• Journal of the Korea Society of Computer and Information
• /
• v.24 no.12
• /
• pp.59-65
• /
• 2019

Hospital Information System includes a wide range of information in the medical profession, from the overall administrative work of the hospital to the medical work of doctors. In this paper, we proposed a Vision-based Authentication and Registration of Facial Identity in Hospital Information System using OpenCV. By using the proposed security module program a Vision-based Authentication and Registration of Facial Identity, the hospital information system was designed to enhance the security through registration of the face in the hospital personnel and to process the receipt, treatment, and prescription process without any secondary leakage of personal information. The implemented security module program eliminates the need for printing, exposing and recognizing the existing sticker paper tags and wristband type personal information that can be checked by the nurse in the hospital information system. In contrast to the original, the security module program is inputted with ID and password instead to improve privacy and recognition rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.919-928
• /
• 2018

Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.59-66
• /
• 2017

Hackers have obfuscated their malware to avoid being analyzed. Recently, obfuscation tools translate original codes into bytecodes to use virtualized-obfuscation, so that bytecodes are executed by virtual machines. In such cases, malware analysts fail to know about the malware before execution of the codes. We found that program slicing is one of promising program analysis techniques to solve this problem. The main concepts of program slice include slicing criteria given by analysts and sliced statements according to the slicing criteria. This paper proposes a deobfuscation method based on program slicing technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.4
• /
• pp.49-60
• /
• 1999

In this paper we introduce the definition and historical overviews of computer virus program and review their side-effect and ways of infections. We describe the feature of CIH virus which damaged lots of PC systems in Asian countries recently and propose new methods how to rescue against destruction under the operating system of the Microsoft's Windows 95/98. Our experiment results can fix hard disk having FAT32 file system structure and show some popular program cases of having recovered by commercial vaccine program.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.169-186
• /
• 2023

The research aimed to identify the effectiveness of an educational program using 3D glasses as a technological innovation on academic achievement and attitude towards elearning in science in the preparatory stage. The research relied on the analytical descriptive approach and the semi-experimental approach. The research tools were the achievement test and the scale of attitude towards e-learning. An educational program was designed and produced using 3D glasses. The study sample consisted of 60 students from the second grade in the preparatory stage at the Rural Jeddah School. The research concluded to the following results: There was a satistically sigificant difference at the level of sig. (0.05) among the -mean scores of the experiemtal and control group students in the post assessment atthe level of achievement in favor of the experiemental group and therewas a satistically sigificant difference at the level of sig. (0.05) among mean scores of the experiemtal and control group students in the post assessment at the level of attitude towards e-learning in favor of the experiemental group. And it was found that the positive effect of the 3D educational program for improving the level of achievement and the attitude towards e-learning for the students. The program allowed the experimental group students to practice self-learning, interaction, and achievement according to the individual differences among them.

• Journal of IKEEE
• /
• v.27 no.1
• /
• pp.93-102
• /
• 2023

As one of the techniques for analyzing malicious code, techniques creating a sequence or a graph of function call relationships in an executable program and then analyzing the result are proposed. Such methods generally study function calling in the executable program code through static analysis and organize function call relationships into a sequence or a graph. However, in the case of an obfuscated executable program, it is difficult to analyze the function call relationship only with static analysis because the structure/content of the executable program file is different from the standard structure/content. In this paper, we propose a dynamic analysis method to analyze the function call relationship of an obfuscated execution program. We suggest constructing a function call relationship as a graph using the proposed technique.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.06a
• /
• pp.166-169
• /
• 2002

In this paper, implements the abstract interpretation of the imperative language While in SMV model-checker and explain how to apply the logic of CTL which example the security of information flow. And show the way to translate the abstract program of While into SMV program and explain the derive process of CTL logic to test the security of the information flow. For the various security test, it is suitable to use the model-checking than to implements the abstract interpretation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1483-1492
• /
• 2016

Ducky USB is one of rarely-known keyboard-emulating BadUSBs. The attacking strategy using Ducky USB is taking and executing the scripted keystroke automatically whenever the USB is inserted into PC. Prior works exhibit some problems such as performance loss and additional device requirement. To solve this problem, this paper devised a countermeasure program to efficiently block the Duck USB in Windows. The experiment proves its effectiveness.

• Proceedings of KOSOMES biannual meeting
• /
• 2006.11a
• /
• pp.37-45
• /
• 2006

On the analysis of safety and security management in the coastal passengerships, the counterplan is proposed in order to copy with new situation including various threats of safety and security. In addition, throughout the questionnaire to the related employees, we develop the program to enhance maritime security awareness and to supplement its vulnerability.