• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.

• Journal of The Korean Association of Information Education
• /
• v.25 no.2
• /
• pp.317-325
• /
• 2021

In this paper, the degree of reflection of SW·AI elements and CT elements was investigated and analyzed for a total of 44 textbooks of Korean, social, moral, mathematics and science textbooks based on the 2015 revised curriculum. As a result of the analysis, most of the activities of data collection, data analysis, and data presentation, which are ICT elements, were not reflected, and algorithm and programming elements were not reflected among SW·AI content elements, and there were no abstraction, automation, and generalization elements among CT elements. Therefore, in order to effectively implement SW·AI convergence education in elementary school subjects, we will expand ICT utilization activities to SW·AI utilization activities. Training on the understanding of SW·AI convergence education and improvement of teaching and learning methods using SW·AI is needed for teachers. In addition, it is necessary to establish an information curriculum and secure separate class hours for substantial SW·AI education.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.3-12
• /
• 2001

In this course of Internet proliferation, many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies is private networks has further fuelled the demand for network-based applications. The most promising among the new paradigms is the use of mobile agents. The mobile agent is capable of migrating autonomously form node to node in the network, to perform some computations on behalf of the user. The mobile agent paradigm is attractive alternative to traditional client-server programming for a significant class of network-centric applications. It does however, suffer. from a major drawback namely, the potential for malicious attacks, abuse of resources, pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper describes the design of a secure mobile agent gateway 7hat can split and merge the agent code with security policy database on the VPN. This mechanism will promote security in the mobile agent systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.345-351
• /
• 2023

As software development progresses and programs become increasingly complex, the cost of reducing and managing software vulnerabilities has also increased. To address this issue, the Rust programming language, which guarantees Memory Safety, has been suggested as an alternative for more error-prone languages such as traditional C/C++. However, Rust also supports the use of libraries written in C/C++ to enhance compatibility with older languages and avoid redundant development, compromising its original guarantees. For example, memory corruption happened in C/C++ can lead to exploits such as buffer overflow, Use-After-Free and null-pointer dereferecing. To tackle this problem, recent studies have been conducted to secure interactino between Rust and C/C++ by isolation. This paper uncovers areas that have not been fully explored in previous studies, following limitation analysis on each. Finally, this paper suggests the future direction of research on safe interaction between Rust and C/C++.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.18-23
• /
• 2017

The shipyard quay process struggles to control workers and maintain a secure working environment because of the presence of at least 1,000 people. Therefore, safety accidents such as an explosion or a fire are likely to occur. With the recent increase in safety accidents at shipyards, the requirements for safety and process monitoring have been strengthened. Major shipyards are conducting researchto monitor the process in real time and to detect the work environment for safety. In this paper, we propose a safe and accurate evacuation route based on the information of the dangerous area and the user's location based on a mobile application to reduce the casualty accidents in the presence of many personnel in a concentrated area. To do this, we analyze the trend of the fire escape system on the ground building, compare various algorithms for escape route calculation, select appropriate algorithms for this study, and perform programming. A basic experiment was conducted to confirm the results. The proposed method is expected to be used in large ship construction sites, passenger ships and large public facilities to reduce accidents in the case of a safety accident.

• Journal of Korea Water Resources Association
• /
• v.39 no.2 s.163
• /
• pp.161-178
• /
• 2006

Heathcote (1998) identified a systematic, seven-step approach to general watershed planning and management. It consists of 1) understanding watershed components and processes, 2) identifying and ranking problems to be solved, 3) setting clear and specific goals, 4) developing a list of management options, 5) eliminating infeasible options 6) testing the effectiveness of remaining feasible options, and 7) developing the final options. In this study the first five steps of that process were applied to the Anyangcheon watershed in Korea, which experiences streamflow depletion, frequent flood damages, and poor water quality typical of highly urbanized watersheds. This study employed four indices: Potential Flood Damage(PFD), Potential Streamflow Depletion(PSD), Potential Water Quality Deterioration(PWQD) and Watershed Evaluation Index(WEI) to identify and quantify problems within the watershed. WEI is the integration index of the others. Composite programming which is a method of multi-criteria decision making is applied for the calculation of PSD, PWQD and WEI (Step 2). The primary goal of the study is to secure instreamflow in the Anyangcheon during dry seasons. The second management goals of flood damage mitigation and water quality enhancement are also set (Step 3). Management options include not only structural measures that can alter the existing conditions, but also nonstructural measures that rely on changes in human behavior or management practices (Step 4). Certain management options which are not technically, economically, and environmentally feasible, are eliminated (Step S). Therefore, this study addresses a Pre-feasibility study, which established a master plan using Steps 1 through 5.

• The Journal of Korean Philosophical History
• /
• no.25
• /
• pp.7-40
• /
• 2009

The aim of this paper is to establish the theoretical foundation on "the integrative study of the character education for the promotion of social and emotional competencies of children.". Based on the social and emotional learning(SEL), this paper is tried to find out the effective ways to develop children's good character. According to SEL, social and emotional competence is the ability to understand, manage, and express the social and emotional aspects of one's life in ways that enable the successful management of life tasks such as learning, forming relationships, solving everyday problems, and adapting to the complex demands of growth and development. And it is also the process of acquiring and effectively applying the knowledge, attitudes, and skills necessary to recognize and manage emotions. Five key competencies such as self-awareness, social awareness, responsible decision making, self-management, relationship skills are taught, practiced, and reinforced through SEL programming. Both the social and emotional learning movement and the character education share in common the idea that much of human character can be modified for the better through learning. While character educators engage in developing civic virtue and moral character in our youth for more compassionate and responsible society, SEL educators engage in educating for a safe, secure, caring society. To effectively teach social and emotional competencies, the teachers themselves must embrace a teaching and learning philosophy that models the attitudes, feelings, and behaviors we aim to teach.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.32 no.1
• /
• pp.391-413
• /
• 2021

Policy study information is the essential source of information in every step of decision making process to plan, execute and assess the national operation policy. The policy study subject of a national policy research center from study design the performance assessment on its practical effect is managed via thorough process to secure its effectiveness and efficiency. However, the directly exposed information to the practical user or the public who are in need of actual policy study information is the resource published in a form of policy study report, the final result. NKIS operated by the National Research Council for Economics, Humanities and Social Sciences under the Office for Government Policy Coordination, Prime Minister's Secretariat is a public information offering service that conduct integrated management on study reports from cooperative study among institutes along with policy outcome from 27 national policy research centers. This study aims to introduce the current status of operation and information management of NKIS, apprehend the management characteristics of policy study information resources of national policy research center, and deduce remarks that need to be considered for API with external service for the derivation of standardized sharing data element.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.23 no.2
• /
• pp.1-14
• /
• 2024

The most optimal route-search algorithm thus far has introduced a method of applying node labels and link labels. Node labels consider two nodes simultaneously in the optimal route-search process, while link labels consider two links simultaneously. This study proposes a turn-label-based optimal route-search technique that considers two turns simultaneously in the process. Turn-label-based optimal route search guarantees the optimal solution of dynamic programming based on Bellman's principle as it considers a two-turn search process. Turn-label-based optimal route search can accommodate the advantages of applying link labels because the concept of approaching the limit of link labels is applied equally. Therefore, it is possible to reflect rational cyclic traffic where nodes allow multiple visits without expanding the network, while links do not allow visits. In particular, it reflects the additional cost structure that appears in two consecutive turns, making it possible to express the structure of the travel-cost function more flexibly. A case study was conducted on the metropolitan urban railway network consisting of transportation card terminal readers, aiming to examine the scalability of the research by introducing parameters that reflect psychological resistance in travel with continuous pedestrian transfers into turn label optimal path search. Simulation results showed that it is possible to avoid conservative transfers even if the travel time and distance increase as the psychological resistance value for continuous turns increases, confirming the need to reflect the cost structure of turn labels. Nevertheless, further research is needed to secure diversity in the travel-cost functions of road and public-transportation networks.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.3
• /
• pp.192-207
• /
• 2006

Today, the SSL protocol has been used as core part in various computing environments or security systems. But, the SSL protocol has several problems, because of the rigidity on operating. First, SSL protocol brings considerable burden to the CPU utilization so that performance of the security service in encryption transaction is lowered because it encrypts all data which is transferred between a server and a client. Second, SSL protocol can be vulnerable for cryptanalysis due to the key in fixed algorithm being used. Third, it is difficult to add and use another new cryptography algorithms. Finally. it is difficult for developers to learn use cryptography API(Application Program Interface) for the SSL protocol. Hence, we need to cover these problems, and, at the same time, we need the secure and comfortable method to operate the SSL protocol and to handle the efficient data. In this paper, we propose the SSL component which is designed and implemented using CBD(Component Based Development) concept to satisfy these requirements. The SSL component provides not only data encryption services like the SSL protocol but also convenient APIs for the developer unfamiliar with security. Further, the SSL component can improve the productivity and give reduce development cost. Because the SSL component can be reused. Also, in case of that new algorithms are added or algorithms are changed, it Is compatible and easy to interlock. SSL Component works the SSL protocol service in application layer. First of all, we take out the requirements, and then, we design and implement the SSL Component, confidentiality and integrity component, which support the SSL component, dependently. These all mentioned components are implemented by EJB, it can provide the efficient data handling when data is encrypted/decrypted by choosing the data. Also, it improves the usability by choosing data and mechanism as user intend. In conclusion, as we test and evaluate these component, SSL component is more usable and efficient than existing SSL protocol, because the increase rate of processing time for SSL component is lower that SSL protocol's.