• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.769-778
• /
• 2003

XKMS(XML Key Management Specification), one of XML Security specification, defines the protocol for distributing and registering public keys for verifying digital signatures and enciphering XML documents of web service applications with various and complicate functions. In this paper, we propose XML Key Information protocol service model and implements reference model of protocol component based on standard specification. Also describes the analysis and security method of Key Information Service(XKIS) for Secure XML Web Service,paying attention to the features of XML based security service. This protocol component supported includes public key location by given identifier information, the binding of such keys to edentifier information. This reference model offers the security construction guideline for future domestric e-Business Frameworks.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.99-101
• /
• 2019

본 논문에서는 기존에 제공 되고 있는 애플리케이션의 기능을 향상시켜 새로운 애플리케이션을 제안한다. 해마다 시작되는 학기에 따라 학생들은 전공 서적을 사야하고 한 학기 평균으로 2~4권의 교재 구매한다. 전공 서적의 평균 가격은 서적 당 2만원이 넘는 가격으로서 학생들에겐 부담이 되는 가격이다. 최근에 부상하고 있는 '애브리타임'이라는 애플리케이션은 각 대학교별 정보를 공유하거나 커뮤니케이션이 가능한 애플리케이션이다. 해당 애플리케이션은 '책방'이라는 서비스를 통해 교내에 있는 학생들 간에 중고서적을 거래할 수 있는 서비스를 제공한다. '책방'서비스는 전공 서적뿐만이 아닌 교양서적, 타 학부 전공서적 등 다양한 서적을 구매할 수 있으나 사용자가 필요한 전공서적을 한 눈에 확인하는데 어려움이 있다. 따라서 누구나 쉽게 이용할 수 있고 직관적으로 원하는 서적을 찾거나 구매할 수 있게 쉬운 UI구성의 애플리케이션과 언제 어디서나 접근이 가능하고 정보의 보안이 높은 클라우드 서비스를 융합하여 사용자들의 편의성을 높이고 다양한 카테고리 구성을 통해 교내에 편리한 커뮤니케이션과 정보를 공유할 수 있는 애플리케이션을 개발한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.490-492
• /
• 2004

웹 서비스는 최근 가장 주목받고 있는 기술 중 하나이다 오늘날 웹 서비스는 간단한 데이터 공유에서부터 대규모의 인터넷 판매 및 통화 교환. 애플리케이션 통합 시나리오의 범주까지 다양한 분야에서 전개되고 있다 또한 웹 서비스는 모바일, 디바이스, 그리드 시나리오 등에도 적용되고 있다. 현재 웹서비스는 이기종간에 구축된 서비스를 통합하고 호환시키는데 많은 중점을 두고 있다. 설기서 반드시 필요한 부분이 이기종 간의 인증 부분이다 서로 다른 시스템에 접근하기 위해서 사용자는 여러 번의 인증절차를 거쳐야 한다. 본고에서는 사용자의 인증절차를 통합하고, 접근 권한에 대한 제어를 위해 WS-Security의 표준안에 포함된 보안 토큰을 이용한 통합 인증 모델을 제시하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.132-138
• /
• 2012

Existing network layer firewall security support is one that does not support the higher layer, the application layer of a vulnerable web application security. Under these circumstances, the vulnerability of web applications to be able to defend a Web Application Firewall is positioned as a solver to solve the important security issues of businesses spotlighted in the next generation of security systems, and a very active market in the market other than domestic is expected to be formed. However, Firewall Web has not yet proposed a standard which can be used to test the performance of the Web Application Firewall Web Application Firewall and select the products of trust hardly Companies in BMT conduct their own individual problems and the cost of performance testing technologies, there is a limit. In this study, practically usable BMT model was developed to evaluate the firewall vendor. Product ratings ISO / IEC 9126, eight product characteristics meet the performance and characteristics of a web application firewall entries are derived. This can relieve the burden on the need to be evaluated in its performance testing of Web firewall, and can enhance the competitiveness of domestic-related sectors, by restoring confidence in the product can reduce the dependence on foreign products.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.753-762
• /
• 2021

WebAssembly(WASM) is a low-level instruction format that can be run in a web environment. Since WASM has a excellent performance, various web applications use webassembly. However, according to our security analysis WASM has a security pitfall related to control flow integrity (CFI) for indirect calls. To address the problem in this paper we propose a new code instrumentation scheme to protect indirect calls, named WACFI. Specifically WACFI enhances a CFI technique for indirect call in WASM based on source code anlysis and binary instrumentation. To test the feasibility of WACFI, we applied WACFI to a sound-encoding application. According to our experimental results WACFI only adds 2.75% overhead on the execution time while protecting indirect calls safely.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.278-281
• /
• 2018

The early Web technology was to show text information through a browser. However, as web technology advances, it is possible to show large amounts of multimedia data through browsers. Web technologies are being applied in a variety of fields such as sensor network, hardware control, and data collection and analysis for big data and AI services. As a result, the standard has been prepared for the Internet of Things, which typically controls a sensor via HTTP communication and provides information to users, by installing a web browser on the interface of the Internet of Things. In addition, the recent development of web-assembly enabled 3D objects, virtual/enhancing real-world content that could not be run in web browsers through a native language of C-class. Factors that evaluate the performance of existing Web applications include performance, network resources, and security. However, since there are many areas in which web applications are applied, it is time to revisit and review these factors. In this thesis, we will conduct an analysis of the factors that assess the performance of a web application. We intend to establish an indicator of the development of web-based applications by reviewing the analysis of each element, its main points, and its needs to be supplemented.

• Journal of Korea Multimedia Society
• /
• v.14 no.2
• /
• pp.153-170
• /
• 2011

OMTP (Open Mobile Terminal Platform) is a global forum made by telecommunications providers to promote user-oriented mobile services and data business. Devised by OMTP, BONDI is a browser-based application or a mobile web run-time platform to help widgets make good use of functions of mobile devices in a secure way. BONDI enables applications programmed with web standard technologies such as HTML, JavaScript, CSS, and AJAX to reach the internal functions of mobile devices. Since BONDI, which is not just a simple network application, can reach the internal resources of devices in standard ways, it enables the application and widgets to be developed regardless of tile OS or platform. Web browser-based widgets are vulnerable to the network environment, and their exeeution speed can be slowed as the operations of the widgets or applications become heavy. However, those web widgets will be continuously used thanks to the user-friendly simple interface and the faster speed in using web resources more than the native widgets inside the device. This study suggested a method to effectively operate and manage the resource of OMTP BONDI web widget and then provided an improved result based on a running performance evaluation experiment. The experiment was carried to improve the entire operating time by enhancing the module-loading speed. In this regard, only indispensable modules were allowed to be loaded while the BONDI widget was underway. For the purpose, the widget resource list, able to make the operating speed of the BONDI widget faster, was redefined while a widget cache was employed. In addition, the widget box, a management tool for removed widgets, was devised to store temporarily idle widgets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1893-1896
• /
• 2003

최근 XML이 웹 상에서 광범위하게 사용되어지면서 XML 관련 기술들의 눈부신 발전 중에 특히, XML 보안관련 기술들이 대형 벤더들의 활발한 참여로 급속히 발전되어지고 있다. 클라이언트 측면에서 전통적인 PKI 기반 구조의 전문적인 면과 복잡성의 배제가 가능한 XKMS 기술을 이용해 클라이언트 애플리케이션 사이에 신뢰적인 관계구축이 용이해졌다. 본 논문에서는 XML 전자서명/암호화, XKMS 등과 같은 XML 보안관련 기술을 이용하여 XKMS 웹 서비스 시스템을 설계하고 구현하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.706-709
• /
• 2011

모바일 네트워크 고도화 및 네트워크와 단말기의 비약적인 발전으로 모바일 기기의 보급이 확산되고, 시장의 경쟁 본격화에 따른 개방형 플랫폼 증가와 애플리케이션 및 모바일 웹의 활성화가 이뤄지고 있다. 또한 모바일 환경에서의 개발이 표준화 되어가면서 제작 및 배포가 용이해지고 있다. 이러한 환경적인 영향으로 모바일 웹 및 어플리케이션에 대한 보안 위협은 더욱 가중되고 있으며 공격의 규모 및 피해가 증가될 것으로 예상된다. 본 논문에서는 이러한 모바일 환경에서 인증 보안을 강화하기 위해 인증 서비스에 위치정보를 활용하는 방안을 제안하고 개인별로 특화된 인증에 관련된 LBS(Location-Based Service)를 제공할 수 있는 시스템을 구현한다. 이 시스템의 구현을 통해 사용자 위치에 따라 인증 유효성 여부를 체크함으로써 현재의 인증시스템에서 신뢰성과 유효성을 추가적으로 확보 할 수 있음을 증명하고 구체적인 활용 방안을 제안한다.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.