• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.687-699
• /
• 2021

When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

• Journal of Korean Elementary Science Education
• /
• v.41 no.4
• /
• pp.701-724
• /
• 2022

In this study, the Nature of Science (NOS) instrument for elementary school students in the form of open questionnaires was developed specifically to reveal elementary school students' perceptions of the NOS, and its validity and effectiveness were investigated. To develop a NOS instrument for elementary school students, problems that may occur when applying the existing NOS instruments to elementary school students were analyzed and based on this, the development direction of the NOS instrument was established. In addition, after selecting seven NOS types suitable for the level of elementary school students, the preliminary instrument was produced by modifying and supplementing the items in the existing instruments for each type or by developing new items. Finally, the NOS instrument consisting of eight questions was developed by adding one question asking for a comprehensive understanding of science to seven questions related to each type of NOS after a content validity test of the science education expert group. To verify the practical effect of the developed instrument, pre- and post-tests were conducted on 50 students in two classes of sixth grade at two elementary schools in Seoul: 'existing instrument → development instrument' in one class, and 'development instrument → existing instrument' in the other class. The collected data were then compared and evaluated through summary content analysis and analyzed by executing the Wilcoxon signed-rank test. As a result of comparing and analyzing students' responses to the existing NOS instrument and the developed NOS instrument, students' perspectives on the NOS were more diverse when using the developed instrument, and the level of error in the response caused by misinterpreting the intention of the question was reduced. In addition, when using the developed instrument, the responses of the majority of students at a statistically significant level changed more specifically. In this study, the implications for the development of NOS instruments suitable for elementary school students were discussed based on these results.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.425-433
• /
• 2014

The utilization of robots in programming education students the interest and motivation of learning. But at the same time the robot is required that understanding of the structure and understand the internal program(programming). So what problems are caused by error or if the student has difficulty identifying. The purpose of this study is the use of simulation tool in robot programming education possibilities will want to see. Elementary school students to analyze the possibility of non-simulation tool and simulation tool was applied. And usability evaluation and simulation tool, the survey recognized the potential of the education were analyzed. As a result, the usability of between simulation tool and non-simulation tool and there was no difference. And student can preview the results of programming and simulation tool can easily identify errors for recognizing the positive respectively. Based on this results, simulation tool can be utilized in robot education.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 2005.12a
• /
• pp.97-109
• /
• 2005

노인 인구의 급격한 증가와 인터넷을 통한 정보획득의 보편화로 인하여 웹 접근성의 중요성이 부각되고 있다. 웹 접근성이란 "경제적, 지역적, 신체적, 사회적 한계로 인해 정보서비스를 받기 어려운 자들에 대한 정보 통신망의 자유로운 접근과 이용" 을 의미한다 정부기관이 선도하여 웹사이트를 통해 보다 편리하고 좋은 서비스를 국민에게 제공하려는 전세계적인 노력에도 불구하고 장애인이나 노인들에게는 아직도 웹사이트의 접근이 용이하지 못한 실정이다. 이는 웹 접근성의 문제를 발생시키는 근본 원인 중 하나인 웹 접근성(Web Accessibility)에 대한 개념 이해 및 현재 사용되는 웹사이트의 접근성 만족 유무를 정확하게 평가할 수 있는 평가 방법의 부재에 기인한다. 현재까지 웹 접근성 평가는 표준 평가항목인 W3C의 웹 접근성 지침(Web Contents Accessibility Guideline 1.0, 이하 WCAG 1.0)을 기반으로 만들어진 자동화 평가도구를 이용하여 대부분 이루어져 왔다. 자동차 평가도구를 이용한 웹 접근성 평가 방법은 평가가 용이하고 평가결과의 정량화로 인해 연구의 객관성을 높일 수 있다는 장점이 있다. 그러나 선행연구와 실험을 통해 자동화 평가도구의 문제점이 지적되고 있다. 예를 들어 전문가가 직접 스크린 리더를 통해 계산한 접근성 오류와 자동화 도구가 계산한 접근성 오류와는 많은 차이를 보이고 있다. 기존 연구에서는 자동화 평가도구의 문제점을 보완하기 위해 전문가가 직접 평가하는 매뉴얼 평가방식과의 병행을 제시하고 있으나, 근본적인 문제점을 해결하고 이를 개선할 수 있는 연구가 필요하다. 따라서 본 연구에서는 "한국형 웹 콘텐츠 접근성 지침(TTAS.0T-10.0003)"을 기본으로 하여 "EuroAccessibilty Consortium" 에서 고려하고 있는 "testable statement" 으로 통합 보안한 접근성 체크항목의 재구성과 함께 "자연어 처리" 알고리즘을 적용하여 자동화 평가도구의 개선 방안을 제시한다. 아직까지 제시된 개선방안의 적용 및 검증이 이루어지지 않아 한계점을 가지고 있으나 자동화 평가도구의 개선방안에 대한 제안은 향후 연구의 기초자료로 활용 가능할 것이며 많은 후속연구를 유발할 것으로 기대한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.51-59
• /
• 2007

Software testing is the process of analyzing a software item to detect the differences between existing and required conditions and to evaluate the features of the software item. A traditional testing focuses on proper functionality, not security testing. Fuzzing is a one of many software testing techniques and security testing. Fuzzing methodology has advantage that low-cost, efficiency and so on. But fuzzing has defects such as intervening experts. Also, if there is no specification, fuzzing is impossible. ROAD Tool is automated testing tool for RPC(Remote Procedure Call) based protocol and software without specification. Existing tools are semi-automated. Therefore we must modify these tools. In this paper, we design and implement ROAD tool. Also we verify utility in testing results.

• Korean Journal of Heritage: History & Science
• /
• v.46 no.4
• /
• pp.64-77
• /
• 2013

In China, archaeological research on Xiongnu started later than in foreign countries. In the late $19^{th}$ century, several Russian archaeologists started to study Xiongnu's archaeological culture. However, since the late $20^{th}$ century, archaeological research of the Xiongnu in China quickly gained speed. The Xiongnu culture has been reported in Mongolia, northern steppe of China and eastern part of Eurasian steppe. Mainly, Xiongnu sites, dated from the late 2nd century B.C. to the 1st century A.D., are reported on the west side of Baikal Lake(Zabaikal), Mongolia and the Inner Mongolia of China. Based on the historical records and the archaeological remains, the North Xiongnu culture is defined to be the remains of Zabaikal, and the South Xiongnu culture the archaeological remains of Northern China. The expelled North Xiongnu, while fleeing to the western part of Eurasia, left traces of their own archaeological remains in southern Kazakhstan, Xinjiang of China, Altai, and finally appeared in the Europe as Huns. In order to adapt to the environment of northern steppe of China, Xiongnu used a nomadic economic system, giving uniqueness to its iron works. The most characteristic iron works of the Xiongnu is the highly-sophisticated iron weapons. Compared with the iron works of agricultural economic society, Xiongnu iron-works are short of production tools and various vessels. The "Nomadic type" iron works found in Xiongnu area date back to the Warring Country period or slightly later. Further research need to be conducted on "Nomadic type" Xiongnu iron works.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.115-121
• /
• 2005

In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.11a
• /
• pp.523-526
• /
• 2006

소프트웨어 프로세스 개선에 대한 원리와 방법은 CMM/CMMI 와 같은 프로세스 모델의 등장으로 인식하였으나 개인과 팀 차원에서 이를 구체적으로 구현하기 위한 운영적 차원의 절차와 수단의 부족으로 실제현상에 적용하여 성과를 창출하기에는 어려움을 겪어왔다. 이러한 문제를 해결하고 개발자와 개발팀의 차원에서 CMM/CMMI 의 목표와 프랙티스를 구현하기 위해 SEI(Software Engineering Institute)에 의해 PSP/TSP 가 개발되었다. 그러나 RSP 가 팀 차원에서 스프트웨어 개발에 사용할 수 있는 구체적인 기법들을 기술하고 있더라고 RSP 에서 수집되는 메트릭에 대한 분석기법은 여전히 부족하다. 따라서 TSP 수행시 발생할 수 있는 문제를 방지하고 프로세스가 변경되고 유지 관리될 수 있도록 하기 위해서는 식스시그마의 다양한 통계 기법과 의사 결정도구의 사용이 필요하다. 본 논문에서는 TSP 의 각 스크립트에 식스시그마의 통계 기법과 의사 결정도구를 포함 시킴으로써 TSP를 확장한 식스시그마-TSP 통합 프레임워크와 활용 가이드라인을 제시함으로써 팀 차원에서의 프로세스 개선의 수행을 지원하며 팀 차원에서 발생할 수 있는 이슈를 식스시그마의 분석, 정량화 도구를 사용하여 해결하고 아울러 팀 성과를 향상할 수 있는 방법을 모색해본다.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.46 no.11
• /
• pp.961-968
• /
• 2018

Airborne display systems provide pilots with a variety of information needed to operate aircraft. Software faults in the display system can seriously affect the operation of the aircraft, because it can provide inaccurate information to the pilot. Therefore, the software faults are identified and eliminated through ground testing and flight testing. This paper presents an analysis tool called FDR (flight data replay) for flight test of airborne display software. This tool works in real time with the mission computer of aircraft. Also, the tool reproduces the functional error conditions that appear in the display systems by applying flight test data to the display software.

• Journal of Digital Convergence
• /
• v.18 no.6
• /
• pp.335-344
• /
• 2020

This study was to develop a screening tool to identify the pregnant women who are required to have a concrete checkup or education about preterm birth. The items for the screening tool were drafted from literature review and the result of interviews with women who are hospitalized after preterm delivery based on the biopsychosocial framework. The validity and reliability of the items was performed after the content validity and the pilot survey. The screening tool for the risk of preterm birth in pregnant women was consisted of two parts. One was consisted of 9-items for the biomedical risks and another one was consisted of 17-items for the psycho-physical risks. The screening tool for the risk of preterm birth in pregnant women reveals valid and reliable. It could be applied to identify the pregnant women who have some risks of preterm birth.