• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.167-176
• /
• 2021

This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.

• Proceedings of the KSR Conference
• /
• 2011.05a
• /
• pp.125-131
• /
• 2011

TSI(Technical Specification for Interoperability) is the highest technical specification in the Europe Railway and is composed by assessment items and essential requirements included by safety, reliability, availability, health, environment protection and technical compatibility. It is used on the research and development in the next generation railway technical. Currently, TSI procedures have been asked to bid for high speed rail business in Europe and Brazil. Also, all the railway systems such as infrastructure, signaling, electric and rolling stock system corresponding with standard of TSI procedures are exported and imported. Recently, Safety Critical System which has been studied on future railway R&D business in Korea is the state of the art train control system. And it is needed for system assessment of TSI procedures before system test and operation. In this paper, basic research is performed for analyzing TSI procedures suitable for the state of the art train control system in Korean railway.

• Review of KIISC
• /
• v.8 no.4
• /
• pp.63-76
• /
• 1998

미국을 비롯한 정보보호 기술 선진국에서는 일반 기업은 물론 정부 차원에서 안전한 운영체제(Secure Operating System) 개발에 적극적으로 나서고 있다. 운영체제 기술 발전의 흐름에 따라 안전한 운영체제 또한 기존의 IK(Integrated Kernel)방식도다는 MK(Micro Kernel)방식으로 DTOS(Distriibuted Trusted Operating System) 프로토타입(protorype)구현을 끝으로 종료된 Synergy연구 과제의 후속으로 현재 Flask 프로젝트가 진행 중이다. Flask커널 역시 이러한 MK를 기반으로 하고 있으며 현재 Flask 보안 커널 개발 프로젝트는 Flux연구 과제의 주요 주제 중 하나로 진행중이다. DTOS연구 과제의 명맥을 잇는 Flask젝트는 보안 커널에 대한 적극적이고 지속적인 미국 정부차원의 노력인 것이다. 본 논문에서는 주요 정보통신 기반 구조의 보호를 위한 보안 커널 (Security Kernel) 개발 동향을 파악하기 위해 현재 미국에서 진행중인 보안커널 개발 동향 및 연구 내용에 대해 분석한다.

• Review of KIISC
• /
• v.25 no.5
• /
• pp.18-25
• /
• 2015

전력시스템은 설비계획 및 운영상의 신뢰도 확보를 위해 신뢰도 기준을 수립 적용하고 있다. 최근에 전력산업 및 스마트그리드에서의 사이버 보안이슈가 부각되면서, 신뢰도 기준에도 사이버 보안 관련 규정을 수립하기 위한 노력이 진행 중에 있다. 미국 전력산업의 경우, NERC라는 규제기관을 통해 사이버 보안과 관련한 신뢰도 기준들을 CIP(Critical Infrastructure Protection) 차원에서 수립하였으며, 이를 지속적으로 업데이트하고 있다. 우리나라의 경우는 아직까지 사이버 보안 관련 신뢰도 기준이 구체적으로 수립되지 않고 있으며, 이를 보강하기 위한 연구가 진행 중에 있다. 전력시스템에서의 사이버보안 이슈는 이를 모니터링하고 제어하기 위한 SCADA 시스템 및 기타 정보망 차원에서의 잠재적 위협과 더불어, 해당 정보인프라가 전력시스템과 상호작용함으로써 발생하는 복합적인 효과를 고려할 필요가 있다. 이러한 맥락에서 본 논문에서는 NERC 규정과 선행 연구사례들을 참고하여 국내적용을 위한 사이버 보안 신뢰도 기준수립에 대한 방향성을 제안하고자 한다.

• Korean Management Science Review
• /
• v.33 no.1
• /
• pp.49-58
• /
• 2016

Focusing on the drastic increase of smart devices, machine generated data expansion is a general phenomenon in network services and IoT (Internet of Things). Especially, built-in multi sensors in a smart device are used for collection of user status and moving data. Combining the internal sensor data and environmental information, we can determine landmarks that decide a pedestrian's locations. We use an ANOVA method to analyze data acquired from multi sensors and propose a landmark classification algorithm. We expect that the proposed algorithm can achieve higher accuracy of indoor-outdoor positioning system for pedestrians.

• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.1-6
• /
• 2020

The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.2
• /
• pp.281-292
• /
• 2004

As the logistic environment of digital contents is rapidly changing, the protection of the digital rights for digital content has been recognized as one of critical Issues. Digital Right Management(DRM) has taken much interest Internet Service Provider(ISP), authors and publishers of digital content as an interested approach to create a trusted environment for access and use of digital resources. This paper propose an interested digital rights protection scheme using license agent to address problems facing contemporary DRM approached : static digital rights management, and limited application to on-line environment. We introduce a dynamic mission control technology to realize dynamic digital rights management. And we incorporate license agent to on- and off-line monitoring and tracking. The proposed system prevent illegal access and use by using PKI security method, real time action monitoring for user, data security for itself.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.10C
• /
• pp.749-757
• /
• 2008

In this paper, we propose an authentication scheme for EVPT (Emergency Vehicle Priority Transit) service in Vehiclar Ad-hoc Networks (VANET) enable a variety of vehicle comfort services, traffic management applications, and infotainment services. These are the basis for a new generation of preventive and active safety functions. By intelligently controlling signalling at intersections, providing additional information to the driver and warning the driver in critical situations. we therefore focus on vehicle-to-infrastructure communication for the authentication between emergency vehicles and traffic lights system. This authentication process should identify the vehicle, and provide privacy protection.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.6
• /
• pp.595-601
• /
• 2010

Desktop virtualization technology running on the local computing system in the process of resource depletion or degradation, such as upgrading the system to solve problems and manage critical information and systems must be protected. In addition, a virtualized environment by constructing a convenient stand-virtualized infrastructure and user space, and security from external attack or internal flaw or a problem, even if the service fails to respond quickly and should help to recover. In this paper, a comprehensive virtualization technology based on the client's desktop virtualization technology elements needed to find a local computing environment more comfortable and stable in the proposed new virtualization technologies.

• Structural Engineering and Mechanics
• /
• v.36 no.3
• /
• pp.321-341
• /
• 2010

The seismic-induced failure of a dam could have catastrophic consequences associated with the sudden release of the impounded reservoir. Depending on the severity of the seismic hazard, the characteristics and size of the dam-reservoir system, preventing such a failure scenario could be a problem of critical importance. In many cases, the release of water is controlled through a reinforced-concrete intake tower. This paper describes the application of a static nonlinear procedure known as the Capacity Spectrum Method (CSM) to evaluate the structural integrity of intake towers subject to seismic ground motion. Three variants of the CSM are considered: a multimodal pushover scheme, which uses the idea proposed by Chopra and Goel (2002); an adaptive pushover variant, in which the change in the stiffness of the structure is considered; and a combination of both approaches. The effects caused by the water surrounding the intake tower, as well as any water contained inside the hollow structure, are accounted for by added hydrodynamic masses. A typical structure is used as a case study, and the accuracy of the CSM analyses is assessed with time history analyses performed using commercial and structural analysis programs developed in Matlab.