• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.13-19
• /
• 2019

In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.53-62
• /
• 2020

In the end-user domain of an IoT environment, there are more and more intelligent M2M devices that provide resources to create and share application services. Therefore, it can be very useful to manage trust by transferring the role of the existing centralized service provider to end users in a P2P environment. However, in a decentralized M2M computing environment where end users independently provide or consume services, mutual trust building is the most important factor. This is because malicious users trying to build malfunctioning services can cause security problems in M2M computing environments such as IoT. In this paper, we provide an integrated analysis and approach for trust evaluation of M2M application services, and an optimized trust evaluation model that can guarantee reliability among users of the M2M community.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.679-691
• /
• 2016

As vehicle started to contain many different communication devices, collecting external information became possible in IoT environment. In such environment, remotely controling vehicle is possible when vehicle information is obtained by looking in to vehicle network through smart device. However, android based smart device applications are vulnerable to malicious modulation and redistribution. Modulated android application can lead to vehicle information disclosure that could bring about vehicle control accident which becomes threat to drivers. furthermore, since vehicles today does not contain security methods to protect it, they are very vulnerable to security threats which can cause serious damage to users and properties. In this paper, many different vehicle management android applications that are sold in Google Play has been analyzed. With this information, possible threats that could happen in vehicle management applications are being analysed to prove the risks. the experiment is done on actual vehicle to prove the risks. Also, access control method to protect the vehicle against malicious actions that could happen through external network in IoT environment is suggested in the paper.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.377-386
• /
• 2003

In this paper, we present an application layer protocol to support secure wireless Internet services, called Application Layer Security(ALS). The drawbacks of the two traditional approaches to secure wireless applications motivated the development of ALS. One is that in the conventional application-specific security protocol such as Secure HyperText Transfer Protocol(S-HTTP), security mechanism is included in the application itself. This gives a disadvantage that the security services are available only to that particular application. The other is that a separate protocol layer is inserted between the application and transport layers, as in the Secure Sockets Layer(SSL)/Transport Layer Security(TLS). In this case, all channel data are encrypted regardless of the specific application's requirements, resulting in much waste of network resources. To overcome these problems, ALS is proposed to be implemented on top of HTTP so that it is independent of the various transport layer protocols, and provides a common security interface with security applications so that it greatly improves the portability of security applications. In addition, since ALS takes advantages of well-known TLS mechanism, it eliminates the danger of malicious attack and provides applications with various security services such as authentication, confidentiality integrity and digital signature, and partial encryption. We conclude this paper with an example of applying ALS to the solution of end-to-end security in a present commercial wireless protocol stack, Wireless Application Protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.6C
• /
• pp.893-900
• /
• 2004

While security traditionally has been an important issue in information systems, the problem of the greatest concern today is related to the availability of information and continuity of services. Since people and organizations now rely on distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are becoming more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.387-396
• /
• 2014

Recently, there have been continuous efforts and progresses regarding the research on diverse network control and management platforms for SDN (Software Defined Networking). SDN is defined as a new technology to enable service providers/network operators easily to control and manage their networks by writing a simple application program. In SDN, incomplete or malicious programmable entities could cause break-down of underlying networks shared by heterogeneous devices and stake-holders. In this sense, any misunderstanding or diverse interpretations should be completely avoided. This paper proposes a new framework for SDN application verification and a prototype based on the formal method, especially with process algebra called pACSR which is an extended version of Algebra of Communicating Shared Resources (ACSR).

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.4
• /
• pp.797-803
• /
• 2012

Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. In this study, hashed AODV routing is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.7
• /
• pp.773-778
• /
• 2014

IDS(Intrusion Detection System) can be used as a countermeasure for blackhole attacks which cause degrade of transmission performance by causing of malicious intrusion to routing function of networks. In this paper, effects of IDS for transmission performance based on mobility patterns is analyzed for MANET(Mobile Ad-hoc Networks), a suggestion for effective countermeasure is considered. Computer simulation based on NS-2 is used in performance analysis, VoIP(Voice over Internet Protocol) as an application service is chosen for performance measure. MOS(Mean Opinion Score), call connection ratio and end-to-end delay is used as performance parameter.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.