• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.487-490
• /
• 2014

리플렉션은 자바 프로그램을 실행하여 객체 내부의 모든 요소를 조사하거나 호출 혹은 조작할 수 있는 자바 언어의 한 기능이다. 한 클래스 내부의 메소드에 리플렉션을 적용하여 호출하게 되면 String형의 메소드 이름으로 간접 호출하기에 정적 분석 도구의 API 호출 탐지를 방해하게 되어 분석결과의 정확도를 떨어뜨릴 수 있고, 또한 일반적인 호출보다 복잡한 절차를 거치게 되어 소스 자체의 난독화 효과를 갖게 된다. 또한 디컴파일러의 역공학 분석을 어렵게 만드는 장점도 있다. 이 특성을 이용한다면 안드로이드 환경에서 특정 API를 은닉하여 개인정보를 누출하도록 악용하거나 디컴파일러 이용을 방지하는 데 활용될 수 있다. 본 연구에서는 안드로이드 환경에서 직접 설계한 도구와 표본 앱을 이용하여 API 메소드에 리플렉션을 적용하고, 원본 소스와 리플렉션 후 디컴파일된 소스를 비교하여 API 호출이 리플렉션을 통해서 은닉 가능함을 보여준다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.709-719
• /
• 2015

This paper introduces a proper renaming service using variable action and security services against the analysis techniques in Java code. The renaming service that is introduced is separated into API pattern and loop condition. We present our scheme algorithm with known Java obfuscation techniques and tools in order to help readers understanding, and implement prototype to prove practicality in this paper. Test result using prototype shows 73% successful variable renaming rate. Using our scheme, cooperators can intuitionally understand all of code. Also, It helps malware analysts to predict malware action by variable name. But application source code that is developed by Java is exposed to hackers easily using our scheme. So we introduce Java application code protection methods, too.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1160-1172
• /
• 2019

Federated authentication is a user authentication and authorization infrastructure that spans multiple security domains. Many overseas Web applications have been adopting SAML-based federated authentication. However, in Korea, it is difficult to apply the authentication because of the high market share of a specific Web (application) server, which is hard to use open-source SAML software and the high adoption of Java-based standard framework which is not easy to integrate with SAML library. This paper proposes the SAML4J, which is developed in order to have Web applications easily and safely integrated with the Java-based framework. SAML4J has a developer-friendly advantage of using a session storage independent of the framework and processing Web SSO flows through simple API. We evaluate the functionality, performance, and security of the SAML4J to demonstrate the high feasibility of it.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.79-86
• /
• 2016

About 75% of software security incidents are caused by software vulnerability. In addition, the after-market repairing cost of the software is higher by more than 30 times than that in the design stage. In this background, the secure coding has been proposed as one of the ways to solve this kind of maintenance problems. Various institutions have addressed the weakness patterns of the standard software. A new Korean programming language Saesark has been proposed to resolve the security weakness on the language level. However, the previous study on Saesark can not resolve the security weakness caused by the API. This paper proposes a way to resolve the security weakness due to the API. It adopts a static analyzer inspecting dangerous methods. It classifies the dangerous methods of the API into two groups: the methods of using tainted data and those accepting in-flowing tainted data. It analyses the security weakness in four steps: searching for the dangerous methods, configuring a call graph, navigating a path between the method for in-flowing tainted data and that uses tainted data on the call graph, and reporting the security weakness detected. To measure the effectiveness of this method, two experiments have been performed on the new version of Saesark adopting the static analysis. The first experiment is the comparison of it with the previous version of Saesark according to the Java Secure Coding Guide. The second experiment is the comparison of the improved Saesark with FindBugs, a Java program vulnerability analysis tool. According to the result, the improved Saesark is 15% more safe than the previous version of Saesark and the F-measure of it 68%, which shows the improvement of 9% point compared to 59%, that of FindBugs.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2001.11a
• /
• pp.558-562
• /
• 2001

오늘날 월드 와이드 웹(WWW)의 성장과 함께 인터넷 상에서 3차원 세계를 표현해야 할 필요성이 급격히 증가하고 있다. 이러한 요구에 부응하여 VRML97이 개발되었고, 이는 인터넷에서 3차원 그래픽스 데이터의 표준으로 중요한 역할을 해왔다. 그리고 현재 VRML97로 기술된 데이터를 위한 브라우저가 많이 개발되어 왔다. 현재까지는 대부분 OpenGL이나 Direct3D와 같은 API를 주로 사용해왔으나 SUN의 Java3D가 활성화되면서 Java3D 기반의 VRML97 브라우저도 많이 개발되고 있다. 또한 SUN에서는 이미 3D 브라우저를 위한 프로토타입을 개발하여 제공하고 있다. 본 논문에서는 본 연구팀에서 수행하고 있는 서버-클라이언트 모델의 가상현실 시스템의 클라이언트로서의 X3D 브라우저 개발을 위한 기반 연구로서 수행된 Java3D 기반의 VRML97 브라우저의 이벤트 모델에 대하여 기술한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.11-23
• /
• 2011

Recently, Open APIs are getting attention with the advent of Web 2.0. Open APIs are used to combine services and generate new services by Mashup. However, the growing number of available Open APIs raises a challenging issue how to locate the desired APIs. We automatically build ontologies from WSDL, WADL, HTML, and their underlying semantics. The key ingredient of our method is a technique that clusters input/output parameters in the collection of API methods into semantically meaningful concepts, and captures the hierarchical relationships between the terms contained in a parameter. These semantic ontologies allow search engines to support a similarity search for Open APIs based on various protocols such as SOAP, REST, JavaScript, and XML-RPC, and significantly improve the quality of APIs matching by the clustering and hierarchical relationships mechanism.

• Spatial Information Research
• /
• v.22 no.5
• /
• pp.87-98
• /
• 2014

Google Maps have changed the response time of Web-GIS using AJAX technologies. In addition, Google released the Open API named Google Maps API(Application Programming Interface) and it lead to the big paradigm on the Open API, where the SDK(Software Development Kit) and ASP(Application Service Provider) had ruled at the related map market. In short, the Open API has been paradigm-shifting for the web mapping. After this, government, many companies and open source foundations have guided Web-GIS market's growth through releasing the relevant Open APIs. So many comparative analysis on web-mapping API carried out by many researches. However there were no researches that can be applied to our current domestic environments. This paper investigates components of web-mapping API. Then we compare how many components supported and enumerate features for each of those APIs. Finally this paper presents direction of future development of Web Mapping API.

• Journal of Institute of Control, Robotics and Systems
• /
• v.7 no.7
• /
• pp.632-639
• /
• 2001

This paper proposes an improved architecture of web-based monitoring systems for monitor of processes in plants from the soft real-time point of view. The suggested model is designed to be able to guarantee the temporal and spatial consistency and transmit the monitoring data periodically via the intranet and the Internet. The model generates one thread for monitoring management, one DB thread, one common memory, and corresponding monitoring threads to clients. The monitoring thread is executed during the smaller time than the execution time of the process used in the conventional methods such as CGI and servlet method. The Java API for the server API, VRML, EAI(External Authoring Interface) and Java Applets for efficient dimensional WEB monitoring are used. The proposed model is implemented and tested for a FMS plant, Some examples show that the proposed model is useful one.

• Journal of KIISE:Software and Applications
• /
• v.31 no.11
• /
• pp.1551-1559
• /
• 2004

Java, a platform independent object-oriented programming language, is widely used, however it should be integrated with JNI to use system services or to reuse legacy systems. Though JNI provides the standard APIs which allow Java to be combined with C/$C^{++}$, it is very hard and cumbersome for developers to use JNI APIs. In order to address this problem, we introduce a translator named C2JNI, which converts the embedded C program into a JNI compatible C program. With C2JNI, developers can Integrate Java and C programs without JNI APIs, and it will reduce the complexity caused by JNI APIs.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.04a
• /
• pp.145-148
• /
• 2000

인터넷의 빠른 발전과 하드웨어 속도의 향상에 의해 가상현실이 점차 일반 사용자에게도 가깝게 다가서고 있다. 인터넷 가상현실 언어의 표준인 VRML이 XML의 개발과 발전에 의해 차기 버전을 XML의 장점인 용이한 확장성을 수용하는 X3D라 명명하고 표준화를 진행 중이다. VRML의 경우 전송 시 파일 크기의 문제를 안고 있고, X3D로 진보하면서 역시 같은 문제를 해결하기 위하여 보다 효율적인 전송 포맷에 대한 연구가 진행되고 있다. X3D의 효율적 전송을 위한 바이너리 스트림 개발의 일환으로 바이트코드를 제안하고, 강력한 Java 3D API와 플랫폼 독립적인 바이트코드의 장점을 살려 표준화 단계인 X3D를 별도의 브라우저 없이도 Java 애플릿을 이용하여 재생할 수 있도록 하고자 한다. 이를 위한 방법으로 X3D를 Java 3D로 변환하는 번역기가 필요하다. 따라서 본 논문에서는 X3D-Java 3D 번역기의 구조를 설계하고 구현 방법을 제시하고자 한다. XML 파서를 이용하여 X3D를 파싱하고 그의 출력인 AST를 순회하면서 Java 3D 파일을 생성한다. X3D DTD와 Java 3D 클래스의 구조, 계층 관계 정보를 독립된 자료로 작성하여 계속 변하게 될 두 언어의 변화에 유동적으로 대처하면서 소스 코드의 큰 변화 없이 이용할 수 있게 설계하고자 한다.