• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.3-9
• /
• 2022

The role of the integrated development environment is very important in software development of a development project. After many developers develop different modules, software product is completed through compile, debugging, integration, testing, and distribution. However, bugs and various issues in the development process cause problems such as quality deterioration of software product and dissatisfaction with requirements. So the need for automated testing to avoid these problems and improve quality has increased. In this study, we propose test automation modules of four perspectives to improve quality throughout the test automation in an integrated development environment. Each automation module operates through the tool chain of an integrated build framework implemented on the devops.

• Journal of Digital Convergence
• /
• v.13 no.3
• /
• pp.201-208
• /
• 2015

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

• Journal of Intelligence and Information Systems
• /
• v.20 no.1
• /
• pp.177-193
• /
• 2014

Over the past decade, there has been a rapid diffusion of electronic commerce and a rising number of interconnected networks, resulting in an escalation of security threats and privacy concerns. Electronic commerce has a built-in trade-off between the necessity of providing at least some personal information to consummate an online transaction, and the risk of negative consequences from providing such information. More recently, the frequent disclosure of private information has raised concerns about privacy and its impacts. This has motivated researchers in various fields to explore information privacy issues to address these concerns. Accordingly, the necessity for information privacy policies and technologies for collecting and storing data, and information privacy research in various fields such as medicine, computer science, business, and statistics has increased. The occurrence of various information security accidents have made finding experts in the information security field an important issue. Objective measures for finding such experts are required, as it is currently rather subjective. Based on social network analysis, this paper focused on a framework to evaluate the process of finding experts in the information security field. We collected data from the National Discovery for Science Leaders (NDSL) database, initially collecting about 2000 papers covering the period between 2005 and 2013. Outliers and the data of irrelevant papers were dropped, leaving 784 papers to test the suggested hypotheses. The co-authorship network data for co-author relationship, publisher, affiliation, and so on were analyzed using social network measures including centrality and structural hole. The results of our model estimation are as follows. With the exception of Hypothesis 3, which deals with the relationship between eigenvector centrality and performance, all of our hypotheses were supported. In line with our hypothesis, degree centrality (H1) was supported with its positive influence on the researchers' publishing performance (p<0.001). This finding indicates that as the degree of cooperation increased, the more the publishing performance of researchers increased. In addition, closeness centrality (H2) was also positively associated with researchers' publishing performance (p<0.001), suggesting that, as the efficiency of information acquisition increased, the more the researchers' publishing performance increased. This paper identified the difference in publishing performance among researchers. The analysis can be used to identify core experts and evaluate their performance in the information privacy research field. The co-authorship network for information privacy can aid in understanding the deep relationships among researchers. In addition, extracting characteristics of publishers and affiliations, this paper suggested an understanding of the social network measures and their potential for finding experts in the information privacy field. Social concerns about securing the objectivity of experts have increased, because experts in the information privacy field frequently participate in political consultation, and business education support and evaluation. In terms of practical implications, this research suggests an objective framework for experts in the information privacy field, and is useful for people who are in charge of managing research human resources. This study has some limitations, providing opportunities and suggestions for future research. Presenting the difference in information diffusion according to media and proximity presents difficulties for the generalization of the theory due to the small sample size. Therefore, further studies could consider an increased sample size and media diversity, the difference in information diffusion according to the media type, and information proximity could be explored in more detail. Moreover, previous network research has commonly observed a causal relationship between the independent and dependent variable (Kadushin, 2012). In this study, degree centrality as an independent variable might have causal relationship with performance as a dependent variable. However, in the case of network analysis research, network indices could be computed after the network relationship is created. An annual analysis could help mitigate this limitation.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.192-195
• /
• 2017

최근 무선 네트워크의 발달로 카페나 대학교, 지하철 등 대부분 공간에서 무선 공유기를 통해 WIFI 서비스가 제공되고 있다. 무선 공유기는 IEEE의 표준 프로토콜인 802.11을 사용하는데, 이 프로토콜의 상용화된 버전인 802.11n의 관리 프레임은 암호화되어 있지 않아 쉽게 악용될 수 있다. 이는 Rogue AP, 비밀번호 크래킹 등 다른 공격으로의 발판이 될 수 있으며 이에 따라 보안에 위협이 될 수 있다. 본 논문에서는 파이썬을 이용해 이러한 취약점에 대해 공격하는 과정을 분석하고 이를 통해 발생할 수 있는 취약점과 대책에 대해 논의할 것이다.

• Journal of the Semiconductor & Display Technology
• /
• v.22 no.1
• /
• pp.6-10
• /
• 2023

In this paper, we proposed a software framework structure to apply ORB-SLAM, the most representative of SLAM algorithms, so that map creation and location estimation technology can be applied through tethered AR glasses. Since tethered AR glasses perform only the role of an input/output device, the processing of camera and sensor data and the generation of images to be displayed through the optical display module must be performed through the host. At this time, an Android-based mobile device is adopted as the host. Therefore, the major libraries required for the implementation of AR contents for AR glasses were hierarchically organized, and spatial recognition and location estimation functions using SLAM were verified.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.21-32
• /
• 2012

We develop architecture of a virtual aggregation gateway (VAG) which enables composite application streaming based on N-Screen-as-a-Service (NaaS) using cloud computing in thin-client environment. We also discuss the problem of server computing burden in large scale multi-client case for screens sharing with composite application streaming over the internet. In particular, we propose an efficient Framework of N-Screen Session Manager which manages all media signaling that are necessary to deliver demanded contents. Furthermore, it will provides user with playback multimedia contents method (TV Drama, Ads, and Dialog etc) which is not considered in other research papers. The objectives of proposing N-Screen Session Manager are to (1) manage session status of all communication sessions (2) manage handling of received request and replies (3) allow users to playback multimedia contents anytime with variety of devices for screen sharing and (4) allow users to transfer an ongoing communication session from one device to another. Furthermore, we discuss the major security issues that occur in Session Initiation Protocol as well as minimizing delay resulted from session initiations (playback or transfer session).

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.143-157
• /
• 2008

Ubiquitous Web Services is able to be specified future Web Services technology for connecting with various application services in any device and network environments. The devices, in ubiquitous environment, have dynamic characteristic such as location and statuse. So, we must support methods of dynamic service discovery in ad-hoc network. There are many related works at transaction, security, QoS, semantic and Web Services composition with various fields. Recently, the studies are interested in the Ubiquitous by development of computing and network technology. However, they are an early stage. For this reason, in this paper, we propose a WSUN(Web Services on Universal Networks) for Ubiquitous Web Services. It is a SOA based framework. And this paper extracts necessity of WSUN environment from scenario. The framework is composed of US Broker(Universal Service Broker). It is designed for satisfying the conditions and supports dynamic service discovery using a US Registry (Universal Service Registry). Consequently. clients are able to discover and use Universal Service by protocol stack of the US Broker for Web Services. And it is a strong point which supports interoperability between heterogeneous networks.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.27-40
• /
• 2004

The OSGi service platform has several characteristics as in the followings. First, the service is deployed in the form of self-installable component called service bundle. Second, the service is dynamic according to its life-cycle and has interactions with other services. Third, the system resources of a home gateway are restricted. Due to these characteristics of a home gateway, there are a lot of rooms for malicious services can be Installed, and further, the nature of service can be changed. It is possible for those service bundles to influence badly on service gateways and users. However, there is no service bundle authentication mechanism considering those characteristics for the home gateway In this paper, we propose a service bundle authentication mechanism considering those characteristics for the home gateway environment. We design the mechanism for sharing a key which transports a service bundle safely in bootstrapping step that recognize and initialize equipments. And we propose the service bundle authentication mechanism based on MAC that use a shared secret created in bootstrapping step. Also we verify the safety of key sharing mechanism and service bundle authentication mechanism using a BAN Logic. This service bundle authentication mechanism Is more efficient than PKI-based service bundle authentication mechanism or RSH protocol in the service platform which has restricted resources such as storage spaces and operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.1019-1034
• /
• 2022

Malware attacks become more prevalent in the hyper-connected society of the 4th industrial revolution. To respond to such malware, automation of malware detection using artificial intelligence technology is attracting attention as a new alternative. However, using artificial intelligence without collateral for its reliability poses greater risks and side effects. The EU and the United States are seeking ways to secure the reliability of artificial intelligence, and the government announced a reliable strategy for realizing artificial intelligence in 2021. The government's AI reliability has five attributes: Safety, Explainability, Transparency, Robustness and Fairness. We develop four elements of safety, explainable, transparent, and fairness, excluding robustness in the malware detection model. In particular, we demonstrated stable generalization performance, which is model accuracy, through the verification of external agencies, and developed focusing on explainability including transparency. The artificial intelligence model, of which learning is determined by changing data, requires life cycle management. As a result, demand for the MLops framework is increasing, which integrates data, model development, and service operations. EXE-executable malware and documented malware response services become data collector as well as service operation at the same time, and connect with data pipelines which obtain information for labeling and purification through external APIs. We have facilitated other security service associations or infrastructure scaling using cloud SaaS and standard APIs.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.427-434
• /
• 2006

Broadband Convergence Network(BcN) is a critical infrastructure to provide wired-and-wireless high-quality multimedia services by converging communication and broadcasting systems, However, there exist possible danger to spread the damage of an intrusion incident within an individual network to the whole network due to the convergence and newly generated threats according to the advent of various services roaming vertically and horizontally. In order to cope with these new threats, we need to analyze the vulnerabilities of BcN in a system architecture aspect and classify them in a systematic way and to make the results to be utilized in preparing proper countermeasures, In this paper, we propose a new classification of vulnerabilities which has been extended from the ITU-T recommendation X.805, which defines the security related architectural elements. This new classification includes system elements to be protected for each service, possible attack strategies, resulting damage and its criticalness, and effective countermeasures. The new classification method is compared with the existing methods of CVE(Common Vulnerabilities and Exposures) and CERT/CC(Computer Emergency Response Team/Coordination Center), and the result of an application to one of typical services, VoIP(Voice over IP) and the development of vulnerability database and its management software tool are presented in the paper. The consequence of the research presented in the paper is expected to contribute to the integration of security knowledge and to the identification of newly required security techniques.