• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.229-235
• /
• 2022

The process of correcting, upgrading, and improving software products after they have been handed over to the consumer is known as software maintenance. Offshore software maintenance outsourcing (OSMO) clients benefit from cost savings, time savings, and improved quality software through OSMO. In most circumstances, the OSMO vendor makes a lot of money but not in all the cases. Especially, when the OSMO project offer is not properly assessed. An efficient outsourcing contract might yield successful outcomes for outsourced projects. But before sending a detailed proposal to bid on the OSMO project the vendor must have to assess the client's project (business offer) requirements. The purpose of this study is to find out common trends within the assessment of a OSMO project. A case study approach along with semi-structured interviews from eight companies concluded ten common practices and several roles. Among these practices, four (code structure, requirements, communication barriers and required infrastructure) were consistent amongst the responses .The findings, limitations and future work are discussed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.216-217
• /
• 2024

최근 클라우드 컴퓨팅 인프라 및 소프트웨어의 지속적인 발전으로 인한 복잡성 증가로 인해 신속한 확장성과 유연성에 대한 요구가 증가하고 있다. 이에 클라우드 네이티브 환경과의 호환성뿐만 아니라 개발과 운영의 효율성을 높이고자 코드로 인프라를 정의하여 자동화된 환경을 구축해 주는 코드형 인프라(Infrastructure as Code, IaC) 기술이 주목받고 있으며, AWS CloudFormation 은 대표적인 솔루션 중 하나이다. 그러나 IaC 형태로 배포되는 템플릿에 취약성이 존재할 경우, 인스턴스가 실행되기 전까지 보안 취약점을 미리 발견하기 어려워 DevOps 사이클에서의 보안 이슈를 야기할 수 있다. 이에 본 논문은 CloudFormation 템플릿의 보안 취약성 스캔이 가능하다고 알려진 오픈 소스 도구의 효율성을 평가하기 위한 사례 연구를 수행한다. 분석 결과를 바탕으로, DevSecOps 달성을 위한 IaC 기반 환경에서 취약성 사전 탐지의 필요성과 세분화된 접근 방식을 제시하고자 한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Journal of Korea Multimedia Society
• /
• v.7 no.9
• /
• pp.1282-1293
• /
• 2004

This paper proposes an asymmetric watermarking system using Public Key Infrastructure. The distinguishing characteristic of the proposed method connects between the two different techniques, cryptography technique and watermarking technique, by using the authentication technique. The connection between the two techniques are established based on the special qualities of each technique. Watermarks that are inserted into the digital contents consist of a digital signature described as an encrypted copyright information with the private key of a distributor or a copyright holder, and an authentication code. In the situation where the ownership of the digital contents has to be decided, authentication technique examines the data integrity of the digital contents based on an authentication and decides the ownership of the digital contents by examining whether it satisfies or not satisfies the integrity test. The formal case uses decryption method which compares the user defined copyright information, and the decrypted copyright information extracted from the watermark in the digital contents that are decrypted by distributors' public key The latter case determines the ownership by comparing the similarity between encrypted copyright information separated from the watermark that are extracted from the digital contents, and the user defined encrypted copyright information that are separated from the watermark The proposed method provides protection from the assault which attempts to identify or erase the encoding key.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.185-188
• /
• 2019

In this paper, the towing stability of the LNG bunker barge is estimated. Currently, LNG bunkering barge is being developed as an infrastructure for the bunkering of LNG (Liquefied Natural Gas), an eco-friendly energy source. Since the LNG bunker barge are in the form of towed ship connected to the tow line, the towing stability of the LNG bunker barge is very important for the safety of not only the LNG bunker barge but also the surrounding sailing vessels. The numerical code for towing simulation was developed to estimate the towing stability of the LNG bunker barge at the initial design stage. The MMG(Manoeuvring Mathematical Group) model was applied to the equations of motion and the empirical formula was applied to the maneuvering coefficients so that they could be used in the initial design stage. To validity of the developed numerical code, it was compared with published calculation and model test results. Towing simulations were carried out according to with and without stern skeg of the LNG bunker barge using the developed numerical code. Through the results of the simulations, the appropriateness of the stern skeg area designed was confirmed.

• Smart Structures and Systems
• /
• v.16 no.3
• /
• pp.383-399
• /
• 2015

Today, as railways increase their capacity and speeds, it is more important than ever to be completely aware of the state of vehicles fleet's condition to ensure the highest quality and safety standards, as well as being able to maintain the costs as low as possible. Operation of a modern, dynamic and efficient railway demands a real time, accurate and reliable evaluation of the infrastructure assets, including signal networks and diagnostic systems able to acquire functional parameters. In the conventional system, measurement data are reliably collected using coaxial wires for communication between sensors and the repository. As sensors grow in size, the cost of the monitoring system can grow. Recently, auto-powered wireless sensor has been considered as an alternative tool for economical and accurate realization of structural health monitoring system, being provided by the following essential features: on-board micro-processor, sensing capability, wireless communication, auto-powered battery, and low cost. In this work, an original harvester device is designed to supply wireless sensor system battery using train bogie energy. Piezoelectric materials have in here considered due to their established ability to directly convert applied strain energy into usable electric energy and their relatively simple modelling into an integrated system. The mechanical and electrical properties of the system are studied according to the project specifications. The numerical formulation is implemented with in-house code using commercial software tool and then experimentally validated through a proof of concept setup using an excitation signal by a real application scenario.

• Computers and Concrete
• /
• v.20 no.3
• /
• pp.319-327
• /
• 2017

Studying the structural behavior of prestressed segmented girders is quite important due to the large use this type of solution in viaducts and bridges. Thus, this work presents a nonlinear three-dimensional structural analysis of an externally prestressed segmented concrete girder through the Finite Element Method (FEM), using a customized ANSYS platform, version 14.5. Aiming the minimization of the computational effort by using the lowest number of finite elements, a new viscoelastoplastic material model has been implemented for the structural concrete with the UPF customization tool of ANSYS, adding new subroutines, written in FORTRAN programming language, to the main program. This model takes into consideration the cracking of concrete in its formulation, being based on fib Model Code 2010, which uses Ottosen rupture surface as the rupture criterion. By implementing this new material model, it was possible to use the three-dimensional 20-node quadratic element SOLID186 to model the concrete. Upon validation of the model, an externally prestressed segmented box concrete girder that was originally lab tested by Aparicio et al. (2002) has been computationally simulated. In the discretization of the structure, in addition to element SOLID186 for the concrete, unidimensional element LINK180 has been used to model the prestressing tendons, as well as contact elements CONTA174 and TARGE170 to simulate the dry joints along the segmented girder. Stresses in the concrete and in the prestressing tendons are assessed, as well as joint openings and load versus deflection diagrams. A comparison between numerical and experimental data is also presented, showing a good agreement.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.30 no.2
• /
• pp.69-87
• /
• 2019

As the discussions on sharing research data prevail by the chance of the inauguration of the International Open Data Charter, research support organizations in the United States, the United Kingdom, and Japan are encouraging researchers to deposit their findings in a credible repository. Humanities and social sciences field, in which research data sharing culture and storage infrastructure are immature compared to life science and natural science, also needs to establish and operate a reliable storage infrastructure to guarantee the continuous access and utilization of data. This study analyzed the overall operational status of 305 subject repositories registered in re3data for the humanities and social sciences and clustered them according to the operational level using 5 indicators. As a result, 70% of the population were identified as universal clusters, and 20% of the excellent cluster was found to have the largest number of linguistic fields and the German-operated. In addition, this study confirmed through correspondence analysis that there is a relation between the sub-theme fields of humanities and social sciences and the types of data to be archived. The history and art domians are related to images, and social studies are related to statistical data. Linguistics has also been analyzed to be related to audio, plain text, and code.

• Journal of the Semiconductor & Display Technology
• /
• v.18 no.1
• /
• pp.74-78
• /
• 2019

As software becomes larger and network technology develops, the management of distributed data becomes more popular. Therefore, it is becoming increasingly important to use blockchain technology that can guarantee the integrity of data in various fields by utilizing existing infrastructure. Blockchain is a distributed computing technology that ensures that servers participating in a network maintain and manage data according to specific agreement algorithms and rules to ensure integrity. As smart contracts are applied, not only passwords but also various services to be applied to the code. In order to reinforce existing research on smart contract applied to the blockchain, we proposed a dynamic conditional rule of smart contract that can formalize rules of smart contract by introducing ontology and SWRL and manage rules dynamically in various situations. In the previous research, there is a module that receives the upper rule in the blockchain network, and the rule layer is formed according to this module. However, for every transaction request, it is a lot of resources to check the top rule in a blockchain network, or to provide it to every blockchain network by a reputable organization every time the rule is updated. To solve this problem, we propose to separate the module responsible for the upper rule into an independent server. Since the module responsible for the above rules is separated into servers, the rules underlying the service may be transformed or attacked in the middleware. Therefore, the security mechanism using TLS and PKI is added as an agent in consideration of the security factor. In this way, the benefits of computing resource management and security can be achieved at the same time.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1573-1581
• /
• 2006

To utilize actively the agent which is one of the elements of revitalization of Agro-Foods Mobile I-commerce, an essential prerequisite is agent security. IF using partial PKI(Public Key Infrastructure)-based confirmation mechanism providing security for the agent, the size of agent is becoming larger, the result of the transmission speed is slow, and the confirmation speed is tardy as well because of performing calculation of public keys such as RSA and needing linkage with the CA for the valid examination of certificates. This paper suggests a mechanism that can cross certification and data encryption of each host in the side of improving the problems of key distribution on agent by shaping key chain relationship. This mechanism can guarantee the problem of ky distribution by using agent cipher key(ACK) module and generating random number to fit mobile surroundings and to keep the secret of the agent. Suggested mechanism is a thing that takes into consideration security and efficiency to secure agent for the revitalization of M-Commerce, and is a code skill to make the agent solid and is a safe mechanism minimizing the problems of memory overflow.