• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.719-728
• /
• 2019

Recently, there has been a growing market for shared mobility businesses that share 'transport' such as cars and bikes, and many operators offer a variety of services. However, if the fare can not be charged normally because of security vulnerability, the operator can not continue the business. So there should be no security loopholes. However, there is a lack of awareness and research on shared mobility security. In this paper, we analyzed security vulnerabilities exposed in application log of shared bike service in Korea. We could easily obtain the password of the bike lock and the encryption key of the AES-128 algorithm through the log, and confirmed the data generation process for unlocking using software reverse engineering. It is shown that the service can be used without charge with a success rate of 100%. This implies that the importance of security in shared mobility business and new security measures are needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.121-134
• /
• 2009

Consumer-centric marketing business is surely one of the most successful emerging business but it poses a threat to personal privacy. Between the service provider and the user there are many contrary issues to each other. The enterprise asserts that to abuse the privacy data which is anonymous there is not a problem. The individual only will not be able to willingly submit the problem which is latent. Web traffic analysis technology itself doesn't create issues, but this technology when used on data of personal nature might cause concerns. The most criticized ethical issue involving web traffic analysis is the invasion of privacy. So we need to inspect how many and what kind of personal informations being used and if there is any illegal treatment of personal information. In this paper, we inspect the operation of consumer-centric marketing tools such as web log analysis solutions and data gathering services with web browser toolbar. Also we inspect Microsoft explorer-based toolbar application which records and analyzes personal web browsing pattern through reverse engineering technology. Finally, this identified and explored security and privacy requirement issues to develop more reliable solutions. This study is very important for the balanced development with personal privacy protection and web traffic analysis industry.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.99-109
• /
• 2018

Tampering involves illegally removing technologies from a protected system through reverse engineering or developing a system without proper authorization. As tampering of a weapon system is a threat to national security, anti-tampering measures are required. Precedent studies on anti-tampering have discussed the necessity, related trends, application cases, and recent cybersecurity-based or other protection methods. In a domestic situation, the Defense Technology Protection Act focuses on how to prevent technology leakage occurring in related organizations through personnel, facilities and information systems. Anti-tampering design needs to determine which technologies are protected while considering the effects of development cost and schedule. The objective of our study is to develop methods of how to select target technologies and determine counter-measures to protect these technologies. Specifically, an evaluation matrix was derived based on the risk analysis concept to select the protection of target technologies. Also, based on the concept of risk mitigation, the classification of anti-tampering techniques was performed according to its applicability and determination of application levels. Results of the case study revealed that the methods proposed can be systematically applied for anti-tampering in weapon system development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.4
• /
• pp.932-940
• /
• 1999

Object-oriented programming is often touted as promoting software reuse. However it is recognized that objected-oriented software often need to be restructured before it can be reused. refactoring is the process that changes the software structure to make it more reusable, easier to maintain and easire to be enhanced wit new functionalities. This paper desirbes experience gained and lessons learned from restructuring OODesigner, a Computer Aided Software Engineering(CASE) tool that supports Objects Modeling Technique(OMT). this tool supports a wide range of features such as constructing object modeler of OMT, managing information repository, documenting class resources, automatical generating C++ and java code, reverse engineering of C++ and Java cod, searching and reusing classes in the corresponding repository and collecting metrics data. although the version 1.x was developed using OMT(i.e the tool has been designed using OMT) and C++, we recognized that the potential maintenance problem originated from the ill-designed class architecture. Thus this version was totally restructured, resulting in a new version that is easier to maintain than the old version. In this paper, we briefly describe its restructuring process, emphasizing the fact that the Refactoring of the tool is conducted using the tool itself. Then we discuss lessons learned from these processes and we exhibit some comparative measurements of the developed version.

• Journal of KIISE:Software and Applications
• /
• v.28 no.3
• /
• pp.224-238
• /
• 2001

본 논문은 ATM(Abstract Timed Machine)으로 명세된 실시간 시스템을 검증하기 위한 방법을 기술한다. ATM은 임무 위급 시스템인 실시간 시스템을 명세, 분석, 검증하기 위한 정형기법이다. ATM은 모드와 전이, 포트로 구성되어 있으며 모드는 머신의 압축된 상태를 표현한다. 전이는 하나의 모드에서 다른 모드로의 전환을 나타내며 조건과 이벤트로 구성되어 있다. 포트는 ATM간의 상호작용을 위한 진입을 표현한다. 다른 정형기법과 비교하여 ATM은 소프트웨어의 순환공학 과정에서 사용하기 위해 설계되었다. 역공학 측면에서 볼 때 ATM은 계산 논리뿐만 아니라 실시간 시스템의 실제 소스코드에 있는 설계나 환경정보를 표현할 수 있다. 이러한 목적을 위해 ATM의 모드는 계산모드, 추상화 모드, 주제모드로 구분된다. 계산 모드는 코드 상에서의 논리와 계산을 나타내며 추상화 모드는 모드와 전이의 블록을 하나의 ATM으로써 표현한다. 대개의 경우, 이것은 코드 상에서의 블록을 ATM내 하나의 모드로 나타낼 때 사용한다. 주제 모드는 예외나 주기적 동작 등과 같은 다수의 ATM의 주제를 표현한다. 실시간 시스템을 검증하기 위해 시스템의 소스 코드는 역명세 과정을 통하여 ATM으로 표현된다. 검증은 ATM에 대한 도달성 그래프를 생성하는 것에 의해 수행된다. 도달성 그래프는 상태와 시간을 추상화되고 압축된 형태로 표현할 수 있으며 그 결과 시간 속성을 지닌 상태 공간을 감소시킬 수 있다. 또한 시스템의 교착상태를 쉽게 발견할 수 있다. 본 논문은 ATM과 실행 모델, 도달성 그래프, 검증을 위한 속성 등을 기술하며 이들을 다른 정형 방법들과 예제를 통하여 비교한다.수 있다. 모피우스는 헤더나 광고와 같은 불필요한 정보들을 제거하는 별도의 단계를 거치지 않으므로 wrapper를 빠르게 생성한다. 궁극적으로 모피우스는 새로운 웹 상점을 사용자가 자유롭게 추가, 삭제할 수 있는 환경을 제공한다.X>와 반응시킬 경우에는 반응식 c에 의거 진행됨을 예측할 수 있었다.의거 진행됨을 예측할 수 있었다.이 거의 산화되지 않았고, $700^{\circ}C$에서도 ZnS와 ZnO 상이 공존한 것으로 보아 SnO$_2$코팅이 ZnS의 산화를 억제하는 것으로 나타났다.pplied not only to the strike system in the RSC circle, but also to the logistics system in the SLC circle. Thus, the RSLC model can maximize combat synergy effects by integrating the RSC and the SLC. With a similar logic, this paper develops "A Revised System of Systems with Logistics (RSSL)" which combines "A New system of Systems" and logistics. These tow models proposed here help explain several issues such as logistics environment in future warfare, MOE(Measure of Effectiveness( on logistics performance, and COA(Course of Actions)

• Journal of the Korean Institute of Landscape Architecture
• /
• v.48 no.5
• /
• pp.89-106
• /
• 2020

This study examines the functionality and landscape design specifics of the outdoor space of representative commercial multi-complexes in Korea in order to overview the design trends of outdoor landscaping trends. Through surveying the composition of outdoor spaces along with their relation to the surrounding landscape, open spaces, and the neighboring communities, this paper identified the change in trends regarding the characteristics of outdoor landscape planning and acknowledged the enhanced public value of outdoor space. This study asserts that the characteristics of outdoor spaces can best be understood by examining the ways in which the outdoor space relates to adjoining commercial multi-complexes and the surrounding landscape. Focusing on the relationships that outdoor space establishes, commercial multi-complexes can be categorized as follows: in/outdoor separated type, in/outdoor semi-open type, surrounding landscape-projected type, and surrounding landscape-combined type. By studying the landscape design specifics of the outdoor space of representative cases of each type, the following has been concluded: First, the amount of outdoor space has expanded in terms of importance and function while serving to assist in various activities and participatory experiences, and no longer merely serves as a backdrop of commercial facilities. Second, with the strengthened connectivity between in/outdoor spaces, the elements of outdoor surroundings are more actively introduced indoors to improve amenities. Through directly connecting certain indoor program spaces with outdoor spaces, commercial multi-complexes tend to provide richer combined experiences. Third, with the expansion of outdoor space functionality, commercial multi-complexes are increasingly recognized as a quasi-public space, making good example of liminal space. In light of the recent case of development plans linked with public open spaces in suburban settings, commercial landscape design shows the possibility of creating an open space that can function as a center for local culture and green networks in the community.

• Journal of Korea Multimedia Society
• /
• v.1 no.2
• /
• pp.239-248
• /
• 1998

Software reengineering is making various research for solutions against problem of maintain existing system. Reengineering has a meaning of development of softwares on existing systems through the reverse-engineering and the forward-engineering. It extracts classes from existing system's softwares to increase the comprehension of the system and enhance the maintenability of softwares. Most of the important concepts used in reengineering is composition that is restructuring of the existing objects from other components. The classes and clusters in storage have structural relationship with system's main components to reuse in the higher level. These are referenced as dynamic informations through structuring an architect for each of them. The classes are created by extractor, searcher and composer through representing existing object-oriented source code. Each of classes and clusters extract refined informations through optimization. New architecture is created from the cluster based on its classes' relationship in storage. This information can be used as an executable code later on. In this paper, we propose the tools, it presented by this thesis presents a new information to users through analysing, based on reengineering, Object-Oriented informations and practicing composition methodology. These composite classes will increase reusability and produce higher comprehension information to consist maintainability for existing codes.