Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.6.135

The Threat Analysis and Security Guide for Private Information in Web Log  

Ryeo, Sung-Koo (Graduate School of Information Management and Security CIST, Korea University)
Shim, Mi-Na (Graduate School of Information Management and Security CIST, Korea University)
Lee, Sang-Jin (Graduate School of Information Management and Security CIST, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.6, 2009 , pp. 135-144 More about this Journal
Abstract
This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.
Keywords
Private Information; Web Log; Threat Analysis; Security Guide;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. Stuttard and M. Pinto, The Web Application Hacker's Handbook, Wiley Publishing, Inc., pp. 38-39, Oct. 2007
2 "W3C Extended Log File Format," http://technet.microsoft.com/en-us/library/cc786596(WS.10).aspx
3 공공기관의 개인정보보호법에 관한 법률(법률 제8871호) 제1장 제2조(정의) 제2호
4 국가정보원, "2009 국가정보보호백서, 제2편 제6장 개인정보보호 활동," 2009년 4월
5 W3C, "Hypertext Transfer Protocol - HTTP/1.1," RFC 2616, June 1999. http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
6 국가정보원, "2008 국가정보보호백서, 제2편 제6장 개인정보보호 활동," 2008년 4월
7 정보통신망 이용촉진 및 정보보호 등에 관한 법률(법률 제9637호) 제1장 제2조(정의) 제1항 제6호
8 "Personal Identifiable Information," http://en.wikipedia.org/wiki/Personally_identifiable_information
9 김현수, "정보화와 개인정보보호의 현황 및 과제," 국민윤리연구, 제63호, p. 177, 2006년 5월
10 "Apache HTTP Server Log Files," http://httpd.apache.org/docs/2.2/logs.html
11 정보통신망 이용촉진 및 정보보호 등에 관한 법률 제4장 제2절 28조(개인정보의 보호조치)
12 정보통신부, "정보시스템운영 보안-로그-개발가이드," 정보통신부고시 제2006-37호, 2006년 9월
13 W3C, "RFC 2612 - 15 Security Considerations," http://www.w3.org/Protocols /rfc2616/rfc2616-sec15.html