• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.93-101
• /
• 2016

As the Android smart phones become more popular, applications that handle users' personal data such as IDs or passwords and those that handle data directly related to companies' income such as in-game items are also increasing. Despite the need for such information to be protected, it can be modified by malicious users or leaked by attackers on the Android. The reason that this happens is because debugging functions of the Linux, base of the Android, are abused. If an application uses debugging functions, it can access the virtual memory of other applications. To prevent such abuse, access controls should be reinforced. However, these functions have been incorporated into Android O.S from its Linux base in unmodified form. In this paper, based on an analysis of both existing memory access functions and the Android environment, we proposes a function that verifies thread group ID and then protects against illegal use to reinforce access control. We conducted experiments to verify that the proposed method effectively reinforces access control. To do that, we made a simple application and modified data of the experimental application by using well-established memory editing applications. Under the existing Android environment, the memory editor applications could modify our application's data, but, after incorporating our changes on the same Android Operating System, it could not.

• Korean Journal of Soil Science and Fertilizer
• /
• v.36 no.3
• /
• pp.163-179
• /
• 2003

Multifunctionality of agriculture which is not traded on the market now has been an important international issue in that it environmental and public benefits. We carried out to modify and to update the function of upland farming on flood prevention and fostering water resources. Economic values of environmental benefits were evaluated by replacement cost methods. Models to evaluate the function of preventing flood were selected as: (1)precipitation(flood-inducing) - runoff(A), (2) soil depth ${\times}$ soil air phase, (3) precipitation (flood-inducing) - runoff(B), (4) soil depth ${\times}$ effective porosity of soil. Models to estimate the function of fostering water resources were (1) saturated hydraulic conductivity (Ks) ${\times}$ duration of saturation(days) ${\times}$ (1-ratio of water flow directly into river), (2) precipitation ${\times}$ ratio of water fostered by rain resources ${\times}$ (area of upland/total land area), and (3) soil water retention quantity(under standing crop or tree) - SWRQ(in bare soil). Function of preventing flood was $883Mg\;ha^{-1}$ of water per year and 645 million Mg for the whole upland area. Function of fostering water resources was $94.1Mg\;ha^{-1}$ of water per year and 69 million Mg for the whole upland area. The value of flood-preventing function evaluated by replacement cost methods was estimated 1,428 billion won per year as compared to the cost for dam construction. The value of water resource fostering were estimated 8.6 billion won in the price of living water.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.407-415
• /
• 2013

Recently, Interest variety of IT services and computing resources are increasing. As a result, the interest in the security of cloud environments is also increasing. Cloud environment is stored that to provide services to a large amount of IT resources on the Cloud. Therefore, Cloud is integrity of the stored data and resources that such as data leakage, forgery, etc. security incidents that the ability to quickly process is required. However, the existing developed various solutions or studies without considering their cloud environment for development and research to graft in a cloud environment because it has been difficult. Therefore, we proposed wire-wireless integrated Security management Model in cloud environment.

• Journal of the Korean Data and Information Science Society
• /
• v.23 no.5
• /
• pp.961-970
• /
• 2012

To evaluate companies that participated in the defense R&D project, 27 variables are chosen through literature survey, feature analysis of defense R&D and interviews with military experts. 17 variables are selected after factor analysis which is applied to reduce the number of variables and to detect structure in the relationships among variables, that is to classify variables using Likert-type scales. And then 17 variables are prioritized by AHP (analytic hierarchy process) method. It is shown that communication skill & cooperation strategy, level of technology, possession of needs technology have high priorities. However, protection plan of technology leakage, expertise of subcontractors, software development plan have low priorities.

• Journal of Internet Computing and Services
• /
• v.16 no.3
• /
• pp.13-20
• /
• 2015

This paper proposes a Near Field Communication (NFC) communication system that exchanges information of digital business cards efficiently for many to many communication to solve inconvenience of one-to-one communication when people exchanges business cards each other in meetings such as conference, forum, seminar. The proposed system can provide people to exchange contact information one-to-one as well as multiple members at once using a digital business card system that consists a server and a database based on NFC communication. The system has been developed to collect business card information from a NFC reader and to transfer it directly to a smartphone application effectively. The system can manage business card information with the application effectively and provide security in order to prevent from leakage of private information when transferring contact data.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.19-24
• /
• 2016

A Study on the Information Security System of Fin-Tech Business In traditional electronic commerce, there have not been severe issues of trading information through documents in paper or the closed EDI. The scale of e-commerce has increased as internet develops, however, turning to the online e-commerce, which caused a number of issues such as authentication, information forgery, and non-repudiation between the parties. To prevent conflicts from such troubles and perform the post management, security technologies are applied throughout the process of e-commerce, certificates intervening. Lately, meanwhile, FinTech has been creating a sensation around the mobile payment service. Incidents of information leakage from card corporations and hackings imply the need of securing safety of the financial service. Development and evolution of FinTech industry must be accompanied by information protection. Therefore, this research aims to inquire into the information security system of leading FinTech company in a foreign country.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.3
• /
• pp.113-120
• /
• 2012

VoIP provides voice data service using existing IP networks and has received much attention recently. VoIP service has a variety of security vulnerabilities. Types of main attacks on VoIP service are tapping/interception, DoS attacks, spam, misuse of service attacks and the like. Of these, confidential information leak because of tapping/interception has been considered as a critical problem. Encryption techniques, such as SRTP and ZRTP, are mostly used to prevent tap and intercept on VoIP media information. In general, VoIP service has two service scenarios. First, VoIP service operates within a single private network. Second, VoIP service operates between different private networks. Both SRTP and ZRTP for VoIP media information within a single private network can perform encryption. But they can not perform encryption between different private networks. In order to solve this problem, in this paper, we modify SRTP protocol. And then, we propose an encryption method that can perform encryption of VoIP media information between the different private networks.

• Information and Communications Magazine
• /
• v.31 no.5
• /
• pp.39-45
• /
• 2014

기업활동에서 IT에 대한 의존도가 증가함에 따라 기업들은 다양한 소프트웨어 및 하드웨어 플랫폼에서 제공되는 서비스들을 운영하고 있다. 서비스들이 보급, 확대되는 과정에서 새로운 보안 취약점들이 나타나고, 이들 취약점을 악용한 기업정보의 유출 및 해킹 등 보안사고의 발생도 비례하여 증가하고 있다[1]. 특히 다양한 유형의 사업을 운영하는 지주회사 또는 대기업 그룹사의 경우, 사업영역별로 운영 중인 IT 인프라의 보안 취약점이 네트워크로 연결된 타 사업용 IT 인프라에 대한 사이버 침해의 통로로 악용될 가능성이 있다. 이 같은 문제의 해결을 위해 기업들은 사업영역 별로 보유한 IT 인프라의 보안 취약점 진단과 대응을 위한 솔루션들을 도입, 운영해 오고 있다. 하지만 기업의 보안 거버넌스 관점에서 보안 취약점 관리도 전사적인 보안 정책과의 연계 강화, 투자 중복의 방지, 효과적인 관리와 통제에 대한 필요성이 대두되기 시작했다. 보안 거버넌스 체계 강화에 대한 기업의 요구변화에 맞춰 보안 취약점의 통합관리를 지원하는 상용 솔루션들이 일부 출시되고 있으나 기업들이 기 운영하고 있는 개별 취약점 진단 솔루션과의 연동, 로그관리 및 기업이 요구하는 특화된 기능 구현 등의 어려움이 도입에 장애가 되고 있다. 따라서, 대기업을 중심으로 개별 보안 취약점 진단 솔루션들을 연동하여 기업보안 거버넌스를 효과적으로 지원할 수 있도록 취약점 관리업무 프로세스의 재설계와 함께 취약점 진단 통합관리 체계를 구축하고 있다[2][3][4]. 본고는 보안 취약점 관리업무의 문제점을 소개하고, 최근 대 기업을 중심으로 활발히 구축이 추진되고 있는 웹 기반의 취약 점 진단 통합관리 체계의 개념, 기능 및 운영 프로세스를 소개한다. 아울러, 기업 IT 인프라에 대한 보안 취약점 진단 데이터를 축적하여 기업 내부의 보안위험 요소를 사전예측하고, 정보보호의 투자 대비 효과(ROSI: Security Return on Investment)를 효과적으로 산정하는 인프라로서 활용 가치를 소개한다.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.731-740
• /
• 2001

Multi-distributed web cluster model expanding conventional cluster system is the cluster system which processes large-scaled work demanded from users with parallel computing method by building a number of system nodes on open network into a single imaginary network. Multi-distributed web cluster model on the structured characteristics exposes internal system nodes by an illegal third party and has a potential that normal job performance is impossible by the intentional prevention and attack in cooperative work among system nodes. This paper presents the mutual authentication protocol of system nodes through key division method for the authentication of system nodes concerned in the registration, requirement and cooperation of service code block of system nodes and collecting the results and then designs SNKDC which controls and divides symmetrical keys of the whole system nodes safely and effectively. SNKDC divides symmetrical keys required for performing the work of system nodes and the system nodes transmit encoded packet based on the key provided. Encryption packet given and taken between system nodes is decoded by a third party or can prevent the outflow of information through false message.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2023.05a
• /
• pp.7-7
• /
• 2023

국내뿐만 아니라 세계적으로도 산사태 발생에 따른 토석류 피해가 빈번하게 발생하고 있으나 아직 토석류 거동에 대한 물리적인 특성을 규명하고, 실험 등을 통한 면밀한 검토가 안 되었다. 토석류는 집중호우 시 토사 내 함수량의 증가로 인해 또는 지진, 화산 발생 시 지각 변동으로 인해 사면의 저항력이 약화되어 발생한다. 이러한 토석류는 재해를 일으키는 매우 위험한 자연 현상이며, 그 규모에 따라 하류부에 큰 피해를 발생시킬 수 있다. 국내에서 수행된 토석류 관련 연구들은 해외에서 주로 수행된 기초연구 결과를 이용한 토석류 피해 발생예측, 위험지도 작성, 토석류 방지 구조물 개발 등의 응용연구가 대부분이며 소규모 모형을 제작하여 수리실험이 진행되었다. 김기환 외(2008)은 토석류 확산형태와 흐름 속도에 대한 모형실험을 수행하였으며, 김영일과 백중철(2011)은 토석류 유동과 퇴적 특성에 대한 실험을 수행하였다. 미국의 경우 미지질조사국(USGS, U.S Geological Survey)에서 1994년부터 지금까지 100 m 길이의 대형 경사수로를 이용하여 토석류 수리모형실험을 수행하고 있으며 이를 통해 토석류의 수위, 충격력, 전파속도, 유출 후 퇴적형상 등에 대한 다양한 실험데이터를 제시하고 있다. 그러나, 현재까지 국내외 토석류 실험에 대한 표준실험방법과 기준이 정립되지 않아 실험결과의 신뢰성을 명확히 증명하기 어려운 실정이다. 토석류로 인한 가장 직접적인 피해 인자인 토석류의 충격력과 전파속도를 수리모형실험을 통해 정량적으로 파악하기 위한 시험 표준으로 시험 절차, 시험 방법 및 적정한 측정장비의 사양 등을 단체표준을 통해 제공함으로써 시험의 불확실성을 최소화하고, 명확한 프로세스에 따른 시험 결과의 신뢰성과 일관성을 확보하고자 한다. 국토교통연구인프라운영원에서는 단체표준 개발을 위한 시험기관협의체를 구성하고, 이해관계인들의 의견을 반영한 토석류 충격력과 전파속도 측정방법(안)을 2022년에 7월 작성하였으며, 현재 이해관계자들의 의견을 수렴하고 중소기업중앙회에 심의를 상정한 상태이다.