• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.417-437
• /
• 2022

The quality of the fuzzing seed file is one of the important factors to discover vulnerabilities faster. Although the prior seed generation paradigm, using dynamic taint analysis and symbolic execution techniques, enhanced fuzzing efficiency, the yare not extensively applied owing to their high complexity and need for expertise. This study proposed the DDRFuzz system, which creates seed files based on sequence-to-sequence models. We evaluated DDRFuzz on five open-source applications that used multimedia input files. Following experimental results, DDRFuzz showed the best performance compared with the state-of-the-art studies in terms of fuzzing efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1171-1179
• /
• 2021

Image forensic is performed to check image limpidness. In this paper, a robust scheme is discussed to detect median filtering in low quality images. Detection of median filtering assists in overall image forensic. Improved spatial statistical features are extracted from the image to classify pristine and median filtered images. Image array data is rescaled to enhance the spatial statistical information. Features are extracted using Markov model on enhanced spatial statistics. Multiple difference arrays are considered in different directions for robust feature set. Further, texture operator features are combined to increase the detection accuracy and SVM binary classifier is applied to train the classification model. Experimental results are promising for images of low quality JPEG compression.

• Review of KIISC
• /
• v.8 no.4
• /
• pp.47-62
• /
• 1998

응용체계 보안성 평가. 승인 제도는 정보시스템의 보안성에 대한 품질보증을 위한 핵심적인 수단이다. 응용체계는 동일한 구성요소로 이루어져 있다고 할지라도 운영환경과 이용목적에 따라 보안 요구사항을 달이함으로 적절한 수준의 보안성을 확보하고 있는지를 확인하는 것은 매우 중요하다. 본 연구에서는 응용체계의 보안성을 평가하기 위한 몇 가지 방법론을 절차의 측면에서 살펴보고, 평가. 승인 절차에 있어서 핵심적인 고려사항을 기술하였다.

• Review of KIISC
• /
• v.7 no.1
• /
• pp.73-88
• /
• 1997

차세대 이동통신 시스템인 FPLMTS(Future Public Land Mobile System)는 2,000년대에 전세계의 통신을 하나로 묶는 유무선 통합 이동통신 환경으로 자리 매김이 이루어질 것이다. 따라서 FPLMTS는 공중 전화망이나 종합 정보 통신망 과 같은 고정 통신망과의 호환성과 높은 품질의 다양한 서비스를 제공하게 된다. FPLMTS가 지니는 융통성과 가능성에 비해 통신 안전에 중요한 문제점을 지니게 된다. 본 고에서는 FPLMTS의 안전에 대하여 국제 표준을 중심으로 살펴보고, FPLMTS가 지녀야 할 안전 체제에 대하여 살펴본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.679-691
• /
• 2020

In the future, 5G technology will become the core infrastructure driving the 4th industrial era. For intelligent super-convergence service, it will be necessary to collect various personal information such as location data. If a person's high-precision location information is exposed by a malicious person, it can be a serious privacy risk. In the past, various approaches have been researched through encryption and obfuscation to protect location information privacy. In this paper, we proposed a new technique that enables statistical query and data analysis without exposing location information. The proposed method does not allow the original to be re-identified through polynomial-based transform processing. In addition, since the quality of the original data is not compromised, the usability of positioning big data can be maximized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.199-206
• /
• 2021

This paper describes the feasibility and reliability verification of installing a protective structure to protect attack periscopes. The attack periscope is the critical equipment of a submarine to enable the user to monitor surface and air activity, collect navigational data, and detect and identify targets. The attack periscope provides target information acquired through TV, IR camera, and laser range finder to the combat system. In the product improvement program, the upper part of the masts was exposed to the outside of the sail because the existing attack periscope was replaced with a new one. On the other hand, the head sensor can be damaged by floating objects, such as fishing nets, during sea navigation. Therefore, the installation of a protective structure for an attack periscope improved the equipment operation performance. The feasibility and reliability of the installation of the protective structure were verified by examining the influence of URN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.767-779
• /
• 2013

A field of privacy protection lacks statistical information about the current status, compared to other fields. On top of that, since it has not been classified as a concrete separate field, the related survey is only conducted as a part of such concrete areas. Furthermore, this trend of being regarded as a part of fields such as informatization, information protection and law will continue in the near future. In this paper, a novel and practical way for collecting and storing a big amout of data from 110,000 privacy policies by data controller is proposed and the real analysis results is also shown. The proposed method can save time and cost compared with the traditional survey-based method while maintaining or even advancing the accuracy of results and speediness of process. The collected big personal data can be used to set up various kinds of statistical models and they will play an important role as a breakthrough of observing the present status of privacy information protection policy. The big data concept is incorporated into the privacy protection and we can observe the method and some results throughout the paper.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.211-218
• /
• 2008

This paper studies the quality of the major domestic job information sites and compares the strong and weak points of them. The study was conducted with respect to the user satisfaction by asking job seekers and employers. Questionnaires consist of three factors: quality of information, quality of delivery, quality of environment, each factor of which contains several sub-questions. The results showed that the quality of information was the most important factor to both job seekers and job Provider. The lower job providers' satisfaction than job seekers' indicated more various services should be developed fer job providers. Specially, Personal information is not protected well enough to satisfy job seekers, so improvement plan is required. Public job information site requires as much service level as private job information sites.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1101-1103
• /
• 2010

과거 인터넷을 사용하지 않는 시스템의 경우 소프트웨어의 안전성과 강건성은 철도, 국방, 우주, 항공, 원자력 등 오류 없이 수행되어야 하는 임베디드 소프트웨어에 국한되어 있었다. 그러나 인터넷의 발전으로 인터넷을 통한 정보의 교류 및 서비스가 증대하면서 소프트웨어의 보안품질은 개인, 사회, 국가 모두에게 정보보호의 중요성을 더욱 강조하고 있다. 특히 오류 없이 수행되어야 하는 고안전성 소프트웨어의 개발 기법은 이제 응용 소프트웨어의 보안강화 활동에 활용 되고 있다. 시큐어 코딩 (Secure Coding)은 방어적 프로그램(Defensive Programming)을 포함하는 개념으로 소프트웨어의 안전성과 보안성을 향상 시킬 수 있다. 본 논문에서는 C 언어의 취약가능성 유발 명령어를 예를 들고 시큐어 코딩 기법을 적용하여 취약한 코드를 개선하였다. 이러한 개선을 통해 보안 취약성 유발 가능한 코드 부분을 손쉽게 수정하여 소프트웨어 보안품질을 개선할 수 있다.