• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.132-138
• /
• 2012

Existing network layer firewall security support is one that does not support the higher layer, the application layer of a vulnerable web application security. Under these circumstances, the vulnerability of web applications to be able to defend a Web Application Firewall is positioned as a solver to solve the important security issues of businesses spotlighted in the next generation of security systems, and a very active market in the market other than domestic is expected to be formed. However, Firewall Web has not yet proposed a standard which can be used to test the performance of the Web Application Firewall Web Application Firewall and select the products of trust hardly Companies in BMT conduct their own individual problems and the cost of performance testing technologies, there is a limit. In this study, practically usable BMT model was developed to evaluate the firewall vendor. Product ratings ISO / IEC 9126, eight product characteristics meet the performance and characteristics of a web application firewall entries are derived. This can relieve the burden on the need to be evaluated in its performance testing of Web firewall, and can enhance the competitiveness of domestic-related sectors, by restoring confidence in the product can reduce the dependence on foreign products.

• The KIPS Transactions:PartA
• /
• v.18A no.3
• /
• pp.81-92
• /
• 2011

There has been a number of attempts to apply 3D CAD data created in the design stage of product life cycle to various applications of the other stages in related industries. But, 3D CAD data requires a large amount of computing resources for data processing, and it is not suitable for post applications such as distributed collaboration, marketing tool, or Interactive Electronic Technical Manual because of the design information security problem and the license cost. Therefore, various lightweight visualization formats and application systems have been suggested to overcome these problems. However, most of these lightweight formats are dependent on the companies or organizations which suggested them and cannot be shared with each other. In addition, product structure information is not represented along with the product geometric information. In this paper, we define a dataset called prod-X3D(Enhanced X3D Dataset for Web-based Visualization of 3D CAD Product Model) based on the international standard graphic format, X3D, which can represent the structure information as well as the geometry information of a product, and propose a translation method from 3D CAD data to an prod-X3D.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1021-1026
• /
• 2015

Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.

• Journal of Digital Convergence
• /
• v.12 no.6
• /
• pp.289-295
• /
• 2014

Intrusion detection system is a means of security that detects abnormal use and illegal intension in advance in real time and reenforce the security of enterprises. Performance of intrusion detection system is judged by information collection, intrusion analysis, intrusion response, review and protection of intrusion detection result, reaction, loss protection that belong to the area of intrusion detection. In this paper, we developed a evaluation model based on the requirements of intrusion detection system and ISO international standard about software product evaluation.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.917-928
• /
• 2004

Common Criteria as ISO/IEC 15408 is used to assure and evaluate IT system security. As the Prime class of security assurance requirement, CM Configuration Management needs the more principled quality activities and practices for developer must be supported. So in this paper, we propose the well-defined CM method as guideline for TOE developer based on Process model including common criteria and develop the CMPET a quantitative process evaluating tool for CM using checklist. It can support useful process analyzing data to developer, evaluator and user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.179-192
• /
• 2024

macOS presents challenges for memory data acquisition due to its proprietary system architecture, closed-source kernel, and security features such as System Integrity Protection (SIP), which are exclusive to Apple's product line. Consequently, conventional memory acquisition tools are often ineffective or require system rebooting. This paper analyzes the status and limitations of existing memory forensics research and tools related to macOS. We investigate methods for memory acquisition and analysis across various macOS versions. Our findings include the development of a practical memory acquisition and analysis process for digital forensic investigations utilizing OSXPmem and dd tools for memory acquisition without system rebooting, and Volatility 2, 3 for memory data analysis.

• Journal of Digital Contents Society
• /
• v.18 no.4
• /
• pp.707-712
• /
• 2017

As the amount of data increases exponentially, the recommender system is attracting interest in various industries such as movies, books, and music, and is being studied. The recommendation system aims to propose an appropriate item to the user based on the user's past preference and click stream. Typical examples include Netflix's movie recommendation system and Amazon's book recommendation system. Previous studies can be categorized into three types: collaborative filtering, content-based recommendation, and hybrid recommendation. However, existing recommendation systems have disadvantages such as sparsity, cold start, and scalability problems. To improve these shortcomings and to develop a more accurate recommendation system, we have designed a recommendation system as a factorization machine using actual online product purchase data.

• The Journal of Society for e-Business Studies
• /
• v.19 no.3
• /
• pp.1-21
• /
• 2014

Personal information is a requisite for financial transactions as well as a core asset of financial companies. However, as a side effect of the information society, personal information infringements have emerged as significant social risks, causing realized loss to individuals and companies. This study analyzes results of financial and emotional loss in terms of consumer loss and also presents usefulness of insurance in order to minimize such actual damages as a means of risk transfer. In addition, this study investigates components and premium calculation principles of compensation insurance against personal information invasion and finally presents policies to activate these insurance product. As a method of risk management, insurance not only is a useful tool to guarantee consumer protection and companies' financial soundness simultaneously but also provides a basis of quantitative measurement of IT risks.

• Journal of electromagnetic engineering and science
• /
• v.6 no.4
• /
• pp.244-252
• /
• 2006

A block Jacket transform and. its block inverse Jacket transformn have recently been reported in the paper 'Fast block inverse Jacket transform'. But the multiplication of the block Jacket transform and the corresponding block inverse Jacket transform is not equal to the identity transform, which does not conform to the mathematical rule. In this paper, new binary block Jacket transforms and the corresponding binary block inverse Jacket transforms of orders $N=2^k,\;3^k\;and\;5^k$ for integer values k are proposed and the mathematical proofs are also presented. With the aid of the Kronecker product of the lower order Jacket matrix and the identity matrix, the fast algorithms for realizing these transforms are obtained. Due to the simple inverse, fast algorithm and prime based $P^k$ order of proposed binary block inverse Jacket transform, it can be applied in communications such as space time block code design, signal processing, LDPC coding and information theory. Application of circular permutation matrix(CPM) binary low density quasi block Jacket matrix is also introduced in this paper which is useful in coding theory.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.