• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.43-51
• /
• 2016

Nowadays hacked using a security vulnerability in a web application, and the number of security issues on the web site at many sites due to the exposure of personal information is increasing day by day. In this paper, considering the open-source Web Application Security Project at the time of production of the website. Proposed the OWASP TOP 10 vulnerability verification method, by applying the proposed method and then analyzed for improved method and vulnerability to verify the performance of security vulnerability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.495-498
• /
• 2014

현재 무선충전은 자기유도와 자기공진 두 가지 방식이 주류를 이루고 있다. 자기유도 방식은 전력 송신부 코일에서 자기장을 발생시키면 그 자기장의 영향으로 수신부 코일에서 전기가 유도되는 전자기유도 원리를 이용한다. 자기공진 방식은 송신부 코일에서 공진 주파수로 진동하는 자기장을 생성, 동일한 공진 주파수로 설계된 수신부 코일에만 에너지가 집중적으로 전달되도록 한 기술이다. 최근에 스마트폰의 무선충전에 대해 관심이 높아지고 있으며, 많은 기업들이 무선충전을 개발하고 있다. 사용자에게 있어 편리함을 주는 무선충전이지만 보안위협이 존재하고, 이것에 대한 표준화와 보안대책요구사항은 체계적이지 않다. 이에 본 논문은 모바일기기에서 자기공진방식의 무선충전의 보안 위협과 보안요구사항을 정의해 분석하고 보안요구사항을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.711-714
• /
• 2013

구글의 안드로이드 플랫폼은 오픈 소스의 특성으로 인해 스마트 폰 제조사와 통신 사업자, 일반 사용자들의 많은 관심을 받고 있으며 2013년 2분기에는 전 세계 스마트 폰 시장에서 점유율 79.3%라는 결과를 얻게 되었다. 하지만 안드로이드의 높은 점유율만큼 안드로이드 플랫폼에 대한 공격들 또한 많아지고 있다. 이러한 공격들로부터 안드로이드 플랫폼의 보안성을 향상시키기 위해 많은 보안 기능들이 안드로이드에 탑재되고 개선되고 있지만, 보안 기능이 개선되는 만큼 새로운 보안 취약성들도 발견되고 있다. 본 연구에서는 안드로이드에서 제공하는 응용 프로그램 권한 기법에 대한 보안 취약성을 분석하고 그에 대한 향상된 보안 대책을 제안한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.6A
• /
• pp.632-641
• /
• 2007

Since the mobile node acts as the router, the Mobile Ad Hoc network requires the security methods that are different from that of network of the wire environment. Also, since the total network can't be included in the transmission area of the mobile node, when one node sends the message to the other node, we need the middle node. But if the middle node is the unreliable malicious node, we can't guarantee the secure message transmission. Also, because all nodes configuring the network are the mobile nodes, they use the restricted battery capacity and the restricted resources. Therefore, because we have trouble performing the encryption that many resources are required when we sending the message, it is vulnerable to the security than the network of the wire environment. Last, because the network topology continues to change by the mobility of nodes configuring the network, we need the security measure that matches the network characteristics. We suggest the routing attack detection for performance enhancement of AODV protocol in Mobile Ad Hoc networks.

• Science & Technology Policy
• /
• v.8 no.2 s.107
• /
• pp.55-63
• /
• 1998

• 한국정보통신설비학회:학술대회논문집
• /
• 2006.11a
• /
• pp.15-40
• /
• 2006

• Nuclear industry
• /
• v.30 no.1
• /
• pp.88-94
• /
• 2010

• Korea Petroleum Association Journal
• /
• no.3 s.37
• /
• pp.39-41
• /
• 1984

이 기사는 일본의 순간「석유정책」지로부터 발췌ㆍ요약한 것이다.(역자주)

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.73-84
• /
• 2014

As the society turns into more of an information an technology centric society, the importance of information security is being increased these days. Recently, as the number of leaking accidents of personal information and valuable industrial technology is on the rise, every field of industry endeavors to come up with a security solution. In particular, since defense industry is a field where it establishes national defense power that is essential of national security, it requires higher standards of security solutions than any other ordinary fields of industry. According to Defense Industry Security Work Instructions, defense industry firms from security organizations and employ a security worker corresponding to the firm's scale and conditions. In an environment where essential information and technology are stored and managed in information and communication system or storing media, the duty and role of IT security workers are crucial. However, there is a shortage of systematic analysis on the work of IT security workers and development of curriculum to enhance their professionalism. Thus DACUM process, a job analysis technique, was used to identify IT Security workers' duties and responsibilities and verify the validity and credibility of the deducted results from the survey. The findings of this study will help in development of IT security duty in defense industry and can be used as baseline data for the development of curriculum and amendments of related regulations.

• Proceedings of the KAIS Fall Conference
• /
• 2006.05a
• /
• pp.123-127
• /
• 2006

This paper identifies some components should be evaluated and certified to assure that IT systems are secure. Security objective of IT systems will be obtained by protecting all areas of IT systems, so not only visible parts but also non-visible parts must be protected. And for verifying all the parts of IT systems are protected, we should check the scope of evaluation and certification covers all necessary parts.