• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.7
• /
• pp.623-628
• /
• 2016

Because the log information provides some critical clues for solving the problem of illegal system access, it is very important for a system administrator to gather and analyze the log data. In a Linux system, the syslog utility has been used to gather various kinds of log data. Unfortunately, there is a limitation that a system administrator should rely on the services only provided by the syslog utility. To overcome this limitation, this paper suggests a syslog agent that allows the system administrator to gather log information for file access that is not serviced by syslog utility. The basic concept of the suggested syslog agent is that after creating a FUSE, it stores the accessed information of the files under the directory on which FUSE has been mounted into the log file via syslog utility. To review its functional validity, a FUSE file system was implemented on Linux (Ubunt 14.04), and the log information of a file access was collected and confirmed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5B
• /
• pp.478-485
• /
• 2006

In this paper, we analyze the conditions of generating the dynamic Web documents in multi-user server and propose effective method for it. PSSI technique leads to replace the complex process of modifying a CGI source program by simply correcting the HTML Web document in the external file form. This technique has the strong points of CGI, flexibility and security of programming as well as those of SSI, easiness of modifying Web documents. Due to the characteristics of PSSI that Web source documents are in the form of external file, we show that with a single CGI program an individual user can design and modify his own Web documents in his directory. This means that PSSI technique has more advantage in managing the server than the CGI method which requires CGI program to be set up whenever that service is needed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.1
• /
• pp.19-26
• /
• 2018

Recently, DDoS amplification attacks using servers that provide Microsoft Active Directory information using CLDAP protocol are increasing. Because CLDAP is an open standard application that allows a wide range of directory information to be accessed and maintained in a network, the server is characterized by its openness to the Internet. This can be exploited by the Reflector server to perform an amplification attack by an attacker. In addition, this attack can be attacked with a packet that is amplified 70 times more than the conventional UDP-based flooding attack, and it can block service to small and medium sized server. Therefore, in this paper, we propose an algorithm that can reduce the DDoS amplification attack using CLDAP server and implement the corresponding CLDAP server environment virtually, and implement and demonstrate the corresponding algorithm. This provides a way to ensure the availability of the server.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.1
• /
• pp.134-147
• /
• 1999

The DNS provides naming services which are the basis for the application of the Internet and the security of the DNS should be provided for the security of the Internet. Recently IETF proposed a method which guarantees the integrity of DNS database contents and DNS queries/replies and distributes host public keys. In this paper we describe the design and implementation of the secure DNS which is built based on the IETF proposal and extended to facilitate its sue and management. In the extended secure DNS, DNS servers are used ad the directory system in a public key infrastructure and stores/distributes user public key certificates. The Web-based management interface and security log functions are added and the extended secure DNS is being built so that new cryptographic algorithms can be easily added.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.2
• /
• pp.126-132
• /
• 2013

This study proposed a method to classify internet websites based on occurrence frequency of medical terms in the webpages and website structure composed with webpages and hyperlinks. The classification was done by using the suitability measure defined by three factors: (1)occurrence frequency of medical terms in the whole terms involved in a webpage, (2)occurrence frequency of medical terms in de-duplicated terms involved in the webpage, and (3)the number of hyperlinks to reach to a specific webpage from homepage. We conducted an experiment to verify the proposed method with the 80 websites registered in directories related to medical field and 127 websites in nonmedical field directories, and the experiment result showed 82.5 % of accuracy of the classification.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.915-922
• /
• 2003

The Grid is an infrastructure to connect heterogeneous resources that are scattered over areas with high-speed network and to cooperate with each other. To support Grid applications, network resources should be managed, since the network has to be safe and reliable. The Grid Monitoring Architecture Working Group (GMAWG) of the Global Grid Forum (GGF) proposed an effective architecture to be scalable across wide-area networks and encompass a large number of heterogeneous resources. In this paper, we describe the design and implementation of Grid network monitoring system based on the GMA for practical network management. By this system, network operations center can form a management system flexibly and scalably for Grid network.

• Journal of KIISE:Software and Applications
• /
• v.33 no.11
• /
• pp.915-922
• /
• 2006

Recently, the requirements of the embedded software are getting diverse as the diversity of embedded software application fields increases. The systematic development methods are issued to deal with the dependency between hardware and software. However, the existing development methods have not considered the software's close connection to hardware and the high-level reusability for common requirements of several similar domains. In this paper, we propose a design method of development process model of product lines to support an efficient development method for embedded software. For this, we firstly suggest a domain scoping method and an IDEF0(Integration DEFinition)-based business model for extracting the efficient requirements. Next, we present a component deriving method based on the service architecture and an architecture design method after considering the hardware dependency. And we explain the artifacts of MSDFS(Multi Sensor Data Fusion System) at each design step in order to show how the proposed model can be applied to the embedded software development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.369-380
• /
• 2013

Recently, role-based distributed system models have been proposed to support adaptive interactions in ubiquitous application environment. A Role-based distributed model regards an application as an organization composed of roles, and separate players running role processes from the roles. When an application is running, it binds a role with a player, and the player runs dynamically assigned role processes provided by an application for supporting adaptability. However, there has not been much attention on researches about development and runtime environment for role-based distributed systems. In this paper we suggest an application framework as an environment for developing and executing role-base distributed systems. The application framework is divided into two parts: an organization framework to manage and construct an organization composed of roles necessary in the application, and a player framework to provide running environment for players. In this paper, we focus on the organization framework which supports the creation and management of organizations, directory service for players and allocation of players to roles, and message brokering between roles and players. The proposed framework makes developers to be able to develop highly adaptive distributed systems in the ubiquitous environment.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.1
• /
• pp.1-8
• /
• 2006

Since most CAD tool companies are carrying out very expensive license policies, designers are sharing CAD tools with a limited number of licenses within a design working or research group. It is important to share and use them efficiently, because CAD tool licenses are very valuable resources. Designers should know CAD tool license information such as available number of licenses, types, and configuration methods to use CAD tools properly in their group. Usually, this information is provided by managers who administrate CAD tool license servers in the specific design group. In the previous CAD tool licenses sharing methods, designers have to get CAD tool license information manually and setup the environments with their own hands, If a new designer comes into the design working group, the designer wastes unnecessary time and effort due to these manual processes. As a result, designer's productivity and utilization of CAD tools will decrease. Besides, managers also waste their time and effort, since they should provide CAD tool license information manually to each desiEner. In this paper, we present a more efficient scheme to share CAD tool licenses based on directory service. The proposed method automates not only the communication processes between managers and designers, but also the license configuration steps. We expect this scheme will reduce time and effort of designers and managers as well as enhance the utilization of CAD tools.