current web technologies have limitations in supporting this, largely because the existing Hypertext Transfer Protocol(HTTP) is unidirectional and does not allow web servers to send messages to their web browsers without first receiving requests from them. This paper proposes an active web server that can overcome such limitations and facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such goals, the active web server manages dependency relationships beween shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefulness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System(0DBMS) called OBJECTSTERE using the C++ programming language.

• Journal of Korea Multimedia Society
• /
• v.16 no.3
• /
• pp.342-353
• /
• 2013

The Internet has become a part of our lives. As the number of devices with Internet accessibility increases, users can use web services with those devices anytime, anywhere. Web contents on the web page can be delivered to user in various forms for various devices and users want to use seamlessly the contents with an appropriate device. Web browser extension is function to add features that are not supported by default browser. All browsers support extensions that provide the same services for cross-browser. In this paper, We proposed object migration architecture between heterogeneous browsers by expanding our proposed mechanism that identifies objects and the information of those objects to be migrated in the web page, extracts the object and creates object after migration. For this purpose, we analyzed the extension architecture of representative browsers and investigated necessary files to develop objects migration extension. In addition, We investigated how to send and receive message among files in each browser extension and the interaction mechanism among those files. Finally, We implemented the object migration mechanisms between heterogeneous browsers.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.5
• /
• pp.755-761
• /
• 2002

Before the Internet was available, most application programs were executed using terminals, connected to host computers, as standard input output devices. The Internet is popular today and many services are provided on web browsers connected to the Internet. Since the standard I/O method used for terminals is different from the communication I/O methods used for web browsers, it is not possible to execute many application programs developed for the conventional terminals on web browsers. In this paper, we describe Web Input Output(WEBIO) library that enables application programs conventional on terminals to be executed on web browsers by recompilation without source modification. The WEBIO libraries for C and Prolog languages have been developed and they are under test now.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.3
• /
• pp.37-49
• /
• 2011

A user can use resources on the Semantic Web using a Semantic Web browser. In order to utilize the functions of Semantic Web browsers in education, we compared the functions of well-known Semantic Web browsers such as Tabulator, Contextual Search Browser (CSB), Magpie, and Piggy Bank. In order to utilize Semantic Web browsers in education, a user needs to understand the features of each Semantic Web browser and our work can help both teachers and students. Tabulator is an RDF browser that can help to check whether resources can be used for learning and relevance of resources. CSB can be used to search educational resources using a conrtext file that contains the subjects of learning. It can also help learning by showing semantic web resources in the form of triple set as well as by supporting highlighting function. Magpie can help learners without basic knowledge on learning materials by providing interpretation based on a glossary file and related background knowledge. Piggy Bank supports conversion of web resources into semantic web resources and allows to browse semantic web resources in various views as well as to share semantic web resources.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• Proceedings of the Korea Database Society Conference
• /
• 1999.06a
• /
• pp.95-102
• /
• 1999

The web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. This Paper proposes an active web server which can facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such a goal, the active web server manages dependency relationships between shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefullness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System (ODBMS) called OBJECTSTORE using the C＋＋ programming language.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 1999.03a
• /
• pp.95-102
• /
• 1999

The web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. This paper proposes an active web server which can facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such a goal, the active web server manages dependency relationships between shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefullness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System (ODBMS) called OBJECTSTORE using the C++ programming language.

• ETRI Journal
• /
• v.41 no.3
• /
• pp.277-288
• /
• 2019

VWorld is run by the Ministry of Land, Infrastructure, and Transport of South Korea and provides national spatial information, such as aerial images, digital elevation models, and 3D structural models. We propose herein an open platform for 3D spatial information based on WebGL using spatial information from VWorld. WebGL is a web-based graphics library and has the advantage of being compatible with various web browsers. Our open platform is also compatible with various web browsers. Accordingly, it is easily accessible via the VWorld site and uses the three-dimensional (3D) map program. In this study, we describe the proposed platform configuration, and the requests, management, and visualization approaches for VWorld spatial information data. Our aim is to establish an approach that will provide a stable rendering speed even on a low-end personal computer without a graphics processing unit based on a quadtree structure. We expect that users will be able to visualize 3D spatial information through the VWorld open platform, and that the proposed platform will become the basis for various applications.