• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.83-89
• /
• 2024

After the end of the service of Internet Explorer, the use of ActiveX ended, and the Non-ActiveX policy spread. HTML5 is used as a standard protocol for web pages established based on the Non-ActiveX policy. HTML5, developed in the W3C(World Wide Web Consortium), provides a better web application experience through API, with various elements and properties added to the browser without plug-in. However, new security vulnerabilities have been discovered from newly added technologies, and these vulnerabilities have widened the scope of attacks. There is a lack of research to find possible security vulnerabilities in HTML5-applied websites. This paper proposes a model for detecting tags and attributes with web vulnerabilities by detecting and analyzing security vulnerabilities in web pages of public institutions where plug-ins have been removed within the last five years. If the proposed model is applied to the web page, it can analyze the compliance and vulnerabilities of the web page to date even after the plug-in is removed, providing reliable web services. And it is expected to help prevent financial and physical problems caused by hacking damage.

• Information and Communications Magazine
• /
• v.22 no.12
• /
• pp.134-142
• /
• 2005

현재 인터넷전화 서비스는 SIP, H.323, MEGACO/H.248 등 다양한 신호 프로토콜이 존재하고, 인터넷 프로토콜도 IPv4와 IPv6가 혼재함에 따라 인터넷전화 구축에 따른 기술적 복잡성이 지속적으로 증대하고 있다. 이러한 기술적 복잡성으로 인해 인터넷전화 서비스의 상호운용성 및 안정성이 취약하고, 관리의 복잡성과 구축${\cdot}$관리비용도 증가하고 있다. 특히, 전자정부통신망 등의 공공분야에 VoIP 도입이 본격화됨에 따라 공공분야에서의 인터넷전화 상호운용성 및 안정성 확보는 매우 시급한 사안으로 대두되고 있다. 본 원고에서는 All-IP기반 네트워크의 핵심기술인 차세대인터넷(IPv6) 환경에서 공공분야의 인터넷전화 상호운용성 및 안정성을 확보하기 위한 VoIPv6 참조모델을 제안하고자 한다. 이 참조모델은 IPv6와 VoIP 분야 전문가 30 여명의 자문 및 문헌 검토를 통해 수립되었으며, 주요내용은 신호 프로토콜, 음성패킷전송기술, VoIP 음성코텍기술, VoIP 정보보호기술 및 서비스기술 등의 구성요소, 연계기술 및 서비스 품질 확보방안 등이다. 본 원고에서 제안하는 VoIPv6 참조모델은 정부${\cdot}$공공기관의 인터넷전화구축 지침 및 가이드라인으로 활용되어 이후 공공분야의 인터넷전화 구축 프로세스를 효율화하고, 나아가 공공분야의 인터넷전화 서비스 상호운용성 확보 및 서비스 품질 제고에 크게 기여할 것으로 기대된다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06c
• /
• pp.170-174
• /
• 2010

최근 무선 인터넷에서 사용자의 위치정보가 다양한 응용의 정보 요소로 활용되기 시작하였고, 이러한 응용의 하나로 위치기반 서비스(Location-Based Service: LBS)가 주목을 받고 있다. 그러나 위치기반 서비스에서는 서비스를 요청하는 사용자가 자신의 정확한 위치 정보를 데이터베이스 서버로 보내기 때문에 사용자의 개인 정보가 노출될 수 있는 취약성을 지니고 있다. 이에 모바일 사용자가 안전하고 편리하게 위치기반 서비스를 사용하기 위한 개인 정보보호 방법이 요구되었다. 사용자의 위치 정보를 보호하기 위해 전통적인 데이터베이스에서의 개인정보 보호를 위해 사용되었던 K-anonymity의 개념이 적용되었고, 그에 따른 익명화를 수행할 수 있는 모델이 제시되었다. 하지만 기존 연구되었던 모델들은 오직 사용자의 정확한 위치 정보만을 민감한 속성으로 고려하여 익명화를 수행하였기 때문에, 이후 제시된 사용자의 프로필 정보를 고려한 모델에 대해서는 기존의 익명화만으로는 완전한 프라이버시를 보장할 수 없게 되어 추가적인 처리 과정을 필요로 하게 되었다. 본 연구는 프로필 정보를 고려한 위치기반 서비스 모델에서 Private-to-Public 질의가 주어지는 경우에 발생하는 추가적인 개인 식별의 위협에 관한 문제를 정의하고 이에 대한 해결책을 제시하며, 또한 제안 기법이 사용자 정보 보호를 보장하며 기존 방안보다 효율적임을 보인다.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2021.06a
• /
• pp.479-479
• /
• 2021

최근 기상이변으로 인한 자연재해 발생이 증가하고 있고, 그에 따라 도시의 재난 대응력 강화가 국내에서는 물론 국제적으로도 중요한 이슈가 되고 있다. 특히 쇠퇴지역은 재난재해 발생 시 인적·물적 피해가 일반 지역 보다 상대적으로 크며, 복구에도 많은 시간과 예산이 소요되므로 대응책 마련을 위한 도시재생지역의 정밀한 재난재해의 위험성 분석 기술이 필요하다. 이에 본 연구에서는 도시재생사업 대상지(311개)에 대한 재난재해 유형별 위험성 및 회복성을 종합적으로 분석하는 종합진단 기법을 개발하고, 이를 적용한 프로토타입 시스템을 개발하였다. 재난재해의 범위는 「재난 및 안전관리 기본법」을 준용하여 이에 도시재생사업 시행에 영향을 받아 재난재해 발생에 따른 위험정도가 변화할 가능성이 높은 자연재해 (폭우, 폭염, 폭설, 강풍, 지진)5종과 사회재난 (화재, 붕괴, 폭발) 3종 총 8종으로 정의하였다. 종합진단 기법은 기후변화에 관한 정부간 협의체(IPCC) 위험도 평가 방법을 준용하여 위험요소 (위해성·취약성·노출성)와 대비·대응요소 (회복성)로 구분하고, 전문가 자문회의를 거쳐 재난재해에 특히 취약한 쇠퇴지역의 특성을 반영할 수 있는 종합진단지수 산정식을 개발하였다. 또한 쇠퇴지역 재난재해 종합진단 시스템은 도시재생 업무를 수행하는 사용자가 신속히 정보를 분석하고 활용에 용이하도록 Web-GIS 기반으로 설계하였으며, 종합진단 기법에 의해 산정된 분석결과를 100m × 100m 격자 단위의 등급으로 가시화한다. 분석 결과는 지속적인 연구 개발을 통해 최적의 도시재생사업 의사결정 지원 서비스를 위한 기초 분석 자료로 연계하여 활용되며, 분석 DB는 클라우드 서비스 기반의 도시재생 데이터 플랫폼을 통해 공유된다.

• Journal of the Korean Society for Library and Information Science
• /
• v.52 no.3
• /
• pp.363-390
• /
• 2018

The libraries and social welfare centers carry out various programs for the information poor. The libraries have focused on accessing and utilizing information, while social welfare centers have centered on improving the quality of life. This study have investigated as follows. Firstly, this study examined the cooperation model between libraries and social welfare centers or librarians and social workers in public libraries in Korea and California, USA, and analyzed the international library policies and guidelines in literature review. Through the definition of terms and related concepts, we confirmed the range of the information poor in this study. Secondly, this study executed to interview librarians and social workers in Korea and USA about the way of cooperation for the information poor. These interviews have been understood the public library outreach programs in California and the program of the National Library for Children and Young Adults' Out of School Youth Reading Program (2018). Finally, this study suggested the core elements to be considered in developing a library outreach model for the information poor based on the implications derived from literature review and interviews.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.101-108
• /
• 2013

Sensor network configurations are for a specific situation or environment sensors capable of sensing, processing the collected information processors, and as a device is transmitting or receiving data. It is presently serious that sensor networks provide many benefits, but can not solve the wireless network security vulnerabilities, the risk of exposure to a variety of state information. u-Healthcare sensor networks, the smaller the sensor node power consumption, and computing power, memory, etc. restrictions imposing, wireless sensing through the kind of features that deliver value, so it ispossible that eavesdropping, denial of service, attack, routing path. In this paper, with a focus on sensing of the environment u-Healthcare system wireless security vulnerabilities factors u-Healthcare security framework to diagnose and design methods are presented. Sensor network technologies take measures for security vulnerabilities, but without the development of technology, if technology is not being utilized properly it will be an element of threat. Studies suggest that the u-Healthcare System in a variety of security risks measures user protection in the field of health information will be used as an important guide.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.7
• /
• pp.333-340
• /
• 2005

One of the most important core technologies required for the design of the ITS (Intrusion Tolerance System) that performs continuously minimal essential services even when the network-based computer system is partially compromised because of the external or internal intrusions is the quantitative dependability analysis of the ITS. In this paper, we applied self-healing mechanism, the core technology of autonomic computing to secure the protection power of the ITS. We analyzed a state transition diagram of the ITS composed of a Primary server and a backup server utilizing two factors of self-healing mechanism (fault model and system response) and calculated the availability of ITS through simulation experiments and also performed studies on two cases of vulnerability attack.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.6
• /
• pp.161-167
• /
• 2010

Social individualized broadcasting increases rapidly in an environment that combines communication and broadcasting. Real-time individualized broadcasting is a service that is provided by multiple individuals to many and unspecified persons. In contrast, newly introduced individualized broadcasting service is a service that has not been experienced socially and culturally and therefore many problems are expected. The newly emerging real-time individualized broadcasting service may bring about various dysfunctions as well as desirable functions. Establishment of guideline and its implementation based in vulnerability analysis are necessary to prevent the expected dysfunctions and reinforce the desirable functions. Therefore, the purpose of this paper is to examine dysfunctions of the information-oriented society which threaten cyber-norms, cyber-morality, cyber-dangers, cyber-democracy, etc. at the level of social individualized broadcasting service and to propose appropriate guidelines. Through this paper, first, future changes of dysfunctions of the information-oriented society due to individualized broadcasting service can be forecast, and countermeasures and policy directions can be proposed. Second, Dysfunctions of ICT-based service that may emerge in individualized broadcasting service can be forecast and correct guideline can be prepared to reduce potential dangers and increase desirable functions of the service. This paper will analyze in various aspects the characteristics of a new media with the focus on individualized broadcasting service among the new ICT-integrated services, and forecast the appearance and aggravation of the dysfunctions and then draw the guideline.